[ejabberd] Dialback settings for ejabberd_s2s_in

Badlop badlop at gmail.com
Mon Oct 10 14:06:53 MSD 2011


2011/10/9 Shaun Kruger <shaun.kruger at gmail.com>:
> If you add the atom
> 'dialback_verify_disable' it will always accept the dialback key that
> is presented by the originating server without contacting the
> authoritative server and exchanging verify stanzas.

So, with that option enabled, ejabberd will accept connections also to
iamafakedns.com ?

Isn't this a better idea?
{dialback_verify_disable, "gmail.com"}.
{dialback_verify_disable, "jabber.org"}.
%% All the other servers require dialback

> I have determined that this patch allows me to communicate between
> gmail.com and my ejabberd hosted domain through my proxy server
> without any difficulty.

And have you investigated the potential security problems that it could rise?

> I do hope you will consider this patch for inclusion in ejabberd3 as
> this change may make XMPP federation easier in some unique use cases.

Including such option without prior review, and a detailed
documentation to discourage its abuse by administrators, would provoke
that a lot of troubled administrators would enable the option. That
would produce many ejabberd servers without dialback defense, and open
for spam.


---
Badlop
ProcessOne


More information about the ejabberd mailing list