[ejabberd] Jabberd crisis

Chris Rutledge crutledge at wamsystems.com
Fri Mar 18 18:08:22 MSK 2005


Follow-up: I've removed the icq service from the config file, but the
server still refuses to wake up and allow connections.  It start, says:

AIM-Transport starting up f
or instance aim.im.wamsystems.com...

And just hangs there.  Here's my configuration file.  Any help would be
greatly appreciated!

-------------------------------------------------------------
<jabber>

  <!-- 
  The following <service/> section is for the session manager, 
  the most important component within the server. This section
  contains the following types of information: 

    * the server's hostname
    * other basic server information
    * the location of the session log file
    * email addresses for server administrators 
    * the location of the server that provides update information
    * registration instructions for new users
    * a welcome message for new users
    * a list of agents with which users can register
    * load rules for the modules within the session manager

  -->

  <service id="sessions">

    <!-- 
    Change hostname below to something other than "localhost", 
    i.e., to the hostname or IP address of your Jabber server. 
    Multiple <host/> entries are allowed - each one is for a 
    separate virtual server. Note that each host entry must 
    be on one line, the server doesn't like it otherwise! :)
    -->

    <host><jabberd:cmdline
flag="h">im.wamsystems.com</jabberd:cmdline></host>

    <!-- 
    This is the custom configuration section for the 
    Jabber session manager, a.k.a. "JSM". 
    -->

    <jsm xmlns="jabber:config:jsm">

      <!--
      The <filter/> section below determines settings
      for mod_filter, a server-side module built into
      JSM that enables users to set delivery rules for
      messages they receive (not yet supported by all
      clients. The <allow/> subsection specifies which
      conditions and actions to enable. High-level 
      descriptions of each setting can be found below 
      (see docs.jabber.org for full details):

      * <default/> - a user cannot delete this one, it's
        the default rule for delivering messages
      * <max_size/> - the maximum number of rules in a
        user's rule set (we don't want to overdo it!)
      * conditions...
        * <ns/> - matches the query xmlns attrib on an iq packet
        * <unavailable/> - matches when user is unavailable
        * <from/> - matches the sender of the message
        * <resource/> - matches the receiver's resource
        * <subject/> - matches the subject of the message
        * <body/> - matches the body of the message
        * <show/> - matches the show tag on the receiver's presence
        * <type/> - matches the type of the message
        * <roster/> - matches if the sender is in your roster
        * <group/> - matches if the sender is in the specified group
      * actions...
        * <error/> - replies with an error
        * <offline/> - stores the messages offline
        * <forward/> - forwards the message to another jid
        * <reply/> - sends a reply to the sender of the message
        * <continue/> - continues processing of the rules
        * <settype/> - changes the type of the message
      -->
      <filter>
          <default/>
          <max_size>100</max_size>
          <allow>
              <conditions>
                  <ns/>
                  <unavailable/>
                  <from/>
                  <resource/>
                  <subject/>
                  <body/>
                  <show/>
                  <type/>
                  <roster/>
                  <group/>
              </conditions>
              <actions>
                  <error/>
                  <offline/>
                  <forward/>
                  <reply/>
                  <continue/>
                  <settype/>
              </actions>
          </allow>
      </filter>

      <!-- The server vCard -->

      <vCard>
        <FN>WAM Systems CIM</FN>
        <DESC>WAM Systems corporate instant message server</DESC>
        <URL>http://im.wamsystems.com/</URL>
      </vCard>

      <!-- 
      Registration instructions and required fields. The 
      notify attribute will send the server administrator(s)
      a message after each valid registration if it is set
      to "yes".
      -->

      <register notify="yes">
        <instructions>WAM users: Choose a username (your first initial
and last name) and password to register with this server.</instructions>
        <name/>
        <email/>
      </register>

      <!-- 
      A welcome note that is sent to every new user who registers 
      with your server. Comment it out to disable this function.
      -->

      <welcome>
        <subject>WAM Systems CIM</subject>
        <body>Registration complete! Welcome to the WAM Systems
corporate instant message server -- for more information see
http://im.wamsystems.com/</body>
      </welcome>

      <!-- 
      IDs with admin access - these people will receive admin 
      messages (any message to="yourhostname" is an admin
      message).  These addresses must be local ids, they cannot
      be remote addresses.

