mod_block_strangers catpcha option not working

[marzzzello]

Environment

• ejabberd version: 24.02
• OS: Linux (Debian)
• Installed from: docker

Configuration

I use a reverse proxy from xmpp.myserver.tld to ejabberd:5080.

...
listen:
  - port: 5080
    ip: '::'
    module: ejabberd_http
    tls: false
    request_handlers:
      /account: mod_register_web
      /admin: ejabberd_web_admin
      /api: mod_http_api
      /bosh: mod_bosh
      /captcha: ejabberd_captcha
      /upload: mod_http_upload
      /ws: ejabberd_http_ws
      /.well-known/host-meta: mod_host_meta
      /.well-known/host-meta.json: mod_host_meta
      /_matrix: mod_matrix_gw
...

captcha_cmd: mod_ecaptcha
captcha_url: https://xmpp.myserver.tld/captcha
captcha_limit: 5

acl:
  spamservers:
    server:
      - externalserver.tld
       
modules:
  mod_ecaptcha: {}
  mod_block_strangers:
    access: spamservers
    allow_transports: false
    captcha: true
    log: true
...

ejabberd.log

Expand

2024-05-17 12:30:50.237030+00:00 [notice] (tls|<0.732.0>) Received XML on stream = <<" ">>
2024-05-17 12:30:50.763621+00:00 [notice] (tls|<0.2299.0>) Received XML on stream = <<"<message xml:lang='en' to='[email protected]' from='[email protected]/blabber.im[3.1.4].DYUl' type='chat' id='c632b51f-3757-4227-81b0-d39a7d43d5bc'><request xmlns='urn:xmpp:receipts'/><markable xmlns='urn:xmpp:chat-markers:0'/><origin-id xmlns='urn:xmpp:sid:0' id='c632b51f-3757-4227-81b0-d39a7d43d5bc'/><active xmlns='http://jabber.org/protocol/chatstates'/><body>Hi, this message may contain spam</body></message>">>
2024-05-17 12:30:50.763923+00:00 [debug] Running hook s2s_in_handle_recv: mod_s2s_dialback:s2s_in_recv/3
2024-05-17 12:30:50.764024+00:00 [debug] Running hook s2s_in_authenticated_packet: mod_s2s_dialback:s2s_in_packet/2
2024-05-17 12:30:50.764174+00:00 [debug] Route:
#message{id = <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>,type = chat,
         lang = <<"en">>,
         from = #jid{user = <<"externaluser">>,
                     server = <<"externalserver.tld">>,
                     resource = <<"blabber.im[3.1.4].DYUl">>,
                     luser = <<"externaluser">>,
                     lserver = <<"externalserver.tld">>,
                     lresource = <<"blabber.im[3.1.4].DYUl">>},
         to = #jid{user = <<"me">>,server = <<"myserver.tld">>,
                   resource = <<>>,luser = <<"me">>,
                   lserver = <<"myserver.tld">>,lresource = <<>>},
         subject = [],
         body = [#text{lang = <<>>,
                       data = <<"Hi, this message may contain spam">>}],
         thread = undefined,
         sub_els = [#xmlel{name = <<"request">>,
                           attrs = [{<<"xmlns">>,<<"urn:xmpp:receipts">>}],
                           children = []},
                    #xmlel{name = <<"markable">>,
                           attrs = [{<<"xmlns">>,
                                     <<"urn:xmpp:chat-markers:0">>}],
                           children = []},
                    #xmlel{name = <<"origin-id">>,
                           attrs = [{<<"xmlns">>,<<"urn:xmpp:sid:0">>},
                                    {<<"id">>,
                                     <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>}],
                           children = []},
                    #xmlel{name = <<"active">>,
                           attrs = [{<<"xmlns">>,
                                     <<"http://jabber.org/protocol/chatstates">>}],
                           children = []}],
         meta = #{ip => {64845,291,17767,35243,0,0,0,1}}}
2024-05-17 12:30:50.764455+00:00 [debug] Local route:
#message{id = <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>,type = chat,
         lang = <<"en">>,
         from = #jid{user = <<"externaluser">>,
                     server = <<"externalserver.tld">>,
                     resource = <<"blabber.im[3.1.4].DYUl">>,
                     luser = <<"externaluser">>,
                     lserver = <<"externalserver.tld">>,
                     lresource = <<"blabber.im[3.1.4].DYUl">>},
         to = #jid{user = <<"me">>,server = <<"myserver.tld">>,
                   resource = <<>>,luser = <<"me">>,
                   lserver = <<"myserver.tld">>,lresource = <<>>},
         subject = [],
         body = [#text{lang = <<>>,
                       data = <<"Hi, this message may contain spam">>}],
         thread = undefined,
         sub_els = [#xmlel{name = <<"request">>,
                           attrs = [{<<"xmlns">>,<<"urn:xmpp:receipts">>}],
                           children = []},
                    #xmlel{name = <<"markable">>,
                           attrs = [{<<"xmlns">>,
                                     <<"urn:xmpp:chat-markers:0">>}],
                           children = []},
                    #xmlel{name = <<"origin-id">>,
                           attrs = [{<<"xmlns">>,<<"urn:xmpp:sid:0">>},
                                    {<<"id">>,
                                     <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>}],
                           children = []},
                    #xmlel{name = <<"active">>,
                           attrs = [{<<"xmlns">>,
                                     <<"http://jabber.org/protocol/chatstates">>}],
                           children = []}],
         meta = #{ip => {64845,291,17767,35243,0,0,0,1}}}
2024-05-17 12:30:50.764612+00:00 [debug] Running hook sm_receive_packet: mod_mam:sm_receive_packet/1
2024-05-17 12:30:50.764792+00:00 [debug] Processing message to bare JID:
#message{id = <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>,type = chat,
         lang = <<"en">>,
         from = #jid{user = <<"externaluser">>,
                     server = <<"externalserver.tld">>,
                     resource = <<"blabber.im[3.1.4].DYUl">>,
                     luser = <<"externaluser">>,
                     lserver = <<"externalserver.tld">>,
                     lresource = <<"blabber.im[3.1.4].DYUl">>},
         to = #jid{user = <<"me">>,server = <<"myserver.tld">>,
                   resource = <<>>,luser = <<"me">>,
                   lserver = <<"myserver.tld">>,lresource = <<>>},
         subject = [],
         body = [#text{lang = <<>>,
                       data = <<"Hi, this message may contain spam">>}],
         thread = undefined,
         sub_els = [#xmlel{name = <<"request">>,

