Prosody: Block messages from external users

I'm running my own XMPP chat server with the help of Prosody, and many of my family are using it.

A couple of months ago, I got XMPP spam: Users from foreign servers would appear in my chat program and ask to be added to my address book. Others simply sent a single message with an advertisement for a russian XMPP spam service.

The same thing started to happen again two weeks ago, but this time I was not the only target: One of my family members also got spammed. Spammers ruin everything.

Blocking external requests

The relative in question has no contacts on other servers and will most likely never get any, so I simply wanted to block all external messages to him: Enter mod_firewall.

At first nothing worked. I added a debug rule that should only log all incoming messages to a given user:

TO: user@example.org
LOG=[info] User received: $(stanza)
PASS.

I had no messages in my log file. The prosody support chatroom then gave me the hint I needed; the firewall_scripts line in prosody.cfg.lua was not placed in the "global" section but after a VirtualHost and thus was only loaded for that host.

Now I could finally write a firewall rule that blocks all incoming messages to a specific user:

ENTERING: $local
TO: user@example.org
NOT IN ROSTER?
LOG=[info] Message to user blocked from: $(stanza.attr.from)
BOUNCE=not-allowed

Written by Christian Weiske.

Comments? Please send an e-mail.