      Note that they can also send announcements to all
      users of the server, or to all online users. To use
      the announcement feature, you need to send raw xml and be
      logged in as one of the admin users. Here is the syntax 
      for sending an announcement to online users:

        <message to="im.wamsystems.com/announce/online">
          <body>announcement here</body>
        </message>

        <message to="im.wamsystems.com/announce/motd">
          <body>WAM Systems CIM</body>
        </message>

      Sending to /announce/motd/delete will remove any existing
      motd, and to /announce/motd/update will only update the motd
      without re-announcing to all logged in users.

      The <reply> will be the message that is automatically
      sent in response to any admin messages.
      -->

      <!--
      <admin>
        <read>support at im.wamsystems.com</read>
        <write>admin at im.wamsystems.com</write>
        <reply>
          <subject>Auto Reply</subject>
          <body>This is a special administrative address. Your message
was received and forwarded to server administrators.</body>
        </reply>
      </admin>
      -->

      <!--
      This is the resource that checks for updated versions 
      of the Jabber server software. Note that you don't lose 
      any functionality if you comment this out. Removing the
      <update/> config is especially a good strategy if your 
      server is behind a firewall. If you want to use this 
      feature, change 'localhost' to the hostname or IP address 
      of your server, making sure that it is the same as your 
      entry for <host/> above.
      -->

      <update><jabberd:cmdline
flag="h">im.wamsystems.com</jabberd:cmdline></update>

      <!--
      This enables the server to automatically update the 
      user directory when a vcard is edited.  The update is
      only sent to the first listed jud service below.  It is
      safe to remove this flag if you do not want any users
      automatically added to the directory.
      -->

      <vcard2jud/>

      <!--
      The <browse/> section identifies the transports and other
      services that are available from this server. Note that each
      entity identified here must exist elsewhere or be further 
      defined in its own <service/> section below. These services 
      will appear in the user interface of Jabber clients that
      connect to your server.
      -->

      <browse>
        <service type="aim" jid="aim.im.wamsystems.com" name="AIM
Transport">
          <ns>jabber:iq:gateway</ns>
          <ns>jabber:iq:register</ns>
        </service>

	<service type="msn" jid="msn.im.wamsystems.com" name="MSN
Transport">
	<ns>jabber:iq:gateway</ns>
	<ns>jabber:iq:register</ns>
	</service>

    <service type="icq" jid="icq.im.wamsystems.com" name="ICQ
Transport">
      <ns>jabber:iq:gateway</ns>
      <ns>jabber:iq:register</ns>
      <ns>jabber:iq:search</ns>
    </service>

      </browse>

    </jsm>

    <!--
    The following section dynamically loads the individual
    modules that make up the session manager. Remove or 
    comment out modules to disable them. Note that the order
    of modules is important, since packets are delivered 
    based on the following order!!
    -->

    <load main="jsm">
      <jsm>./jsm/jsm.so</jsm>
      <mod_echo>./jsm/jsm.so</mod_echo>
      <mod_roster>./jsm/jsm.so</mod_roster>
      <mod_time>./jsm/jsm.so</mod_time>
      <mod_vcard>./jsm/jsm.so</mod_vcard>
      <mod_last>./jsm/jsm.so</mod_last>
      <mod_version>./jsm/jsm.so</mod_version>
      <mod_announce>./jsm/jsm.so</mod_announce>
      <mod_agents>./jsm/jsm.so</mod_agents>
      <mod_browse>./jsm/jsm.so</mod_browse>
      <mod_admin>./jsm/jsm.so</mod_admin>
      <mod_filter>./jsm/jsm.so</mod_filter>
      <mod_offline>./jsm/jsm.so</mod_offline>
      <mod_presence>./jsm/jsm.so</mod_presence>
      <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
      <mod_auth_digest>./jsm/jsm.so</mod_auth_digest>
      <mod_auth_0k>./jsm/jsm.so</mod_auth_0k>
      <mod_log>./jsm/jsm.so</mod_log>
      <mod_register>./jsm/jsm.so</mod_register>
      <mod_xml>./jsm/jsm.so</mod_xml>
    </load>

