author | Martin Dosch <martin@mdosch.de> |
Tue, 26 Mar 2024 22:15:41 +0100 | |
changeset 5879 | 61bee1be6db3 |
parent 5537 | 09311a8a3cfa |
permissions | -rw-r--r-- |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
1 |
#### Anti-spam ruleset ########################################### |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
2 |
# |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
3 |
# This script provides some foundational anti-spam rules. It aims |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
4 |
# to PASS stanzas that are definitely not spam, and DROP stanzas |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
5 |
# that are very likely spam. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
6 |
# |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
7 |
# It does not do any form of content filtering, |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
8 |
# but this can be implemented by other scripts and |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
9 |
# modules as desired using the chains documented below. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
10 |
# |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
11 |
# |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
12 |
# The following chains are available as extension |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
13 |
# points: |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
14 |
# |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
15 |
# ::user/spam_check_custom |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
16 |
# Apply additional rules to all stanzas before they are checked. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
17 |
# Mainly useful to PASS stanzas that you do not want to be |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
18 |
# filtered. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
19 |
# |
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
20 |
# ::user/spam_check_message_custom |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
21 |
# Apply additional rules to messages from strangers, aiming to |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
22 |
# PASS stanzas that are not spam and jump to ::user/spam_reject |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
23 |
# for stanzas that are considered spam. |
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
24 |
# |
4152
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4132
diff
changeset
|
25 |
# ::user/spam_check_message_content_custom |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
26 |
# Apply additional rules to messages that may be spam, based on |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
27 |
# message content rules. These may contain more intensive rules, |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
28 |
# so are executed after all other checks. Rules should jump to |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
29 |
# ::user/spam_reject if a message is considered spam. |
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
30 |
# |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
31 |
# ::user/spam_check_presence_custom |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
32 |
# Apply additional rules to presence that may be spam. |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
33 |
# |
4153
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4152
diff
changeset
|
34 |
# ::user/spam_check_subscription_request_custom |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
35 |
# Apply additional rules to subscription requests. |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
36 |
# |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
37 |
# ::user/spam_handle_unknown_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
38 |
# Override default handling of stanzas that weren't explicitly |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
39 |
# passed or rejected by the anti-spam checks. |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
40 |
# |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
41 |
# ::user/spam_reject_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
42 |
# Override default handling of stanzas that have |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
43 |
# been recognised as spam (default is to bounce |
2575
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
44 |
# a policy-violation error). |
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
45 |
# |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
46 |
################################################################## |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
|
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
48 |
#### Entry point for all incoming stanzas ######################## |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
::deliver |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
|
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
51 |
# Override this if you want to prevent certain stanzas going through |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
52 |
# the normal spam_check chain |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
53 |
JUMP_CHAIN=user/spam_check_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
54 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
55 |
# Run the default spam_check chain |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
56 |
JUMP_CHAIN=user/spam_check |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
57 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
58 |
################################################################## |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
59 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
60 |
#### General spam-checking rules (all stanzas) ################### |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
61 |
::user/spam_check |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
62 |
|
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
# Pass stanzas that a user sends to their own account |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
TO SELF? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 |
PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 |
# Pass stanzas that are addressed to a valid full JID |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 |
TO FULL JID? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 |
PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 |
# Pass stanzas from contacts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
SUBSCRIBED? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 |
PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 |
# Run extra rules that apply to messages only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 |
KIND: message |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
77 |
JUMP CHAIN=user/spam_check_message |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 |
# Run extra rules that apply to presence stanzas only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 |
KIND: presence |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
81 |
JUMP CHAIN=user/spam_check_presence |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
82 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
83 |
JUMP CHAIN=user/spam_handle_unknown |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
|
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
85 |
# Default is to allow, override this with |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
86 |
# the 'user/spam_handle_unknown' chain |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
87 |
PASS. |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
88 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
89 |
#### Rules for messages ########################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
90 |
::user/spam_check_message |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
|
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
92 |
JUMP CHAIN=user/spam_check_message_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
93 |
|
2609
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
94 |
