I’ve looked all through the various filter plug-ins & I can not find anywhere a way to make it so that external users (ie. googletalk users) can not send messages or add user requests to our users without our users first adding them to their list.
This is a huge security issue if you wish to run an environment where users can chat with external users from other jabber services but have it so that other jabber services can’t be used to send spam to your users.
XMPP allows to use privacy lists. If you are using Spark you must enable the XMPP Debugger before you login, then you can create a privacy list. So it may be a pain for every user to manage a privacy list using the XMPP Debugger if you are using Spark.
Yeah, I’m aware of solutions to block all & what can be done client side but I need something server side. I’m just looking for some sort of filter that prevents messages being sent to people by an account not on their roster (& I need it server side).
We have 1 or 2 big wigs who don’t want people to be able to send them direct messages without first being on their list, especially from a google account.
I played around with the subscription plug-in but it isn’t quite flexible enough because it basically auto accepts or completely rejects subscription requests (& this still doesn’t block direct messages).
I can setup ACLs to strictly manage their traffic but then anytime they want to add someone I have to do it for them.