I am evaluating openfire to use in a live support scenario and was quite surprised that a user can send a message to another user without asking for his permission. After googling how to solve this problem for a couple of hours, I see that there is no good way of doing that. There is the Privacy Lists functionality that allows to reject any messages when the subscription is none, but they need to be set by the client, what is not an acceptable solution. Is there any other way that in server administration we can enforce messages only from users in their roster list?
Thanks in advance.