  </service>

  <!-- OK, we've finished defining the Jabber Session Manager. -->

  <!-- The <xdb/> component handles all data storage, using the
filesystem. -->

  <xdb id="xdb">
    <host/>
    <load>
      <xdb_file>./xdb_file/xdb_file.so</xdb_file>
    </load>
    <xdb_file xmlns="jabber:config:xdb_file">
      <spool><jabberd:cmdline flag='s'>./spool</jabberd:cmdline></spool>
    </xdb_file>
  </xdb>

  <!--
  The following service manages incoming client socket connections.
  There are several items you can set here to optimize performance:

    * authtime - default is unlimited, but you can set this to
      limit the amount of time allowed for authentication to be
      completed, e.g., <authtime>10</authtime> for 10 seconds

    * karma - this is an input/output rate limiting system that
      the Jabber team came up with to prevent bandwidth hogging.
      For details about karma, read the io section at the bottom 
      and/or see docs.jabber.org. These are the low settings and
      apply per connection/socket and can be changed as desired.
  -->

  <service id="c2s">
    <load>
      <pthsock_client>./pthsock/pthsock_client.so</pthsock_client>
    </load>
    <pthcsock xmlns='jabber:config:pth-csock'>
      <authtime/>
      <karma>
        <init>10</init>
        <max>10</max>
        <inc>1</inc>
        <dec>1</dec>
        <penalty>-6</penalty>
        <restore>10</restore>
      </karma>

      <!-- 
      Use these to listen on particular addresses and/or ports.
      <ip port="5222">127.0.0.1</ip>
      -->
      <ip port="5222">127.0.0.1</ip>

      <ssl port='5223'>65.39.205.244</ssl>
      <ssl port='5224'>65.39.205.244</ssl>

    </pthcsock>
  </service>

  <!-- 
  This is the default server error logging component, 
  which copies to a file and to STDERR. 
  -->

  <log id='elogger'>
    <host/>
    <logtype/>
    <format>%d: [%t] (%h): %s</format>
    <file>error.log</file>
    <stderr/>
  </log>

  <!-- 
  This is the default server record logging component, 
  which logs general statistical/tracking data. 
  -->

  <log id='rlogger'>
    <host/>
    <logtype>record</logtype>
    <format>%d %h %s</format>
    <file>record.log</file>
  </log>

  <!-- The following two services are for handling server-to-server
traffic. -->

  <!-- External asychronous DNS resolver -->

  <service id="dnsrv">
    <host/>
    <load>
      <dnsrv>./dnsrv/dnsrv.so</dnsrv>
    </load>
    <dnsrv xmlns="jabber:config:dnsrv">
    	<resend service="_jabber._tcp">s2s</resend> <!-- for supporting
SRV records -->
    	<resend>s2s</resend>
    </dnsrv>
  </service>

  <!--
  The following 's2s' config handles server connections and 
  dialback hostname verification.  The <legacy/> element is 
  here to enable communication with old 1.0 servers. The 
  karma settings are a little higher here to handle the 
  higher traffic of server-to-server connections (read
  the io section below for more details, medium settings).
  -->

  <service id="s2s">
    <load>
      <dialback>./dialback/dialback.so</dialback>
    </load>
    <dialback xmlns='jabber:config:dialback'>
      <legacy/>
      <!-- Use these to listen on particular addresses and/or ports.
      <ip port="7000"/>
      <ip port="5269">127.0.0.1</ip>
      -->
      <ip port="5269">127.0.0.1</ip>
      <karma>
        <init>50</init>
        <max>50</max>
        <inc>4</inc>
        <dec>1</dec>
        <penalty>-5</penalty>
        <restore>50</restore>
      </karma>
    </dialback>
  </service>

  <!-- 
  If you identified additional agents in the main <service/> 
  section (see examples above), you'll need to define each 
  of them here using a separate <service/> section for each 
  <agent/> you identified. Note that the <agent/> sections
  determine what gets shown to clients that connect to your
  server, whereas the following <service/> sections define
  these services within the server itself. The following are
  examples only, you will need to create/modify them to get 
  them working on your Jabber server. See the README files 
  for each agent and/or the server howto for further 
  information/instructions. 
  -->

