# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1487859278 0
# Node ID cc01a5bfcf3b6c7110ad8e1947066bada175eef4
# Parent  a9eb4d5566f3610db8de5d7845e887e21279467c
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset

diff -r a9eb4d5566f3 -r cc01a5bfcf3b mod_firewall/scripts/spam-blocking.pfw
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_firewall/scripts/spam-blocking.pfw	Thu Feb 23 14:14:38 2017 +0000
@@ -0,0 +1,54 @@
+#### Anti-spam ruleset
+
+#### General rules for all incoming stanzas ####
+::deliver
+
+# Pass stanzas that a user sends to their own account
+TO SELF?
+PASS.
+
+# Pass stanzas that are addressed to a valid full JID
+TO FULL JID?
+PASS.
+
+# Pass stanzas from contacts
+SUBSCRIBED?
+PASS.
+
+# Run extra rules that apply to messages only
+KIND: message
+JUMP_CHAIN=user/check_spam_message
+
+# Run extra rules that apply to presence stanzas only
+KIND: presence
+JUMP CHAIN=user/check_spam_presence
+
+#### Rules for messages ####
+::user/check_spam_message
+
+# Non-chat message types often generate pop-ups in clients,
+# so we won't accept them from strangers
+NOT TYPE: chat
+JUMP CHAIN=user/reject_spam
+
+# This chain can be used by other scripts
+# and modules that analyze message content
+JUMP CHAIN=user/check_spam_message_content
+
+#### Rules for presence stanzas ####
+::user/check_spam_presence
+
+# We don't want to receive presence from random strangers,
+# but still allow subscription requests
+NOT TYPE: subscribe
+DROP.
+
+# This chain can be used by other scripts
+# and modules to filter subscription requests
+JUMP CHAIN=user/check_subscription_request
+
+#### Stanzas reaching this chain will be rejected ####
+::user/reject_spam
+
+LOG=Rejecting suspected spam: $(stanza:top_tag())
+BOUNCE=policy-violation