Package: ejabberd Version: 16.09-4 Severity: normal --- Please enter the report below this line. ---
If I configure server2server, it only works if no deny section is configured for access rules. It doesn't matter whether I deny one single host or a whole list like https://github.com/agx/jabber-spam-blacklist/ See attached access_rules for one version we tried and ejabberd_crash.log for a corresponding crash log. NB: s2s_default_policy: allow is reported as deprecated by this version and doesn't seem to work at all. --- System information. --- Architecture: Kernel: Linux 4.14.0-0.bpo.3-amd64 Debian Release: 9.3 500 stretch download.docker.com 500 stable-updates ftp2.de.debian.org 500 stable security.debian.org 500 stable ftp2.de.debian.org 100 stretch-backports ftp2.de.debian.org --- Package information. --- Depends (Version) | Installed ============================================-+-==================== adduser | 3.115 openssl | 1.1.0f-3+deb9u1 ucf | 3.0036 debconf (>= 0.5) | 1.5.61 OR debconf-2.0 | init-system-helpers (>= 1.18~) | 1.48 lsb-base (>= 3.0-6) | 9.20161125 erlang-base (>= 1:17) | 1:19.2.1+dfsg-2+deb9u1 OR erlang-abi-17.0 | erlang-asn1 (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-base (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 OR erlang-base-hipe (>= 1:19.2.1+dfsg) | erlang-crypto (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-inets (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-mnesia (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-odbc (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-public-key (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-ssl (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-syntax-tools (>= 1:19.2.1+dfsg) | 1:19.2.1+dfsg-2+deb9u1 erlang-jiffy | 0.14.8+dfsg-1 erlang-lager (>= 3.2.1) | 3.2.4-1 erlang-p1-cache-tab (>= 1.0.4) | 1.0.4-2 erlang-p1-iconv (>= 1.0.2) | 1.0.2-2 erlang-p1-stringprep (>= 1.0.6) | 1.0.6-2 erlang-p1-tls (>= 1.0.7) | 1.0.7-2+deb9u1 erlang-p1-utils (>= 1.0.5) | 1.0.5-3 erlang-p1-xml (>= 1.1.15) | 1.1.15-2 erlang-p1-yaml (>= 1.0.6) | 1.0.6-2 erlang-p1-zlib (>= 1.0.1) | 1.0.1-4 erlang-xmerl | 1:19.2.1+dfsg-2+deb9u1 Package's Recommends field is empty. Suggests (Version) | Installed ========================================-+-================= apparmor | 2.11.0-3 apparmor-utils | libunix-syslog-perl | imagemagick | 8:6.9.7.4+dfsg-11+deb9u4 yamllint | ejabberd-contrib (>> 0.2015.08) | erlang-luerl | erlang-p1-oauth2 (>= 0.6.1) | erlang-p1-mysql (>= 1.0.1) | erlang-p1-pam (>= 1.0.0) | erlang-p1-pgsql (>= 1.1.0) | erlang-p1-sip (>= 1.0.8) | erlang-p1-stun (>= 1.0.7) | erlang-p1-sqlite3 (>= 1.1.5~dfsg0) | erlang-redis-client (>= 1.0.8) |
access_rules:
s2s:
- deny:
- algebra20.de
- dcgate.org.ua
- dmvu.de
- fritzler-avr.de
- germes.space
- invisible.place
- jabber.algebra20.de
- jabber.co.za
- jabber.dk
- jabber.linux.by
- jabber.nerdbase.de
- jabber.olc.cz
- jabber.org.by
- jabber.perm.ru
- jabber.westchat.de
- jclub.pw
- justnet.pl
- kdetalk.net
- km-net.pl
- librenet.uy
- librenet.uy
- lih.im
- onexp.dencom.nl
- plum.pink
- spiel-der-maechte.de
- sweetway.info
- ucc.asn.au
- vsjmaxx.co
- xjabber.org
- xjabber.pro
- yif.fi
- allow
s2s_default_policy: allow
s2s_access: s2s
2018-02-13 12:43:45 =ERROR REPORT====
** State machine <0.561.0> terminating
** Last event in was {xmlstreamelement,{xmlel,<<"auth">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>},{<<"mechanism">>,<<"EXTERNAL">>}],[{xmlcdata,<<"amFiYmVyLmZzZmUub3Jn">>}]}}
** When State == wait_for_feature_request
** Data == {state,{socket_state,fast_tls,{tlssock,#Port<0.6841>,#Port<0.6842>},<0.560.0>},ejabberd_socket,<<"6193705401366314485">>,s2s_shaper,true,true,true,false,[compression_none,compression_none,{dhfile,<<"/etc/ejabberd/dh2048.pem">>},{protocol_options,<<"no_tlsv1_1|no_tlsv1|no_sslv3|cipher_server_preference">>},{ciphers,<<"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256">>},{certfile,<<"/etc/ejabberd/ejabberd.pem">>}],<<"conference.myhost.net">>,false,<<"friend1">>,{dict,0,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]},{{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}}},#Ref<0.0.1.13827>}