                           attrs = [{<<"xmlns">>,<<"urn:xmpp:receipts">>}],
                           children = []},
                    #xmlel{name = <<"markable">>,
                           attrs = [{<<"xmlns">>,
                                     <<"urn:xmpp:chat-markers:0">>}],
                           children = []},
                    #xmlel{name = <<"origin-id">>,
                           attrs = [{<<"xmlns">>,<<"urn:xmpp:sid:0">>},
                                    {<<"id">>,
                                     <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>}],
                           children = []},
                    #xmlel{name = <<"active">>,
                           attrs = [{<<"xmlns">>,
                                     <<"http://jabber.org/protocol/chatstates">>}],
                           children = []}],
         meta = #{ip => {64845,291,17767,35243,0,0,0,1},
                  stanza_id => 1715949050764649}}
2024-05-17 12:30:50.765215+00:00 [debug] Sending to process <0.842.0>
2024-05-17 12:30:50.765308+00:00 [debug] Running hook c2s_handle_info: ejabberd_sm:c2s_handle_info/2
2024-05-17 12:30:50.765381+00:00 [debug] Running hook c2s_handle_info: mod_offline:c2s_handle_info/2
2024-05-17 12:30:50.765449+00:00 [debug] Running hook c2s_handle_info: mod_pubsub:c2s_handle_info/2
2024-05-17 12:30:50.765487+00:00 [debug] Running hook c2s_handle_info: mod_push_keepalive:c2s_handle_info/2
2024-05-17 12:30:50.765524+00:00 [debug] Running hook c2s_handle_info: mod_stream_mgmt:c2s_handle_info/2
2024-05-17 12:30:50.765560+00:00 [debug] Running hook c2s_handle_info: ejabberd_c2s:process_info/2
2024-05-17 12:30:50.765596+00:00 [debug] Running hook privacy_check_packet: mod_pres_counter:check_packet/4
2024-05-17 12:30:50.765815+00:00 [debug] Running hook privacy_check_packet: mod_last:privacy_check_packet/4
2024-05-17 12:30:50.765904+00:00 [debug] Running hook privacy_check_packet: mod_privacy:check_packet/4
2024-05-17 12:30:50.765980+00:00 [debug] Running hook user_receive_packet: mod_block_strangers:filter_packet/1
2024-05-17 12:30:50.766049+00:00 [debug] Running hook roster_get_jid_info: mod_roster:get_jid_info/4
2024-05-17 12:30:50.766104+00:00 [debug] Running hook roster_get_jid_info: mod_shared_roster:get_jid_info/4
2024-05-17 12:30:50.766202+00:00 [info] Rejecting message from stranger [email protected]/blabber.im[3.1.4].DYUl to [email protected]
2024-05-17 12:30:50.766383+00:00 [debug] Route:
#message{
    id = <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>,type = error,
    lang = <<"en">>,
    from =
        #jid{
            user = <<"me">>,server = <<"myserver.tld">>,
            resource = <<>>,luser = <<"me">>,
            lserver = <<"myserver.tld">>,lresource = <<>>},
    to =
        #jid{
            user = <<"externaluser">>,server = <<"externalserver.tld">>,
            resource = <<"blabber.im[3.1.4].DYUl">>,
            luser = <<"externaluser">>,lserver = <<"externalserver.tld">>,
            lresource = <<"blabber.im[3.1.4].DYUl">>},
    subject = [],
    body = [#text{lang = <<>>,data = <<"Hi, this message may contain spam">>}],
    thread = undefined,
    sub_els =
        [#xmlel{
             name = <<"request">>,
             attrs = [{<<"xmlns">>,<<"urn:xmpp:receipts">>}],
             children = []},
         #xmlel{
             name = <<"markable">>,
             attrs = [{<<"xmlns">>,<<"urn:xmpp:chat-markers:0">>}],
             children = []},
         #xmlel{
             name = <<"origin-id">>,