# Type 'groupchat' messages addressed to an offline full JID are harmless, |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
95 |
# and should be routed normally to handle MUC 'ghosts' correctly |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
96 |
TO: <*>@<*>/<*> |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
97 |
TYPE: groupchat |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
98 |
PASS. |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
99 |
|
5535
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
100 |
# Mediated MUC invitations are naturally from 'strangers' and have special |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
101 |
# handling. We lean towards accepting them, unless overridden by custom rules. |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
102 |
NOT FROM FULL JID? |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
103 |
INSPECT: {http://jabber.org/protocol/muc#user}x/invite |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
104 |
JUMP CHAIN=user/spam_check_muc_invite |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
105 |
|
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 |
# Non-chat message types often generate pop-ups in clients, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 |
# so we won't accept them from strangers |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 |
NOT TYPE: chat |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
109 |
JUMP CHAIN=user/spam_reject |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 |
|
4152
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4132
diff
changeset
|
111 |
JUMP CHAIN=user/spam_check_message_content |
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4132
diff
changeset
|
112 |
|
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 |
# This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 |
# and modules that analyze message content |
4152
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4132
diff
changeset
|
115 |
JUMP CHAIN=user/spam_check_message_content_custom |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
116 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
117 |
################################################################## |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 |
|
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
119 |
#### Rules for presence stanzas ################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
120 |
::user/spam_check_presence |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 |
|
2571
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
122 |
JUMP CHAIN=user/spam_check_presence_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2570
diff
changeset
|
123 |
|
2609
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
124 |
# Presence to offline full JIDs is harmless, and should be routed |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
125 |
# normally to handle MUC 'ghosts' correctly |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
126 |
TO: <*>@<*>/<*> |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
127 |
PASS. |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
128 |
|
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
129 |
# These may be received if rosters get out of sync and are harmless |
2561
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
130 |
# because they will not be routed to the client unless necessary |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
131 |
TYPE: unsubscribe|unsubscribed |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
132 |
PASS. |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
133 |
|
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 |
# We don't want to receive presence from random strangers, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 |
# but still allow subscription requests |
4132
879955a32a37
mod_firewall: spam-blocking.pfw: allow subscription acks through
Matthew Wild <mwild1@gmail.com>
parents:
2609
diff
changeset
|
136 |
NOT TYPE: subscribe|subscribed |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 |
DROP. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 |
# This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 |
# and modules to filter subscription requests |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
141 |
JUMP CHAIN=user/spam_check_subscription_request |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
142 |
|
4153
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4152
diff
changeset
|
143 |
JUMP CHAIN=user/spam_check_subscription_request_custom |
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4152
diff
changeset
|
144 |
|
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
145 |
################################################################## |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
|
5535
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
147 |
#### Rules for MUC invitations ################################### |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
148 |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
149 |
::user/spam_check_muc_invite |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
150 |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
151 |
# This chain can be used to inspect the invitation and determine |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
152 |
# the appropriate action. Otherwise, we proceed with the default |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
153 |
# action below. |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
154 |
JUMP CHAIN=user/spam_check_muc_invite_custom |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
155 |
|
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
156 |
# Allow mediated MUC invitations by default |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
157 |
PASS. |
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
158 |
|
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
159 |
#### Stanzas reaching this chain will be rejected ################ |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
160 |
::user/spam_reject |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
161 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
162 |
# This chain can be used by other scripts |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
163 |
# and modules to override the default behaviour |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
164 |
# when rejecting spam stanzas |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
165 |
JUMP CHAIN=user/spam_reject_custom |
2560
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 |
LOG=Rejecting suspected spam: $(stanza:top_tag()) |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 |
BOUNCE=policy-violation |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
169 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
170 |
################################################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
171 |
|
5535
af2778f4ee29
mod_firewall: scripts: spam-blocking.pfw: Add special handling for MUC invites
Matthew Wild <mwild1@gmail.com>
parents:
4153
diff
changeset
|
172 |
#### Stanzas that may be spam, but we're not sure either way ##### |
2569
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
173 |
::user/spam_handle_unknown |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
174 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
175 |
# This chain can be used by other scripts |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
176 |
# and modules to apply additional checks, or to |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
177 |
# override the default behaviour |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
178 |
JUMP CHAIN=user/spam_handle_unknown_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
179 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
180 |
#LOG=[debug] Spam check allowing: $(stanza:top_tag()) |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
181 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2561
diff
changeset
|
182 |
################################################################## |