** Reason for termination =
** {function_clause,[{acl,access_rules_matches,[[[{allow,['friend1','friend2','friend3']}],[{deny,['algebra20.de','dcgate.org.ua','dmvu.de','fritzler-avr.de','germes.space','invisible.place','jabber.algebra20.de','jabber.co.za','jabber.dk','jabber.linux.by','jabber.nerdbase.de','jabber.olc.cz','jabber.org.by','jabber.perm.ru','jabber.westchat.de','jclub.pw','justnet.pl','kdetalk.net','km-net.pl','librenet.uy','librenet.uy','lih.im','onexp.dencom.nl','plum.pink','spiel-der-maechte.de','sweetway.info','ucc.asn.au','vsjmaxx.co','xjabber.org','xjabber.pro','yif.fi']}],allow],#{usr => {<<>>,<<"friend1">>,<<>>}},<<>>,deny],[{file,"src/acl.erl"},{line,476}]},{ejabberd_s2s,allow_host1,2,[{file,"src/ejabberd_s2s.erl"},{line,551}]},{ejabberd_s2s,allow_host,2,[{file,"src/ejabberd_s2s.erl"},{line,531}]},{ejabberd_s2s_in,wait_for_feature_request,2,[{file,"src/ejabberd_s2s_in.erl"},{line,352}]},{p1_fsm,handle_msg,10,[{file,"src/p1_fsm.erl"},{line,582}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
2018-02-13 12:43:45 =CRASH REPORT====
crasher:
initial call: ejabberd_s2s_in:init/1
pid: <0.561.0>
registered_name: []
exception exit: {{function_clause,[{acl,access_rules_matches,[[[{allow,['friend1','friend2','friend3']}],[{deny,['algebra20.de','dcgate.org.ua','dmvu.de','fritzler-avr.de','germes.space','invisible.place','jabber.algebra20.de','jabber.co.za','jabber.dk','jabber.linux.by','jabber.nerdbase.de','jabber.olc.cz','jabber.org.by','jabber.perm.ru','jabber.westchat.de','jclub.pw','justnet.pl','kdetalk.net','km-net.pl','librenet.uy','librenet.uy','lih.im','onexp.dencom.nl','plum.pink','spiel-der-maechte.de','sweetway.info','ucc.asn.au','vsjmaxx.co','xjabber.org','xjabber.pro','yif.fi']}],allow],#{usr => {<<>>,<<"friend1">>,<<>>}},<<>>,deny],[{file,"src/acl.erl"},{line,476}]},{ejabberd_s2s,allow_host1,2,[{file,"src/ejabberd_s2s.erl"},{line,551}]},{ejabberd_s2s,allow_host,2,[{file,"src/ejabberd_s2s.erl"},{line,531}]},{ejabberd_s2s_in,wait_for_feature_request,2,[{file,"src/ejabberd_s2s_in.erl"},{line,352}]},{p1_fsm,handle_msg,10,[{file,"src/p1_fsm.erl"},{line,582}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]},[{p1_fsm,terminate,8,[{file,"src/p1_fsm.erl"},{line,760}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
ancestors: [ejabberd_s2s_in_sup,ejabberd_sup,<0.61.0>]
messages: []
links: [<0.347.0>,#Port<0.6842>]
dictionary: [{'$internal_queue_len',0}]
trap_exit: false
status: running
heap_size: 6772
stack_size: 27
reductions: 18122
neighbours:
2018-02-13 12:43:45 =SUPERVISOR REPORT====
Supervisor: {local,ejabberd_s2s_in_sup}
Context: child_terminated
Reason: {function_clause,[{acl,access_rules_matches,[[[{allow,['friend1','friend2','friend3']}],[{deny,['algebra20.de','dcgate.org.ua','dmvu.de','fritzler-avr.de','germes.space','invisible.place','jabber.algebra20.de','jabber.co.za','jabber.dk','jabber.linux.by','jabber.nerdbase.de','jabber.olc.cz','jabber.org.by','jabber.perm.ru','jabber.westchat.de','jclub.pw','justnet.pl','kdetalk.net','km-net.pl','librenet.uy','librenet.uy','lih.im','onexp.dencom.nl','plum.pink','spiel-der-maechte.de','sweetway.info','ucc.asn.au','vsjmaxx.co','xjabber.org','xjabber.pro','yif.fi']}],allow],#{usr => {<<>>,<<"friend1">>,<<>>}},<<>>,deny],[{file,"src/acl.erl"},{line,476}]},{ejabberd_s2s,allow_host1,2,[{file,"src/ejabberd_s2s.erl"},{line,551}]},{ejabberd_s2s,allow_host,2,[{file,"src/ejabberd_s2s.erl"},{line,531}]},{ejabberd_s2s_in,wait_for_feature_request,2,[{file,"src/ejabberd_s2s_in.erl"},{line,352}]},{p1_fsm,handle_msg,10,[{file,"src/p1_fsm.erl"},{line,582}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
Offender: [{pid,<0.561.0>},{id,undefined},{mfargs,{ejabberd_s2s_in,start_link,undefined}},{restart_type,temporary},{shutdown,1000},{child_type,worker}]
signature.asc
Description: This is a digitally signed message part