             attrs =
                 [{<<"xmlns">>,<<"urn:xmpp:sid:0">>},
                  {<<"id">>,<<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>}],
             children = []},
         #xmlel{
             name = <<"active">>,
             attrs =
                 [{<<"xmlns">>,<<"http://jabber.org/protocol/chatstates">>}],
             children = []},
         #stanza_error{
             type = modify,by = undefined,reason = 'policy-violation',
             text =
                 [#text{
                      lang = <<"en">>,
                      data = <<"Messages from strangers are rejected">>}],
             sub_els = []}],
    meta =
        #{ip => {64845,291,17767,35243,0,0,0,1},
          stanza_id => 1715949050764649}}
2024-05-17 12:30:50.766877+00:00 [debug] Local route:
#message{
    id = <<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>,type = error,
    lang = <<"en">>,
    from =
        #jid{
            user = <<"me">>,server = <<"myserver.tld">>,
            resource = <<>>,luser = <<"me">>,
            lserver = <<"myserver.tld">>,lresource = <<>>},
    to =
        #jid{
            user = <<"externaluser">>,server = <<"externalserver.tld">>,
            resource = <<"blabber.im[3.1.4].DYUl">>,
            luser = <<"externaluser">>,lserver = <<"externalserver.tld">>,
            lresource = <<"blabber.im[3.1.4].DYUl">>},
    subject = [],
    body = [#text{lang = <<>>,data = <<"Hi, this message may contain spam">>}],
    thread = undefined,
    sub_els =
        [#xmlel{
             name = <<"request">>,
             attrs = [{<<"xmlns">>,<<"urn:xmpp:receipts">>}],
             children = []},
         #xmlel{
             name = <<"markable">>,
             attrs = [{<<"xmlns">>,<<"urn:xmpp:chat-markers:0">>}],
             children = []},
         #xmlel{
             name = <<"origin-id">>,
             attrs =
                 [{<<"xmlns">>,<<"urn:xmpp:sid:0">>},
                  {<<"id">>,<<"c632b51f-3757-4227-81b0-d39a7d43d5bc">>}],
             children = []},
         #xmlel{
             name = <<"active">>,
             attrs =
                 [{<<"xmlns">>,<<"http://jabber.org/protocol/chatstates">>}],
             children = []},
         #stanza_error{
             type = modify,by = undefined,reason = 'policy-violation',
             text =
                 [#text{
                      lang = <<"en">>,
                      data = <<"Messages from strangers are rejected">>}],
             sub_els = []}],
    meta =
        #{ip => {64845,291,17767,35243,0,0,0,1},
          stanza_id => 1715949050764649}}
2024-05-17 12:30:50.767171+00:00 [debug] Finding connection for {<<"myserver.tld">>,<<"externalserver.tld">>}
2024-05-17 12:30:50.767240+00:00 [debug] Using ejabberd_s2s_out <0.2326.0>
2024-05-17 12:30:50.767269+00:00 [debug] Sending to process <0.2326.0>
2024-05-17 12:30:50.767367+00:00 [notice] (tls|<0.2326.0>) Send XML on stream = <<"<message xml:lang='en' to='[email protected]/blabber.im[3.1.4].DYUl' from='[email protected]' type='error' id='c632b51f-3757-4227-81b0-d39a7d43d5bc'><request xmlns='urn:xmpp:receipts'/><markable xmlns='urn:xmpp:chat-markers:0'/><origin-id xmlns='urn:xmpp:sid:0' id='c632b51f-3757-4227-81b0-d39a7d43d5bc'/><active xmlns='http://jabber.org/protocol/chatstates'/><error type='modify'><policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Messages from strangers are rejected</text></error><body>Hi, this message may contain spam</body></message>">>

