Mercurial > prosody-modules
annotate mod_firewall/scripts/spam-blocking.pfw @ 5668:ecfd7aece33b
mod_measure_modules: Report module statuses via OpenMetrics
Someone in the chat asked about a health check endpoint, which reminded
me of mod_http_status, which provides access to module statuses with
full details. After that, this idea came about, which seems natural.
As noted in the README, it could be used to monitor that critical
modules are in fact loaded correctly.
As more modules use the status API, the more useful this module and
mod_http_status becomes.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 06 Oct 2023 18:34:39 +0200 |
| parents | 09311a8a3cfa |
| children |
| rev | line source |
|---|---|
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
1 #### Anti-spam ruleset ########################################### |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
2 # |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
3 # This script provides some foundational anti-spam rules. It aims |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
4 # to PASS stanzas that are definitely not spam, and DROP stanzas |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
5 # that are very likely spam. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
6 # |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
7 # It does not do any form of content filtering, |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
8 # but this can be implemented by other scripts and |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
9 # modules as desired using the chains documented below. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
10 # |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
11 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
12 # The following chains are available as extension |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
13 # points: |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
14 # |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
15 # ::user/spam_check_custom |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
16 # Apply additional rules to all stanzas before they are checked. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
17 # Mainly useful to PASS stanzas that you do not want to be |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
18 # filtered. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
19 # |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
20 # ::user/spam_check_message_custom |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
21 # Apply additional rules to messages from strangers, aiming to |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
22 # PASS stanzas that are not spam and jump to ::user/spam_reject |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
23 # for stanzas that are considered spam. |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
24 # |
|
4148
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
25 # ::user/spam_check_message_content_custom |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
26 # Apply additional rules to messages that may be spam, based on |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
27 # message content rules. These may contain more intensive rules, |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
28 # so are executed after all other checks. Rules should jump to |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
29 # ::user/spam_reject if a message is considered spam. |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
30 # |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
31 # ::user/spam_check_presence_custom |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
32 # Apply additional rules to presence that may be spam. |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
33 # |
|
4149
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4148
diff
changeset
|
34 # ::user/spam_check_subscription_request_custom |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
35 # Apply additional rules to subscription requests. |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
36 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
37 # ::user/spam_handle_unknown_custom |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
38 # Override default handling of stanzas that weren't explicitly |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
39 # passed or rejected by the anti-spam checks. |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
40 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
41 # ::user/spam_reject_custom |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
42 # Override default handling of stanzas that have |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
43 # been recognised as spam (default is to bounce |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
44 # a policy-violation error). |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
45 # |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
46 ################################################################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
48 #### Entry point for all incoming stanzas ######################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 ::deliver |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
51 # Override this if you want to prevent certain stanzas going through |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
52 # the normal spam_check chain |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
53 JUMP_CHAIN=user/spam_check_custom |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
54 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
55 # Run the default spam_check chain |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
56 JUMP_CHAIN=user/spam_check |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
57 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
58 ################################################################## |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
59 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
60 #### General spam-checking rules (all stanzas) ################### |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
61 ::user/spam_check |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
62 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 # Pass stanzas that a user sends to their own account |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 TO SELF? |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 PASS. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 # Pass stanzas that are addressed to a valid full JID |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 TO FULL JID? |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 PASS. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 # Pass stanzas from contacts |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 SUBSCRIBED? |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 PASS. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 # Run extra rules that apply to messages only |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 KIND: message |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
77 JUMP CHAIN=user/spam_check_message |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 # Run extra rules that apply to presence stanzas only |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 KIND: presence |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
81 JUMP CHAIN=user/spam_check_presence |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
82 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
83 JUMP CHAIN=user/spam_handle_unknown |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
85 # Default is to allow, override this with |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
86 # the 'user/spam_handle_unknown' chain |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
87 PASS. |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
88 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
89 #### Rules for messages ########################################## |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
