diff --git a/src/database.rs b/src/database.rs
index 69cf3fc8..4a03f18c 100644
--- a/src/database.rs
+++ b/src/database.rs
@@ -21,8 +21,8 @@ use futures_util::{stream::FuturesUnordered, StreamExt};
 use lru_cache::LruCache;
 use ruma::{
     events::{
-        push_rules::PushRulesEventContent, room::message::RoomMessageEventContent, EventType,
-        GlobalAccountDataEvent,
+        push_rules::PushRulesEventContent, room::message::RoomMessageEventContent,
+        GlobalAccountDataEvent, GlobalAccountDataEventType,
     },
     push::Ruleset,
     DeviceId, EventId, RoomId, UserId,
@@ -968,7 +968,7 @@ fn set_emergency_access(db: &Database) -> Result<bool> {
     db.account_data.update(
         None,
         &conduit_user,
-        EventType::PushRules,
+        GlobalAccountDataEventType::PushRules.to_string().into(),
         &GlobalAccountDataEvent {
             content: PushRulesEventContent { global: ruleset },
         },
diff --git a/src/pdu.rs b/src/pdu.rs
index aed2575f..3b905336 100644
--- a/src/pdu.rs
+++ b/src/pdu.rs
@@ -51,7 +51,7 @@ impl PduEvent {
         self.unsigned = None;
 
         let allowed: &[&str] = match self.kind {
-            RoomEventType::RoomMember => &["membership"],
+            RoomEventType::RoomMember => &["join_authorised_via_users_server", "membership"],
             RoomEventType::RoomCreate => &["creator"],
             RoomEventType::RoomJoinRules => &["join_rule"],
             RoomEventType::RoomPowerLevels => &[
diff --git a/src/server_server.rs b/src/server_server.rs
index d574c4ee..596a54e2 100644
--- a/src/server_server.rs
+++ b/src/server_server.rs
@@ -42,6 +42,7 @@ use ruma::{
         receipt::{ReceiptEvent, ReceiptEventContent},
         room::{
             create::RoomCreateEventContent,
+            join_rules::{JoinRule, RoomJoinRulesEventContent},
             member::{MembershipState, RoomMemberEventContent},
             server_acl::RoomServerAclEventContent,
         },
@@ -2590,6 +2591,33 @@ pub async fn create_join_event_template_route(
 
     acl_check(sender_servername, &body.room_id, &db)?;
 
+    // TODO: Conduit does not implement restricted join rules yet, we always reject
+    let join_rules_event = db
+        .rooms
+        .room_state_get(&body.room_id, &StateEventType::RoomJoinRules, "")?;
+
+    let join_rules_event_content: Option<RoomJoinRulesEventContent> = join_rules_event
+        .as_ref()
+        .map(|join_rules_event| {
+            serde_json::from_str(join_rules_event.content.get()).map_err(|e| {
+                warn!("Invalid join rules event: {}", e);
+                Error::bad_database("Invalid join rules event in db.")
+            })
+        })
+        .transpose()?;
+
+    if let Some(join_rules_event_content) = join_rules_event_content {
+        if matches!(
+            join_rules_event_content.join_rule,
+            JoinRule::Restricted { .. }
+        ) {
+            return Err(Error::BadRequest(
+                ErrorKind::Unknown,
+                "Conduit does not support restricted rooms yet.",
+            ));
+        }
+    }
+
     let prev_events: Vec<_> = db
         .rooms
         .get_pdu_leaves(&body.room_id)?
@@ -2749,6 +2777,33 @@ async fn create_join_event(
 
     acl_check(sender_servername, room_id, db)?;
 
+    // TODO: Conduit does not implement restricted join rules yet, we always reject
+    let join_rules_event = db
+        .rooms
+        .room_state_get(room_id, &StateEventType::RoomJoinRules, "")?;
+
+    let join_rules_event_content: Option<RoomJoinRulesEventContent> = join_rules_event
+        .as_ref()
+        .map(|join_rules_event| {
+            serde_json::from_str(join_rules_event.content.get()).map_err(|e| {
+                warn!("Invalid join rules event: {}", e);
+                Error::bad_database("Invalid join rules event in db.")
+            })
+        })
+        .transpose()?;
+
+    if let Some(join_rules_event_content) = join_rules_event_content {
+        if matches!(
+            join_rules_event_content.join_rule,
+            JoinRule::Restricted { .. }
+        ) {
+            return Err(Error::BadRequest(
+                ErrorKind::Unknown,
+                "Conduit does not support restricted rooms yet.",
+            ));
+        }
+    }
+
     // We need to return the state prior to joining, let's keep a reference to that here
     let shortstatehash = db
         .rooms