annotate mod_firewall/scripts/spam-blocking.pfw @ 5401:c8d04ac200fc

mod_http_oauth2: Reject loopback URIs as client_uri This really should be a proper website with info, https://localhost is not good enough. Ideally we'd validate that it's got proper DNS and is actually reachable, but triggering HTTP or even DNS lookups seems like it would carry abuse potential that would best to avoid.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:20:55 +0200
parents bb60db2b2cd1
children af2778f4ee29
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
1 #### Anti-spam ruleset ###########################################
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
2 #
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
3 # This script provides some foundational anti-spam rules. It aims
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
4 # to PASS stanzas that are definitely not spam, and DROP stanzas
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
5 # that are very likely spam.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
6 #
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
7 # It does not do any form of content filtering,
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
8 # but this can be implemented by other scripts and
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
9 # modules as desired using the chains documented below.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
10 #
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
11 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
12 # The following chains are available as extension
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
13 # points:
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
14 #
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
15 # ::user/spam_check_custom
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
16 # Apply additional rules to all stanzas before they are checked.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
17 # Mainly useful to PASS stanzas that you do not want to be
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
18 # filtered.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
19 #
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
20 # ::user/spam_check_message_custom
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
21 # Apply additional rules to messages from strangers, aiming to
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
22 # PASS stanzas that are not spam and jump to ::user/spam_reject
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
23 # for stanzas that are considered spam.
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
24 #
4148
34a2e8796cff mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4128
diff changeset
25 # ::user/spam_check_message_content_custom
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
26 # Apply additional rules to messages that may be spam, based on
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
27 # message content rules. These may contain more intensive rules,
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
28 # so are executed after all other checks. Rules should jump to
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
29 # ::user/spam_reject if a message is considered spam.
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
30 #
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
31 # ::user/spam_check_presence_custom
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
32 # Apply additional rules to presence that may be spam.
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
33 #
4149
bb60db2b2cd1 mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4148
diff changeset
34 # ::user/spam_check_subscription_request_custom
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
35 # Apply additional rules to subscription requests.
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
36 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
37 # ::user/spam_handle_unknown_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
38 # Override default handling of stanzas that weren't explicitly
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
39 # passed or rejected by the anti-spam checks.
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
40 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
41 # ::user/spam_reject_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
42 # Override default handling of stanzas that have
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
43 # been recognised as spam (default is to bounce
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
44 # a policy-violation error).
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
45 #
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
46 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
48 #### Entry point for all incoming stanzas ########################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 ::deliver
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
51 # Override this if you want to prevent certain stanzas going through
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
52 # the normal spam_check chain
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
53 JUMP_CHAIN=user/spam_check_custom
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
54
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
55 # Run the default spam_check chain
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
56 JUMP_CHAIN=user/spam_check
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
57
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
58 ##################################################################
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
59
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
60 #### General spam-checking rules (all stanzas) ###################
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
61 ::user/spam_check
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
62
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 # Pass stanzas that a user sends to their own account
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 TO SELF?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 # Pass stanzas that are addressed to a valid full JID
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 TO FULL JID?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 # Pass stanzas from contacts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 SUBSCRIBED?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 # Run extra rules that apply to messages only
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 KIND: message
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
77 JUMP CHAIN=user/spam_check_message
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 # Run extra rules that apply to presence stanzas only
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 KIND: presence
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
81 JUMP CHAIN=user/spam_check_presence
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
82
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
83 JUMP CHAIN=user/spam_handle_unknown
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
85 # Default is to allow, override this with
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
86 # the 'user/spam_handle_unknown' chain
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
87 PASS.
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
88
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
89 #### Rules for messages ##########################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
90 ::user/spam_check_message
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
92 JUMP CHAIN=user/spam_check_message_custom
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
93
2605
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
94 # Type 'groupchat' messages addressed to an offline full JID are harmless,
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
95 # and should be routed normally to handle MUC 'ghosts' correctly
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
96 TO: <*>@<*>/<*>
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
97 TYPE: groupchat
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
98 PASS.
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
99
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 # Non-chat message types often generate pop-ups in clients,
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 # so we won't accept them from strangers
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 NOT TYPE: chat
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
103 JUMP CHAIN=user/spam_reject
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104
4148
34a2e8796cff mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4128
diff changeset
105 JUMP CHAIN=user/spam_check_message_content
34a2e8796cff mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4128
diff changeset
106
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 # This chain can be used by other scripts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 # and modules that analyze message content
4148
34a2e8796cff mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4128
diff changeset
109 JUMP CHAIN=user/spam_check_message_content_custom
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
110
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
111 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
113 #### Rules for presence stanzas ##################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
114 ::user/spam_check_presence
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
116 JUMP CHAIN=user/spam_check_presence_custom
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
117
2605
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
118 # Presence to offline full JIDs is harmless, and should be routed
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
119 # normally to handle MUC 'ghosts' correctly
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
120 TO: <*>@<*>/<*>
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
121 PASS.
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
122
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
123 # These may be received if rosters get out of sync and are harmless
2557
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
124 # because they will not be routed to the client unless necessary
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
125 TYPE: unsubscribe|unsubscribed
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
126 PASS.
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
127
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 # We don't want to receive presence from random strangers,
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 # but still allow subscription requests
4128
879955a32a37 mod_firewall: spam-blocking.pfw: allow subscription acks through
Matthew Wild <mwild1@gmail.com>
parents: 2605
diff changeset
130 NOT TYPE: subscribe|subscribed
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 DROP.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
133 # This chain can be used by other scripts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134 # and modules to filter subscription requests
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
135 JUMP CHAIN=user/spam_check_subscription_request
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
136
4149
bb60db2b2cd1 mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4148
diff changeset
137 JUMP CHAIN=user/spam_check_subscription_request_custom
bb60db2b2cd1 mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents: 4148
diff changeset
138
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
139 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
141 #### Stanzas reaching this chain will be rejected ################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
142 ::user/spam_reject
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
143
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
144 # This chain can be used by other scripts
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
145 # and modules to override the default behaviour
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
146 # when rejecting spam stanzas
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
147 JUMP CHAIN=user/spam_reject_custom
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
148
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149 LOG=Rejecting suspected spam: $(stanza:top_tag())
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 BOUNCE=policy-violation
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
151
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
152 ##################################################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
153
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
154 #### Stanzas that may be spam, but we're not sure either way######
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
155 ::user/spam_handle_unknown
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
156
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
157 # This chain can be used by other scripts
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
158 # and modules to apply additional checks, or to
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
159 # override the default behaviour
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
160 JUMP CHAIN=user/spam_handle_unknown_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
161
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
162 #LOG=[debug] Spam check allowing: $(stanza:top_tag())
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
163
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
164 ##################################################################