File

mod_firewall/scripts/spam-blocklists.pfw @ 5930:cc30c4b5f006

mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time This can be triggered by e.g. a distributed brute force attack, or from Monal.
author Matthew Wild <mwild1@gmail.com>
date Mon, 13 May 2024 18:30:18 +0100
parent 5532:d84757f9adcb
line wrap: on
line source

# This script depends on spam-blocking.pfw also being loaded
# Any traffic that is not explicitly blocked or allowed by other
# rules will be checked against the JabberSPAM server blocklist

%LIST blocklist: https://cdn.jsdelivr.net/gh/jabberspam/blacklist/blacklist.txt

::user/spam_handle_unknown_custom

CHECK LIST: blocklist contains $<@from|host>
BOUNCE=policy-violation (Your server is blocked due to spam)

::user/spam_check_muc_invite_custom

# Check the server we received the invitation from
CHECK LIST: blocklist contains $<@from|host>
BOUNCE=policy-violation (Your server is blocked due to spam)

# Check the inviter's JID against the blocklist, too
CHECK LIST: blocklist contains $<{http://jabber.org/protocol/muc#user}x/invite@from|host>
BOUNCE=policy-violation (Your server is blocked due to spam)