author | Matthew Wild <mwild1@gmail.com> |
Thu, 23 Feb 2017 14:26:19 +0000 | |
changeset 2561 | 56db2ab3b853 |
parent 2560 | cc01a5bfcf3b |
child 2569 | fc53165d8afe |
permissions | -rw-r--r-- |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
#### Anti-spam ruleset |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
#### General rules for all incoming stanzas #### |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
::deliver |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
# Pass stanzas that a user sends to their own account |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
TO SELF? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
# Pass stanzas that are addressed to a valid full JID |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
TO FULL JID? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
# Pass stanzas from contacts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
SUBSCRIBED? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
# Run extra rules that apply to messages only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
KIND: message |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
JUMP_CHAIN=user/check_spam_message |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
# Run extra rules that apply to presence stanzas only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
KIND: presence |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
JUMP CHAIN=user/check_spam_presence |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
#### Rules for messages #### |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
::user/check_spam_message |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
# Non-chat message types often generate pop-ups in clients, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
# so we won't accept them from strangers |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 |
NOT TYPE: chat |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
JUMP CHAIN=user/reject_spam |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
# This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
# and modules that analyze message content |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
JUMP CHAIN=user/check_spam_message_content |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
#### Rules for presence stanzas #### |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
::user/check_spam_presence |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
|
2561
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
41 |
# These may be received if rosters get out of sync, and are harmless |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
42 |
# because they will not be routed to the client unless necessary |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
43 |
TYPE: unsubscribe|unsubscribed |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
44 |
PASS. |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
45 |
|
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
# We don't want to receive presence from random strangers, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
# but still allow subscription requests |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 |
NOT TYPE: subscribe |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
DROP. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 |
# This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
# and modules to filter subscription requests |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
JUMP CHAIN=user/check_subscription_request |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
#### Stanzas reaching this chain will be rejected #### |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
::user/reject_spam |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 |
LOG=Rejecting suspected spam: $(stanza:top_tag()) |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 |
BOUNCE=policy-violation |