90 ::user/spam_check_message |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
92 JUMP CHAIN=user/spam_check_message_custom |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
93 |
|
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
94 # Type 'groupchat' messages addressed to an offline full JID are harmless, |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
95 # and should be routed normally to handle MUC 'ghosts' correctly |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
96 TO: <*>@<*>/<*> |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
97 TYPE: groupchat |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
98 PASS. |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
99 |
|
5531
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
100 # Mediated MUC invitations are naturally from 'strangers' and have special |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
101 # handling. We lean towards accepting them, unless overridden by custom rules. |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
102 NOT FROM FULL JID? |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
103 INSPECT: {http://jabber.org/protocol/muc#user}x/invite |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
104 JUMP CHAIN=user/spam_check_muc_invite |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
105 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 # Non-chat message types often generate pop-ups in clients, |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 # so we won't accept them from strangers |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 NOT TYPE: chat |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
109 JUMP CHAIN=user/spam_reject |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 |
|
4148
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
111 JUMP CHAIN=user/spam_check_message_content |
|
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
112 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 # This chain can be used by other scripts |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 # and modules that analyze message content |
|
4148
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
115 JUMP CHAIN=user/spam_check_message_content_custom |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
116 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
117 ################################################################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
119 #### Rules for presence stanzas ################################## |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
120 ::user/spam_check_presence |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
122 JUMP CHAIN=user/spam_check_presence_custom |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
123 |
|
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
124 # Presence to offline full JIDs is harmless, and should be routed |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
125 # normally to handle MUC 'ghosts' correctly |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
126 TO: <*>@<*>/<*> |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
127 PASS. |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
128 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
129 # These may be received if rosters get out of sync and are harmless |
|
2557
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
130 # because they will not be routed to the client unless necessary |
|
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
131 TYPE: unsubscribe|unsubscribed |
|
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
132 PASS. |
|
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
133 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 # We don't want to receive presence from random strangers, |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 # but still allow subscription requests |
|
4128
879955a32a37
mod_firewall: spam-blocking.pfw: allow subscription acks through
Matthew Wild <mwild1@gmail.com>
parents:
2605
diff
changeset
|
136 NOT TYPE: subscribe|subscribed |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 DROP. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 # This chain can be used by other scripts |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 # and modules to filter subscription requests |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
141 JUMP CHAIN=user/spam_check_subscription_request |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
142 |
|
4149
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4148
diff
changeset
|
143 JUMP CHAIN=user/spam_check_subscription_request_custom |
|
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4148
diff
changeset
|
144 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
145 ################################################################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
|
5531
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
147 #### Rules for MUC invitations ################################### |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
148 |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
149 ::user/spam_check_muc_invite |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
150 |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
151 # This chain can be used to inspect the invitation and determine |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
152 # the appropriate action. Otherwise, we proceed with the default |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
153 # action below. |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
154 JUMP CHAIN=user/spam_check_muc_invite_custom |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
155 |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
156 # Allow mediated MUC invitations by default |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
157 PASS. |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
158 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
159 #### Stanzas reaching this chain will be rejected ################ |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
160 ::user/spam_reject |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
161 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
162 # This chain can be used by other scripts |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
163 # and modules to override the default behaviour |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
164 # when rejecting spam stanzas |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
165 JUMP CHAIN=user/spam_reject_custom |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 LOG=Rejecting suspected spam: $(stanza:top_tag()) |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 BOUNCE=policy-violation |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
169 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
170 ################################################################## |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
171 |
|
5531
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4149
diff
changeset
|
172 #### Stanzas that may be spam, but we're not sure either way ##### |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
173 ::user/spam_handle_unknown |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
174 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
175 # This chain can be used by other scripts |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
176 # and modules to apply additional checks, or to |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
177 # override the default behaviour |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
178 JUMP CHAIN=user/spam_handle_unknown_custom |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
179 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
180 #LOG=[debug] Spam check allowing: $(stanza:top_tag()) |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
181 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
182 ################################################################## |