<!--
<service id='aim.im.wamsystems.com'>
 
<load><aim_transport>/usr/local/jabber/aimtrans.so</aim_transport></load
>

    <aimtrans xmlns='jabber:config:aimtrans'>
      <vCard>
        <FN>AIM Transport</FN>
        <DESC>AOL IM Transport</DESC>
        <URL>http://im.wamsystems.com/</URL>
      </vCard>

    </aimtrans>
  </service>
-->


  <service id='aim.im.wamsystems.com'>

    <aimtrans xmlns='jabber:config:aimtrans'>
      <vCard>
        <FN>AIM/ICQ Transport</FN>
        <DESC>An AIM/ICQ Transport</DESC>
        <URL>http://aim-transport.jabberstudio.org/</URL>
      </vCard>
      <charset>cp1252</charset>
    </aimtrans>

 
<load><aim_transport>/usr/local/jabber/aimtrans.so</aim_transport></load
>

  </service>

  <service id="aimlinker">
    <uplink/>
    <connect>
      <ip>127.0.0.1</ip>
      <port>5555</port>
      <secret>someSecret</secret>
    </connect>
  </service>

  <service id="msn.im.wamsystems.com">
  <msntrans xmlns="jabber:config:msntrans">
  <instructions>Enter your MSN Messenger account and password. Example:
user1 at hotmail.com. Nickname is optional.</instructions>
  <vCard>
   <FN>MSN Transport</FN>
   <DESC>Transport to MSN</DESC>
   <URL>http://im.wamsystems.com/</URL>
  </vCard>
  </msntrans>
  <load>
 
<msntrans>/usr/local/jabber/msn-transport-1.2.8rc-cvs/src/msntrans.so</m
sntrans>
  </load>
  </service>

 

  <service id="icq.dnsrv">
    <load>
      <dnsrv>./dnsrv/dnsrv.so</dnsrv>
    </load>
    <dnsrv xmlns="jabber:config:dnsrv">
      <resend>icq.im.wamsystems.com</resend>      <!-- Change this to
the service id for ICQ-transport -->
      <cachetimeout>300</cachetimeout>   <!-- the default is 1 hour,
which is too long for our purpose -->
    </dnsrv>
</service>

  <!--
  The following <io/> config initializes the top-level
  I/O, otherwise known as MIO (Managed Input/Output).
  -->

  <io>

    <!-- Set the default karma for *all* sockets -->
    <!-- definition of terms:

      * Avg. Throughput - The number of bytes you can
        send every second without incuring any penalty.

      * Burst Allowed - The maximum number of bytes you
        can send in 2 seconds without incurring any penalty.

      * Max Sustained Rate - If you send data as fast as 
        you can, you will hit penalty, and will not be 
        able to send for 10 seconds; the max sustained 
        rate is the average rate you can dump data when 
        you are dumping as much data as you can, as fast 
        as you can.

      * Seconds to Recover from Burst - The amount of time 
        it will take to reach Avg. Throughput capability 
        after sending a max burst of data.

      * Penalty Length - The length of your penalty is
        determined according to this formula:
              abs(penalty) * Heartbeat seconds
        E.g., a penalty of -5 and heartbeat of 2 will 
        cause your penalty length to be 10 seconds. 
        Note that a penalty CANNOT be less than -100, 
        otherwise strange things might happen.

    -->
    <!-- Example of Low Karma Limits 
        Avg. Throughput: 1k-2k/s 
        Burst Allowed To: 5.5k/s 
        Max Sustained Rate: 485b/s
        Seconds to Recover from Burst: 20
        Penalty Length: 12 seconds
    <karma>
      <heartbeat>2</heartbeat>
      <init>10</init>
      <max>10</max>
      <inc>1</inc>
      <dec>1</dec>
      <penalty>-6</penalty>
      <restore>10</restore>
    </karma>
    -->

    <!-- Example of Medium Karma Limits 
        Avg. Throughput: 5k-10k/s 
        Burst Allowed: 125.5k/s 
        Max Sustained Rate: 12.6k/s
        Seconds to Recover From Burst: 25
        Penalty Length: 10 seconds
    <karma>
      <heartbeat>2</heartbeat>
      <init>50</init>
      <max>50</max>
      <inc>4</inc>
      <dec>1</dec>
      <penalty>-5</penalty>
      <restore>50</restore>
    </karma>
    -->

