[ejabberd] anyone here managed to do s2s to gmail.com domain using TLS ?

Chris Maciejewski chris at wima.co.uk
Tue Nov 2 18:50:33 MSK 2010


I just tried to send non-TSL XML data, but getting 503 Error back from
google: Please see below:

##
T 10.10.10.51:41566 -> 74.125.45.125:5269 [AP]
<message from='alice at xmpp.mydomain.com' to='bob at gmail.com' id='27992'
type='chat'><body>test message</body></message>
##

T 74.125.46.83:51956 -> 10.10.10.51:5269 [AP]
<message from="bob at gmail.com" to="alice at xmpp.mydomain.com" id="27992"
type="error"><body>test message</body><error code="503"
type="cancel"><service-unavailable
xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></message>

Any suggestions?

On 2 November 2010 15:45, Chris Maciejewski <chris at wima.co.uk> wrote:
> Right, I see. Thanks for pointing me in the right direction.
>
> ...however it seems to me s2s service listening on port 5269 at
> xmpp-server.l.google.com is not SSL enabled at all ???
>
> openssl s_client -connect xmpp-server.l.google.com:5269
> 7019:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:601:
>
> So how do we connect to Google s2s via SSL in that case?
>
> On 2 November 2010 15:40, zhong ming wu <mr.z.m.wu at gmail.com> wrote:
>> As u can also see s2s uses different hosts from what u use which is for c2s
>> as can be verified by a similar dig command
>>
>> On Nov 2, 2010 11:20 AM, "zhong ming wu" <mr.z.m.wu at gmail.com> wrote:
>>
>> On Tue, Nov 2, 2010 at 11:04 AM, Chris Maciejewski <chris at wima.co.uk> wrote:
>>> Yes, I managed to do ...
>>
>> Why do you even bother to do that since that is the job of gmail.com admins;
>> they already have the public SRV record and ejabberd I think already figures
>> this out by itself without your help
>>
>> --------------------------
>> $ dig _xmpp-server._tcp.gmail.com srv +short
>> 20 0 5269 xmpp-server3.l.google.com.
>> 20 0 5269 xmpp-server4.l.google.com.
>> 20 0 5269 xmpp-server2.l.google.com.
>> 20 0 5269 xmpp-server1.l.google.com.
>> 5 0 5269 xmpp-server.l.google.com.
>> --------------------------
>>
>>>
>>> Used dnsmasqd to do it, by adding this line to /etc/dnsmasql.conf:
>>>
>>> srv-host=_xmpp-server._...
>>
>> Standard s2s port is 5269 and that's what gmail.com is using as shown by dig
>> above. What possess you to pick 5222 on behalf of gmail.com adimn?
>>


More information about the ejabberd mailing list