[ejabberd] reject s2s from IP addresses?

Badlop badlop at gmail.com
Fri Jan 25 21:28:17 MSK 2008


2008/1/24, Peter Saint-Andre <stpeter at stpeter.im>:
> Is it possible to configure ejabberd 1.1.4 (or forthcoming 2.0.0) so
> that it will not accept s2s connections from xmpp services where the
> domain identifier is an IP address (i.e., not a FQDN)?

As Christophe explained, ejabberd 2.0.0 includes a new feature to
allow or deny S2S connections based in the domain name:

%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
{s2s_default_policy, allow}.

%%
%% Allow or deny communication with specific servers.
%%
{{s2s_host, "badhost.org"}, deny}.
{{s2s_host, "spammer.com"}, deny}.


However, this feature doesn't allow to define domain names using
regexp. So, this isn't possible (offtopic: this expression is not
valid, but anyway...):
{{s2s_host, "[0-9]+.[0-9]+.[0-9]+.[0-9]+"}, deny}.

Another proposal is to implement a new keyword:
{s2s_default_policy, allow_only_fqdn}.

In your case both proposals are good. The second one seems less
powerful, but easier to setup.

Are you interested in any of these?


More information about the ejabberd mailing list