    <!-- Example of High Karma Limits 
        Avg. Throughput: 5k-10k/s 
        Burst Allowed: 206k/s 
        Max Sustained Rate: 34.3k/s
        Seconds to Recover from Burst: 21
        Penalty Length: 6 seconds
    <karma>
      <heartbeat>2</heartbeat>
      <init>64</init>
      <max>64</max>
      <inc>6</inc>
      <dec>1</dec>
      <penalty>-3</penalty>
      <restore>64</restore>
    </karma>
    -->

    <!-- 
    Set rate limits to monitor the number of connection
    attempts from a single IP, any more than [points]
    within [time] will engage the limit.  This setting
    applies to all incoming connections to any service,
    unless otherwise overridden by that service.
    -->

    <rate points="20" time="25"/>

    <!-- 
    The following section initializes SSL for top-level I/O.
    This works only when the server is compiled with openssl!
    -->
   
    <ssl>
      <key ip='63.87.243.194'>/usr/local/jabber/key.pem</key>
    </ssl>
 

    <!-- 
    The following section is used to allow or deny 
    communications from specified IP networks or 
    addressses. If there is no <allow/> section, 
    then *all* IPs will be allowed to connect. If 
    you allow one block, then only that block may 
    connect. Note that <allow/> is checked before
    <deny/>, so if a specific address is allowed 
    but the network for that address is denied, 
    then that address will still be denied.
    -->
    <!--
    <allow><ip>127.0.0.0</ip><mask>255.255.255.0</mask></allow>
    <allow><ip>12.34.56.78</ip></allow>
    <deny><ip>22.11.44.0</ip><mask>255.255.255.0</mask></deny>
    -->

  </io>

  <!--
  This specifies the file to store the pid of the process in.
  -->
  <pidfile>./jabber.pid</pidfile>

</jabber>

-----Original Message-----
From: ejabberd-bounces at jabber.ru [mailto:ejabberd-bounces at jabber.ru] On
Behalf Of Chris Rutledge
Sent: Friday, March 18, 2005 9:53 AM
To: ejabberd at jabber.ru
Subject: [ejabberd] Jabberd crisis

Hi folks,

I've restarted a jabber server at our office for the first time, and now
it seems to be hosed.  When I log on under root and run jabberd I get a
list of errors and no one can log on to jabber.  I didn't configure the
server so I'm a bit lost.  Any advice would be greatly appreciated, as
I'm getting a ton of emails saying 'Jabber's down!'

Here are the errors I'm encountering:

20050318T14:28:05: [notice] (aim.im.wamsystems.com): AIM-Transport
starting up for instance aim.im.wamsystems.com...
20050318T14:28:07: [notice] (icq.mirabilis.com): dropping looping dns
lookup request: <iq to='icq.mirabilis.com' type='error'
from='icq.mirabilis.com' iperror=''><error code='502'>Unable to resolve
hostname.</error></iq>
20050318T14:33:09: [notice] (icq.mirabilis.com): dropping looping dns
lookup request: <iq to='icq.mirabilis.com' type='error'
from='icq.mirabilis.com' iperror=''><error code='502'>Unable to resolve
hostname.</error></iq>
20050318T14:38:13: [notice] (icq.mirabilis.com): dropping looping dns
lookup request: <iq to='icq.mirabilis.com' type='error'
from='icq.mirabilis.com' iperror=''><error code='502'>Unable to resolve
hostname.</error></iq>
20050318T14:43:17: [notice] (icq.mirabilis.com): dropping looping dns
lookup request: <iq to='icq.mirabilis.com' type='error'
from='icq.mirabilis.com' iperror=''><error code='502'>Unable to resolve
hostname.</error></iq>


I'm not sure how to fix the configuration to stop this error.  I can
ping icq.mirabilis.com fine, so that's not the issue.  Would it be wrong
to comment out the icq section of the configuration file?  I don't think
anyone's using icq to access our jabber network anyway.

Thanks!

Chris
_______________________________________________
ejabberd mailing list
ejabberd at jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd


More information about the ejabberd mailing list