prosody-modules
94399ad6b5ab
mod_report_forward/README.md

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_report_forward/README.md @ 6191:94399ad6b5ab

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do.
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:13:39 +0000
parent 6081:744127959dd1
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: 'Forward spam/abuse reports to a JID'
---

This module forwards spam/abuse reports (e.g. those submitted by users via
XEP-0377 via mod_spam_reporting) to one or more JIDs.

## Configuration

Install and enable the module the same as any other:

```lua
modules_enabled = {
    ---
    "report_forward";
    ---
}
```

There are two main options. You can set `report_forward_to` which accepts a
list of JIDs to send all reports to (default is empty):

```lua
report_forward_to = { "admin@example.net", "antispam.example2.com" }
```

You can also control whether the module sends a report to the server from
which the spam/abuse originated (default is `true`):

```lua
report_forward_to_origin = false
```

The module looks up an abuse report address using XEP-0157 (only XMPP
addresses are accepted). If it fails to find any suitable destination, it will
fall back to sending the report to the domain itself unless `report_forward_to_origin_fallback`
is disabled (set to `false`). If the fallback is disabled, it will log a
warning and not send the report.



## Protocol

This section is intended for developers.

XEP-0377 assumes the report is embedded within another protocol such as
XEP-0191, and doesn't specify a format for communicating "standalone" reports.
This module transmits them inside a `<message>` stanza, and adds a `<jid/>`
element (borrowed from XEP-0268):

```xml
<message from="prosody.example" to="destination.example">
    <report xmlns="urn:xmpp:reporting:1" reason="urn:xmpp:reporting:spam">
        <jid xmlns="urn:xmpp:jid:0">spammer@bad.example</jid>
        <text>
          Never came trouble to my house like this.
        </text>
    </report>
</message>
```

It may also include the reported message, if this has been indicated by the
user, wrapped in a XEP-0297 `<forwarded/>` element:

```xml
<message from="prosody.example" to="destination.example">
  <report reason="urn:xmpp:reporting:spam" xmlns="urn:xmpp:reporting:1">
    <jid xmlns="urn:xmpp:jid:0">spammer@bad.example</jid>
    <text>Never came trouble to my house like this.</text>
  </report>
  <forwarded xmlns="urn:xmpp:forward:0">
    <message from="spammer@bad.example" to="victim@prosody.example" type="chat" xmlns="jabber:client">
      <body>Spam, Spam, Spam, Spam, Spam, Spam, baked beans, Spam, Spam and Spam!</body>
    </message>
  </forwarded>
</message>
```

## Compability

  Prosody-Version   Status
  ----------------- ----------------------
  trunk             Works as of 07.12.22
  0.12              Works