search

element-hq / synapse

Synapse: Matrix homeserver written in Python/Twisted.
https://element-hq.github.io/synapse
GNU Affero General Public License v3.0
1.26k stars 155 forks source link

Other federation server spamming PUT on /v1/send endpoint #17576

Open mwllgr opened 4 weeks ago

mwllgr commented 4 weeks ago

Description

Hello,

I'm currently receiving about 25 requests per second to the /_matrix/federation/v1/send/<id_or_similar?> endpoint:

134.102.x.x - - [15/Aug/2024:20:27:05 +0200] "PUT /_matrix/federation/v1/send/1723503001563 HTTP/1.1" 401 85 "-" "Synapse/1.90.0"
134.102.x.x - - [15/Aug/2024:20:27:05 +0200] "PUT /_matrix/federation/v1/send/1723503001566 HTTP/1.1" 401 85 "-" "Synapse/1.90.0"
134.102.x.x - - [15/Aug/2024:20:27:05 +0200] "PUT /_matrix/federation/v1/send/1723503001569 HTTP/1.1" 401 85 "-" "Synapse/1.90.0"
134.102.x.x - - [15/Aug/2024:20:27:05 +0200] "PUT /_matrix/federation/v1/send/1723503001572 HTTP/1.1" 401 85 "-" "Synapse/1.90.0"

... every request accompanied with the following log message (or similar → different IDs/timestamps):

matrix-server | 2024-08-10 16:48:39,209 - synapse.federation.transport.server._base - 323 - WARNING - PUT-2355 - authenticate_request failed: 401: Destination mismatch in auth header
matrix-server | 2024-08-10 16:48:39,249 - synapse.federation.transport.server._base - 323 - WARNING - PUT-2356 - authenticate_request failed: 401: Destination mismatch in auth header

The requests themselves contain the following (or similar?): xxx → censored, whole content prettified beforehand

{
  "origin": "matrix-not-at-my-own-server.example.com",
  "origin_server_ts": 1723745703465,
  "pdus": [
    {
      "auth_events": [
        "xxx",
        "xxx"
      ],
      "content": {
        "membership": "leave"
      },
      "depth": 576354,
      "hashes": {
        "sha256": "xxx"
      },
      "origin": "matrix-not-at-my-own-server.example.com",
      "origin_server_ts": 1689514823361,
      "prev_events": [
        "xxx",
        "xxx",
        "xxx",
        "xxx",
        "xxx",
        "xxx",
        "xxx"
      ],
      "room_id": "!sOmeRoOmId:matrix.org",
      "sender": "@some_user:matrix-not-at-my-own-server.example.com",
      "signatures": {
        "matrix-not-at-my-own-server.example.com": {
          "ed25519:a_zVUb": "xxx"
        }
      },
      "state_key": "@some_user:matrix-not-at-my-own-server.example.com",
      "type": "m.room.member",
      "unsigned": {
        "age_ts": 1689514823361,
        "replaces_state": "xxx"
      }
    }
  ]
}

Steps to reproduce

Homeserver

own homeserver

Synapse Version

1.112.0

Installation Method

Docker (matrixdotorg/synapse)

Database

postgres:14-alpine

Workers

Single process

Platform

Docker 20.10.18 on Ubuntu 22.04

Configuration

nginx vhost:

    location ~ ^(\/_matrix|\/_synapse\/client) {
      proxy_pass http://127.0.0.1:8008;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $host;
      proxy_max_temp_file_size 0;
    }

Relevant log output

matrix-server | 2024-08-10 16:48:39,209 - synapse.federation.transport.server._base - 323 - WARNING - PUT-2355 - authenticate_request failed: 401: Destination mismatch in auth header

Anything else that would be useful to know?

No response

mwllgr commented 3 weeks ago

The server owner upgraded his Synapse instance from 1.90 to 1.106 and now the problem seems to be gone.