Event is not failed when creating a spam checker module that filters federated rooms

[cristi-vlad]

Description

I am trying to create a module that blocks federation of rooms between two matrix servers.
Logics is based on m.room.member event type and determines source server and destination server.
If source server is different than destination server and room id is not in allowed rooms, then return forbidden.

Rooms are provided as config in values file:

- module: federation_event_checker.FilterFederatedRooms
  config: 
    fedrooms_allowed:
      - "!AanXREkoCFRofkefum:matrix2.dev.development.int" #matrix2tomatrix

Python module

async def check_event_for_spam(self, event: "synapse.events.EventBase"):

    event_dict = event.get_dict()

    try:
        event_type = event_dict.get('type', None) 
        if event_type == 'm.room.member':
            print("Identifier passed event type")
            event_content = event_dict.get('content', None) 
            print("Identifier print event content",event_content)
            if event_content["membership"] == 'invite':
                print("Identifier determine source server and destination server")
                source_server = event.origin
                dest_server = event.state_key.split(":")[1]
                fedroom = event_dict.get('room_id', None) 
                if source_server != dest_server: 
                    if fedroom not in self.fedrooms_allowed: 
                       print("Identifier: For room id", fedroom, " federation IS NOT allowed with other matrix servers")
                       return synapse.module_api.errors.Codes.FORBIDDEN
    except Exception:
        print("Identifier exception for event", event_dict)
        return synapse.module_api.errors.Codes.FORBIDDEN
    return synapse.module_api.NOT_SPAM

Logs from execution

2023-12-05 06:45:20,474 - synapse.util.metrics - 163 - DEBUG - PUT-62- Entering block federation_event_checker.FilterFederatedRooms.check_event_for_spam

2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier passed event type
2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier print event content {'displayname': 'xxxxx', 'membership': 'invite'}
2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier determine source server and destination server
2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier For room id !zznlJqNveedzoyXqee:matrix2.dev.development.int federation IS NOT allowed with other matrix servers
2023-12-05 06:45:20,475 - synapse.util.metrics - 176 - DEBUG - PUT-62- Exiting block federation_event_checker.FilterFederatedRooms.check_event_for_spam
2023-12-05 06:45:20,475 - synapse.federation.federation_base - 143 - WARNING - PUT-62- Event contains spam, soft-failing $rQtlVB1HGJsli1eRemKWawHYO4hL0L9RGCA5zPbXISE

Last line is very important: "Event contains spam, soft-failing $rQtlVB1HGJsli1eRemKWawHYO4hL0L9RGCA5zPbXISE"
It says that the event contains spam and soft failing but still invite can be sent to the other user and the other use may accept the invite then talk.

Steps to reproduce

• Having two federated matrix servers: matrix and matrix2
• Creating a new room on matrix2 server (room is not in allowed list)
• Inviting a user to the room from matrix server
• User from matrix server is able to accept the request and join the room but it should not be able

Homeserver

local homeserver

Synapse Version

{"server":{"name":"Synapse","version":"1.92.3"}}

Installation Method

Docker (matrixdotorg/synapse)

Database

Postgresql

Workers

Single process

Platform

Rancher - Kubernetes

Configuration

• module: federation_event_checker.FilterFederatedRooms
  config:
  fedrooms_allowed:
  - "!AanXREkoCFRofkefum:matrix2.dev.development.int" #matrix2tomatrix

Relevant log output

2023-12-05 06:45:20,474 - synapse.util.metrics - 163 - DEBUG - PUT-62- Entering block federation_event_checker.FilterFederatedRooms.check_event_for_spam

2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier passed event type
2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier print event content {'displayname': 'vlad_ad', 'membership': 'invite'}
2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier determine source server and destination server
2023-12-05 06:45:20,475 - twisted - 275 - INFO - PUT-62- Identifier For room id !zznlJqNveedzoyXqee:matrix2.dev.development.int federation IS NOT allowed with other matrix servers
2023-12-05 06:45:20,475 - synapse.util.metrics - 176 - DEBUG - PUT-62- Exiting block federation_event_checker.FilterFederatedRooms.check_event_for_spam
2023-12-05 06:45:20,475 - synapse.federation.federation_base - 143 - WARNING - PUT-62- Event contains spam, soft-failing $rQtlVB1HGJsli1eRemKWawHYO4hL0L9RGCA5zPbXISE

Anything else that would be useful to know?

No response

[DMRobertson]

The relevant source is:

synapse/synapse/federation/federation_base.py

Lines 142 to 157 in 001fc7b

	if spam_check != self._spam_checker_module_callbacks.NOT_SPAM:
	logger.warning("Event contains spam, soft-failing %s", pdu.event_id)
	log_kv(
	{
	"message": "Event contains spam, redacting (to save disk space) "
	"as well as soft-failing (to stop using the event in prev_events)",
	"event_id": pdu.event_id,
	}
	)
	# we redact (to save disk space) as well as soft-failing (to stop
	# using the event in prev_events).
	redacted_event = prune_event(pdu)
	redacted_event.internal_metadata.soft_failed = True
	return redacted_event
	return pdu

On the face of it, I'm not sure if this module callback is the right approach. You could try user_may_invite instead. One note of caution: I'm not sure if that is designed to handle requests created by the local server, versus those it receives. (Maybe it handles both?)

Another option would be try using the admin API to entirely block the unwanted rooms.