Annotate

mod_firewall/scripts/spam-blocking.pfw @ 2565:fc53165d8afe

spam-blocking.pfw: Much improvement
author Matthew Wild <mwild1@gmail.com>
date Fri, 24 Feb 2017 12:13:17 +0000
parent 2557:56db2ab3b853
child 2566:ed4815bb8fe2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
1 #### Anti-spam ruleset ###########################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
2 # This script provides some foundational anti-spam
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
3 # rules. It does not do any form of content filtering,
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
4 # but this can be implemented by other scripts and
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
5 # modules as desired.
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
6 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
7 # The following chains are available as extension
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
8 # points:
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
9 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
10 # ::user/spam_check_message_content
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
11 # Apply additional checks to messages that may be spam
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
12 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
13 # ::user/spam_check_subscription_request
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
14 # Apply additional checks to subscription requests
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
15 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
16 # ::user/spam_handle_unknown_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
17 # Override default handling of stanzas that weren't explicitly
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
18 # passed or rejected by the anti-spam checks
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
19 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
20 # ::user/spam_reject_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
21 # Override default handling of stanzas that have
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
22 # been recognised as spam (default is to bounce
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
23 # a policy-violation error)
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
24 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
26 #### General rules for all incoming stanzas ######################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 ::deliver
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
29 LOG=Considering $(stanza:top_tag())
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
30
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 # Pass stanzas that a user sends to their own account
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 TO SELF?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 # Pass stanzas that are addressed to a valid full JID
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 TO FULL JID?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 # Pass stanzas from contacts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 SUBSCRIBED?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 # Run extra rules that apply to messages only
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 KIND: message
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
45 JUMP CHAIN=user/spam_check_message
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 # Run extra rules that apply to presence stanzas only
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 KIND: presence
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
49 JUMP CHAIN=user/spam_check_presence
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
50
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
51 JUMP CHAIN=user/spam_handle_unknown
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
53 # Default is to allow, override this with
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
54 # the 'user/spam_handle_unknown' chain
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
55 PASS.
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
56
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
57 #### Rules for messages ##########################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
58 ::user/spam_check_message
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 # Non-chat message types often generate pop-ups in clients,
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 # so we won't accept them from strangers
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 NOT TYPE: chat
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
63 JUMP CHAIN=user/spam_reject
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 # This chain can be used by other scripts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 # and modules that analyze message content
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
67 JUMP CHAIN=user/spam_check_message_content
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
68
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
69 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
71 #### Rules for presence stanzas ##################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
72 ::user/spam_check_presence
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
74 # These may be received if rosters get out of sync and are harmless
2557
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
75 # because they will not be routed to the client unless necessary
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
76 TYPE: unsubscribe|unsubscribed
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
77 PASS.
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
78
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 # We don't want to receive presence from random strangers,
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 # but still allow subscription requests
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 NOT TYPE: subscribe
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 DROP.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 # This chain can be used by other scripts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 # and modules to filter subscription requests
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
86 JUMP CHAIN=user/spam_check_subscription_request
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
87
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
88 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
90 #### Stanzas reaching this chain will be rejected ################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
91 ::user/spam_reject
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
92
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
93 # This chain can be used by other scripts
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
94 # and modules to override the default behaviour
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
95 # when rejecting spam stanzas
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
96 JUMP CHAIN=user/spam_reject_custom
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 LOG=Rejecting suspected spam: $(stanza:top_tag())
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 BOUNCE=policy-violation
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
100
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
101 ##################################################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
102
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
103 #### Stanzas that may be spam, but we're not sure either way######
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
104 ::user/spam_handle_unknown
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
105
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
106 # This chain can be used by other scripts
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
107 # and modules to apply additional checks, or to
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
108 # override the default behaviour
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
109 JUMP CHAIN=user/spam_handle_unknown_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
110
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
111 #LOG=[debug] Spam check allowing: $(stanza:top_tag())
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
112
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
113 ##################################################################