powered by Jive Software

Default Privacy List on account registration

In my experience, the standard behaviour for chat systems is to filter messages from people you don’t know/have not accepted yet. This is not a perfect solution, but I think it reduces unwanted messages/spam, identity theft, etc…

I believe (but can be wrong) that a good way to achieve this with XMPP is to set up every new account with a default privacy list such as :


This way, advanced users (company accounts or whatnot) can still disable or enrich this policy as needed.

Unfortunately, I’ve not found any way to set up Openfire to do that upon registration. Unless there’s a better way, I will add this feature to the “Registration” plugin, with 3 settings : one to enable the feature, a String containing the name of the list, and another containing the XML of the list itself.

Is there any better way to achieve this ? Do you think such changes are likely to make it to the released packages (in which case I’ll prepare a pull-request) ?

Thanks in advance

EDIT : Branch is here. Pull request is here.

EDIT2 : XML more close to what’s used in actual implementation

That private list will also block MUC messages. If you really want to go down that road - blocking on presence status using privacy lists - make sure to whitelist the right things. Take also care of [OF-724] Privacy Lists should not block stanzas from service - IgniteRealtime JIRA

If I understand correctly, to avoid problems with a chatroom I can set the list to :


But I have to update the list before entering any chatroom. This can be tedious for the client, but definitely feasible.

I don’t think there’s a way to have a rule such as :


Would have been very nice…

Also, I have to implement xep-0249 for MUC invites, because the previous way to do it won’t work.

Thanks for the input.

I don’t think there’s a way to have a rule such as :


Would have been very nice…

Substitute ‘service’ with ‘jid’ and you get what you want.

Great ! XEP-0016 is not clear concerning that.

From XEP-0016 § 2.1

(the domain itself matches, as does any user@domain or domain/resource)
It could be clearer that also matches any user@domain/resource though.

Thanks for your contribution! I’ve created [OF-1364] Registration plugin: allow default privacy list to be set - IgniteRealtime JIRA to track this change.