Mercurial > prosody-modules
comparison mod_firewall/scripts/spam-blocking.pfw @ 2565:fc53165d8afe
spam-blocking.pfw: Much improvement
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 24 Feb 2017 12:13:17 +0000 |
| parents | 56db2ab3b853 |
| children | ed4815bb8fe2 |
comparison
equal
deleted
inserted
replaced
| 2564:240985f7d1f7 | 2565:fc53165d8afe |
|---|---|
| 1 #### Anti-spam ruleset | 1 #### Anti-spam ruleset ########################################### |
| 2 # This script provides some foundational anti-spam | |
| 3 # rules. It does not do any form of content filtering, | |
| 4 # but this can be implemented by other scripts and | |
| 5 # modules as desired. | |
| 6 # | |
| 7 # The following chains are available as extension | |
| 8 # points: | |
| 9 # | |
| 10 # ::user/spam_check_message_content | |
| 11 # Apply additional checks to messages that may be spam | |
| 12 # | |
| 13 # ::user/spam_check_subscription_request | |
| 14 # Apply additional checks to subscription requests | |
| 15 # | |
| 16 # ::user/spam_handle_unknown_custom | |
| 17 # Override default handling of stanzas that weren't explicitly | |
| 18 # passed or rejected by the anti-spam checks | |
| 19 # | |
| 20 # ::user/spam_reject_custom | |
| 21 # Override default handling of stanzas that have | |
| 22 # been recognised as spam (default is to bounce | |
| 23 # a policy-violation error) | |
| 24 ################################################################## | |
| 2 | 25 |
| 3 #### General rules for all incoming stanzas #### | 26 #### General rules for all incoming stanzas ###################### |
| 4 ::deliver | 27 ::deliver |
| 28 | |
| 29 LOG=Considering $(stanza:top_tag()) | |
| 5 | 30 |
| 6 # Pass stanzas that a user sends to their own account | 31 # Pass stanzas that a user sends to their own account |
| 7 TO SELF? | 32 TO SELF? |
| 8 PASS. | 33 PASS. |
| 9 | 34 |
| 15 SUBSCRIBED? | 40 SUBSCRIBED? |
| 16 PASS. | 41 PASS. |
| 17 | 42 |
| 18 # Run extra rules that apply to messages only | 43 # Run extra rules that apply to messages only |
| 19 KIND: message | 44 KIND: message |
| 20 JUMP_CHAIN=user/check_spam_message | 45 JUMP CHAIN=user/spam_check_message |
| 21 | 46 |
| 22 # Run extra rules that apply to presence stanzas only | 47 # Run extra rules that apply to presence stanzas only |
| 23 KIND: presence | 48 KIND: presence |
| 24 JUMP CHAIN=user/check_spam_presence | 49 JUMP CHAIN=user/spam_check_presence |
| 25 | 50 |
| 26 #### Rules for messages #### | 51 JUMP CHAIN=user/spam_handle_unknown |
| 27 ::user/check_spam_message | 52 |
| 53 # Default is to allow, override this with | |
| 54 # the 'user/spam_handle_unknown' chain | |
| 55 PASS. | |
| 56 | |
| 57 #### Rules for messages ########################################## | |
| 58 ::user/spam_check_message | |
| 28 | 59 |
| 29 # Non-chat message types often generate pop-ups in clients, | 60 # Non-chat message types often generate pop-ups in clients, |
| 30 # so we won't accept them from strangers | 61 # so we won't accept them from strangers |
| 31 NOT TYPE: chat | 62 NOT TYPE: chat |
| 32 JUMP CHAIN=user/reject_spam | 63 JUMP CHAIN=user/spam_reject |
| 33 | 64 |
| 34 # This chain can be used by other scripts | 65 # This chain can be used by other scripts |
| 35 # and modules that analyze message content | 66 # and modules that analyze message content |
| 36 JUMP CHAIN=user/check_spam_message_content | 67 JUMP CHAIN=user/spam_check_message_content |
| 37 | 68 |
| 38 #### Rules for presence stanzas #### | 69 ################################################################## |
| 39 ::user/check_spam_presence | |
| 40 | 70 |
| 41 # These may be received if rosters get out of sync, and are harmless | 71 #### Rules for presence stanzas ################################## |
| 72 ::user/spam_check_presence | |
| 73 | |
| 74 # These may be received if rosters get out of sync and are harmless | |
| 42 # because they will not be routed to the client unless necessary | 75 # because they will not be routed to the client unless necessary |
| 43 TYPE: unsubscribe|unsubscribed | 76 TYPE: unsubscribe|unsubscribed |
| 44 PASS. | 77 PASS. |
| 45 | 78 |
| 46 # We don't want to receive presence from random strangers, | 79 # We don't want to receive presence from random strangers, |
| 48 NOT TYPE: subscribe | 81 NOT TYPE: subscribe |
| 49 DROP. | 82 DROP. |
| 50 | 83 |
| 51 # This chain can be used by other scripts | 84 # This chain can be used by other scripts |
| 52 # and modules to filter subscription requests | 85 # and modules to filter subscription requests |
| 53 JUMP CHAIN=user/check_subscription_request | 86 JUMP CHAIN=user/spam_check_subscription_request |
| 54 | 87 |
| 55 #### Stanzas reaching this chain will be rejected #### | 88 ################################################################## |
| 56 ::user/reject_spam | 89 |
| 90 #### Stanzas reaching this chain will be rejected ################ | |
| 91 ::user/spam_reject | |
| 92 | |
| 93 # This chain can be used by other scripts | |
| 94 # and modules to override the default behaviour | |
| 95 # when rejecting spam stanzas | |
| 96 JUMP CHAIN=user/spam_reject_custom | |
| 57 | 97 |
| 58 LOG=Rejecting suspected spam: $(stanza:top_tag()) | 98 LOG=Rejecting suspected spam: $(stanza:top_tag()) |
| 59 BOUNCE=policy-violation | 99 BOUNCE=policy-violation |
| 100 | |
| 101 ################################################################## | |
| 102 | |
| 103 #### Stanzas that may be spam, but we're not sure either way###### | |
| 104 ::user/spam_handle_unknown | |
| 105 | |
| 106 # This chain can be used by other scripts | |
| 107 # and modules to apply additional checks, or to | |
| 108 # override the default behaviour | |
| 109 JUMP CHAIN=user/spam_handle_unknown_custom | |
| 110 | |
| 111 #LOG=[debug] Spam check allowing: $(stanza:top_tag()) | |
| 112 | |
| 113 ################################################################## |