Errors from error.log/crash.log

No errors

Bug description

I expect to receive a captcha, and after I solve it, I should receive the message.
But I just get "delivery failed" and no captcha is shown. The log says "Rejecting message from stranger" but says nothing about captcha although the option is enabled.
When using captcha.sh instead of mod_ecaptcha the same bug appears.

[Neustradamus]

@marzzzello: Have you tested the captcha-ng.sh instead of captcha.sh?

• https://github.com/processone/ejabberd/blob/master/tools/captcha-ng.sh

Other links:

• https://github.com/processone/ejabberd/blob/master/tools/captcha.sh
• https://github.com/processone/ejabberd-contrib/tree/master/mod_ecaptcha
• https://github.com/processone/ejabberd-contrib/tree/master/mod_captcha_rust

[marzzzello]

@Neustradamus I tested mod_ecaptcha and captcha.sh. Same result, so I guess it's not a captcha issue.
I didn't test captcha-ng.sh because it seems to be quite similar to captcha.sh

[philinp]

v24.07.
strangers still get the message "Rejecting message from stranger".
I hoped that they would receive a captcha link.

same results for captcha.sh and captcha-ng.sh

[badlop]

You are right, I can reproduce that behaviour. The problem you noticed is not a bug in the source code, the problem is that the documentation site does not correctly describe the option functionality.

The commit message when that feature was introduced explains it precisely:

Introduce option 'captcha' for mod_block_strangers
When the option is set to true, the module will generate
CAPTCHA challenges for incoming subscription requests. The option
also implies that option drop is set to true. Note that
the module won't generate CAPTCHA challenges for messages: they
will still be rejected if drop is set to true.

Unfortunately, when this feature was added to the documentation, the explanation is confusing, or directly wrong:

access: AccessName
It’s an ACL where deny means the message will be rejected (or a CAPTCHA would be generated for a presence, if configured)

captcha: true | false
Whether to generate CAPTCHA or not in response to messages from strangers.

Thanks to your pointing, the documentation should be fixed to precisely describe the feature as it is implemented. Maybe something like this:

access: AccessName
It’s an access rule where deny means the stanza will be rejected ... There's an exception if option captcha is enabled.

captcha: true | false
Whether to generate CAPTCHA challenges ins response to incoming presence subscription requests from strangers.