mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.

# Strip XHTML-IM from messages received from strangers

::user/spam_check_message_custom

STRIP=html http://jabber.org/protocol/xhtml-im