search

processone / ejabberd

Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
https://www.process-one.net/en/ejabberd/
Other
6.03k stars 1.5k forks source link

Cant send message to other server after update from 17.01 to 23.01 #4018

Closed zulguamusang closed 1 year ago

zulguamusang commented 1 year ago

hi.. help.. i am no longer able to chat with other server after upgrade..

error:

2023-04-06 05:54:47.193730+08:00 [warning] <0.15942.2>@ejabberd_s2s_out:process_closed/2:157 Failed to establish outbound s2s connection chat.mm.com -> bb.my: Stream closed by local host: Use of STARTTLS required (policy-violation); bouncing for 165 seconds
2023-04-06 05:54:49.713309+08:00 [warning] <0.15944.2>@ejabberd_s2s_out:process_closed/2:157 Failed to establish outbound s2s connection chat.mm.com -> chat.nn.com: Peer certificate rejected: self signed certificate; bouncing for 56 seconds
2023-04-06 05:54:49.950039+08:00 [warning] <0.15946.2>@ejabberd_s2s_out:process_closed/2:157 Failed to establish outbound s2s connection chat.mm.com -> api.mm.com: Stream closed by local host: Use of STARTTLS required (policy-violation); bouncing for 276 seconds
2023-04-06 05:55:24.590306+08:00 [warning] <0.15954.2>@ejabberd_s2s_in:handle_auth_failure/4:200 (tls|<0.15954.2>) Failed inbound s2s EXTERNAL authentication chat.nn.com -> chat.mm.com (103.18.244.207): self signed certificate
2023-04-06 05:56:14.333394+08:00 [warning] <0.15961.2>@ejabberd_s2s_out:process_closed/2:157 Failed to establish outbound s2s connection chat.mm.com -> chat.nn.com: Peer certificate rejected: self signed certificate; bouncing for 242 seconds

yml:

ca_file: /opt/ejabberd/conf/cacert.pem

certfiles:
  - /opt/ejabberd/conf/ejabberd.pem

listen:
  -
    port: 5222
    module: ejabberd_c2s
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
    starttls_required: false
    tls_compression: true
    protocol_options:
      - "no_sslv3"
    cafile: "/opt/ejabberd/conf/cacert.pem"
    certfile: "/opt/ejabberd/conf/ejabberd.pem"
  -
    port: 5223
    module: ejabberd_c2s
    starttls: true
    starttls_required: false
    certfile: "/opt/ejabberd/conf/ejabberd.pem"
    protocol_options:
      - "no_sslv3"
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
  -
    port: 5269
    module: ejabberd_s2s_in
    max_stanza_size: 131072
    shaper: s2s_shaper
  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    tls: true
    request_handlers:
      /admin: ejabberd_web_admin
      /api: mod_http_api
      /bosh: mod_bosh
      /captcha: ejabberd_captcha
      /upload: mod_http_upload
      /ws: ejabberd_http_ws
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      /admin: ejabberd_web_admin
      /.well-known/acme-challenge: ejabberd_acme
    web_admin: true
    http_bind: true
    register: true
    captcha: false

s2s_use_starttls: required_trusted

s2s_certfile: "/opt/ejabberd/conf/ejabberd.pem"
s2s_access: all

acl:
  admin:
    user:
      - "user@chat.mm.com"
      - "user2@chat.mm.com"
  local:
    user_regexp: ""
  loopback:
    ip:
      - "127.0.0.0/8"
host_config:
  "chat.pp.com":
    acl:
      admin:
        user:
          - "user@chat.pp.com"
          - "user@chat.mm.com"
          - "user2@chat.mm.com"

access_rules:
  local:
    allow: local
  c2s:
    deny: blocked
    allow: all
  announce:
    allow: admin
  configure:
    allow: admin
  muc_create:
    allow: local
  pubsub_createnode:
    allow: local
  trusted_network:
    allow: all
  register:
    - allow
  s2s:
    - allow

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      access:
        allow:
          - acl: loopback
          - acl: admin
      oauth:
        scope: "ejabberd:admin"
        access:
          allow:
            - acl: loopback
            - acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      ip: 127.0.0.1/8
    what:
      - status
      - connected_users_number

shaper:
  normal:
    rate: 3000
    burst_size: 20000
  fast: 100000

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    5000: admin
    100: all
  c2s_shaper:
    none: admin
    normal: all
  s2s_shaper: fast

modules:
  mod_adhoc: {}
  mod_http_bind: {}
  mod_register:
    access: register
  mod_roster: {}
  mod_shared_roster: {}
  mod_vcard:
    search: false
  mod_ping:
    send_pings: true

this issue fixed, other side use selfsign cert, need to manually add into my server..

zulguamusang commented 1 year ago

now outside server can message me, but i cant.. really strange.. this is my spark log

"<message xmlns="jabber:client" xml:lang="en-MY" to="user@chat.mm.com/Spark" from="user@chat.nn.com/7ul5taty2" id="MNR3G-628" type="error">
  <error type="wait">
    <remote-server-timeout xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
    <text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">Authentication failed: Peer provided no SASL mechanisms; most likely it doesn't accept our certificate</text>
  </error>
  <paused xmlns="http://jabber.org/protocol/chatstates"/>
  <thread>CQ543V</thread>
</message>"

and this is my ejabber log

2023-04-06 14:24:25.036367+08:00 [warning] <0.24877.2>@ejabberd_s2s_out:handle_auth_failure/3:233 (tls|<0.24877.2>) Failed outbound s2s EXTERNAL authentication chat.mm.com -> chat.nn.com (103.18.244.207): Authentication failed: Peer provided no SASL mechanisms; most likely it doesn't accept our certificate
2023-04-06 14:24:25.036517+08:00 [warning] <0.24877.2>@ejabberd_s2s_out:process_auth_result/2:137 Failed to establish outbound s2s connection chat.mm.com -> chat.nn.com: authentication failed; bouncing for 163 seconds
zulguamusang commented 1 year ago

fixed, found the problem.. simply add mod_s2s_dialback: {} and mod_legacy_auth: {}