2021-04-14 00:06:22 +02:00
|
|
|
## bl-imp - the JabberSpam bl(acklist) imp(orter)
|
2018-12-22 04:46:57 +01:00
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
### precursor
|
2021-04-16 21:55:01 +02:00
|
|
|
Please be warned that at this point the JabberSpam blacklist is the only list that will be used. It is planed to open up
|
|
|
|
the tool to also import other lists in the future.
|
2021-03-10 17:38:38 +01:00
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
### install
|
2021-04-16 21:55:01 +02:00
|
|
|
The tool can be installed easily via that Python package Index (pip). After that the local wrapper `/usr/bin/bl-imp`
|
2021-04-14 00:06:22 +02:00
|
|
|
can be called to use the module.
|
|
|
|
```bash
|
|
|
|
pip install bl-imp
|
2019-06-26 11:17:56 +02:00
|
|
|
```
|
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
### `bl-imp` usage
|
2019-06-26 11:17:56 +02:00
|
|
|
```
|
2021-04-14 00:06:22 +02:00
|
|
|
usage: bl-imp [-h] [-o OUTFILE] [-dr]
|
2019-06-26 11:17:56 +02:00
|
|
|
|
|
|
|
optional arguments:
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
-o OUTFILE, --outfile OUTFILE
|
|
|
|
set path to output file
|
|
|
|
-dr, --dry-run perform a dry run
|
|
|
|
```
|
|
|
|
|
|
|
|
#### without any arguments
|
2021-04-16 22:09:40 +02:00
|
|
|
Running `bl-imp` without any arguments, cause the tool to update the local cache and etag file. After that the tool will
|
|
|
|
exit with the exit code `2` followed by the help message to stderr.
|
2019-06-26 11:17:56 +02:00
|
|
|
|
|
|
|
```bash
|
|
|
|
no outfile assigned
|
|
|
|
```
|
|
|
|
|
|
|
|
#### dry run
|
2021-04-14 00:06:22 +02:00
|
|
|
Running `bl-imp` with `-dr` or `--dry-run` as argument will cause the tool to only output the aggregated yaml file to
|
|
|
|
stdout. Except the local etag and cache file no file is written to disk.
|
|
|
|
|
2021-04-16 21:55:01 +02:00
|
|
|
```bashinstaller
|
2021-04-14 00:06:22 +02:00
|
|
|
$ /usr/bin/bl-imp --dry-run
|
2019-06-26 11:17:56 +02:00
|
|
|
outfile selected: None
|
|
|
|
acl:
|
|
|
|
spamblacklist:
|
|
|
|
server:
|
|
|
|
- "a-server.tld"
|
|
|
|
- "b-server.tld"
|
|
|
|
```
|
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
#### --outfile /path/out.yml
|
2021-04-16 21:55:01 +02:00
|
|
|
Adding the `outfile` argument while omitting the dry run argument runs the tools silently while doing its thing.
|
2019-06-26 11:17:56 +02:00
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
### ejabberd configuration
|
|
|
|
To fully utilize the tool some configuration changes are required.
|
2021-04-16 21:55:01 +02:00
|
|
|
Firstly it is necessary that `bl-imp` is the only one editing the defined yml file, because any local change not
|
|
|
|
present in the remote list will be overwritten automatically. Furthermore it is necessary for the file to be separate
|
2021-04-16 22:09:40 +02:00
|
|
|
from the "main" ejabberd configuration e.g `ejabberd.yml`. Lastly to protect the integrity of your config files the
|
2021-04-16 21:55:01 +02:00
|
|
|
`allow_only` argument restricts the external file to only allow for `acl` rules.
|
2019-06-26 11:17:56 +02:00
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
#### ejabberd acl config
|
2018-12-22 04:46:57 +01:00
|
|
|
```yaml
|
2021-04-16 21:55:01 +02:00
|
|
|
## acl
|
2021-04-14 00:06:22 +02:00
|
|
|
include_config_file:
|
2021-04-16 22:09:40 +02:00
|
|
|
"/etc/ejabberd/blacklist.yml": # ⟵ the path is completely user configurable
|
|
|
|
allow_only: # ⟵ the allow_only section is optional but recommended
|
|
|
|
- acl
|
2021-04-16 21:27:33 +02:00
|
|
|
|
2021-04-16 21:55:01 +02:00
|
|
|
## access rules
|
2021-04-16 21:27:33 +02:00
|
|
|
access_rules:
|
|
|
|
s2s_access:
|
|
|
|
- deny: spamblacklist
|
|
|
|
- allow
|
2018-12-22 04:46:57 +01:00
|
|
|
```
|
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
### automation
|
2021-04-16 21:55:01 +02:00
|
|
|
The tool is meant to be used in an automatic fashion. It is build to operate silently without any user interaction.
|
2018-12-22 04:46:57 +01:00
|
|
|
|
2021-04-16 21:55:01 +02:00
|
|
|
For example the script could be run every day at 00:01 to automatically add/ remove affected servers from the local
|
|
|
|
blacklist and reload the configuration if the first task finished successfully.
|
2018-12-22 04:46:57 +01:00
|
|
|
|
2019-06-26 11:17:56 +02:00
|
|
|
```cron
|
|
|
|
# jabber blacklist update
|
2018-12-22 04:46:57 +01:00
|
|
|
|
2021-04-14 00:06:22 +02:00
|
|
|
# the outfile here is configured with the shortflag -o instead of the long form
|
2021-04-16 21:55:01 +02:00
|
|
|
1 0 * * * /usr/bin/bl-imp -o /etc/ejabberd/config/blacklist.yml && /usr/bin/ejabberdctl reload_config
|
2019-06-26 11:17:56 +02:00
|
|
|
```
|