Only accept messages from users in roster


I am evaluating openfire to use in a live support scenario and was quite surprised that a user can send a message to another user without asking for his permission. After googling how to solve this problem for a couple of hours, I see that there is no good way of doing that. There is the Privacy Lists functionality that allows to reject any messages when the subscription is none, but they need to be set by the client, what is not an acceptable solution. Is there any other way that in server administration we can enforce messages only from users in their roster list?

Thanks in advance.

Well I think I found an acceptable way. We can change the backend database when we create a new user to have a default privacy list that only accepts messages from users in the roster inserting a new record in the ofprivacylist table for the user. But, in my opinion, there should be a server configuration to block messages from users not in the roster.