Hello i've successfully installed ejabberd in a win2k3 server with the msn trasport gateway.
used:
ejabberd-1.1.3
python 2.5
Twisted network engine 2.5.0 for python 2.5
pycrypto-2.0.1 for py2.5
pyOpenSSL-0.6 for py2.5
pymsnt-0.11.2
PIL-1.1.6 for py 2.5 (picture library )
i have 1 virtual host.
this server is intended to be used in a local network, to restrict access to other msn contacts, and only allow those that are related to work.
all the people have their accounts as
all of them are logging into the the msn service with their passport account, so they can use w/e domain they registered, in this case
i can see the transport service on exodus and psi.
i can login with the admin account no problem, but i still see all of the passport users.
im unable to use the acl's effectively for the msn transport
(real domain names were replaced by virtualhost.com and localhost.com because of co. disclosure reasons).
Thank you in advanced.
-prozaker
here is my cfg.
% $Id: $
override_global.
override_local.
override_acls.
% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "admin"}}.
{acl, admin, {user, "admin", "virtualhost.com"}}.
{acl, msnusers, {user, "test1", "virtualhost.com"}}.
{acl, msnusers, {user, "adan", "virtualhost.com"}}.
{acl, msnusers, {user, "jorgem", "virtualhost.com"}}.
{access, msnacc, [{allow, msnusers},{deny, all}]}.
{access, c2s, [{allow, msnusers},{deny, all}]}.
{acl, localhost, {server, "virtualhost.com"}}.
{acl, localhost, {server, "msn.win.localhost.homeip.net"}}.
{acl, localhost, {server, "homeip.net"}}.
{access, localhost, [{deny, all}]}.
% Blocked users:
{acl, blocked, {user, "test"}}.
% Local users:
{acl, local, {user_regexp, ""}}.
% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.
% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
% Every username can be registered via in-band registration:
% You could replace {allow, all} with {deny, all} to prevent user from using
% in-band registration
{access, register, [{allow, all}]}.
% After successful registration user will get message with following subject
% and body:
%{welcome_message,
% {"Welcome!",
% "Welcome to Instant Messaging server localhost. "
% "For information about ejabberd visit http://www.process-one.net/"}}.
% Replace them with 'none' if you don't want to send such message:
{welcome_message, "welcome to this ejabberd server, with msn transport"}.
% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost.homeip.net",
% "admin2@localhost.homeip.net"]}.
% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
% This rule allows access only for local users:
{access, local, [{allow, local}]}.
% Authentication method. If you want to use internal user base, then use
% this line:
{auth_method, internal}.
% For LDAP authentication use these lines instead of above one:
%{auth_method, ldap}.
%{ldap_servers, ["localhost.homeip.net"]}. % List of LDAP servers
%{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
%{ldap_base, "dc=example,dc=com"}. % Search base of LDAP directory
%{ldap_rootdn, "dc=example,dc=com"}. % LDAP manager
%{ldap_password, "******"}. % Password to LDAP manager
% For authentication via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentication/script"}.
% For authentication via ODBC use the following:
%{auth_method, odbc}.
%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
% Host name:
{hosts, ["localhost.homeip.net","virtualhost.com"]}.
%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.
%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon|login_anon|both
%% allow_multiple_connections: true|false
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections, false},
%% {anonymous_protocol, sasl_anon}]}.
%% To use both anonymous and internal authentication:
%%{host_config, "public.example.org", [{auth_method, [anonymous, internal]}]}.
% Default language for server messages
% TODO: Use installer selection
{language, "en"}.
% Listened ports:
{listen, [
{5347, ejabberd_service, [{access, msnacc}, {host, "msn.win.localhost.homeip.net",
[{password, "secret"}]}]},
{5222, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, {shaper, c2s_shaper}]},
%% Use this line to enable SSL:
%%{5223, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, tls, {certfile, "C:\Program Files\ejabberd-1.1.3/conf/server.pem"}]},
%%
%% Use those lines instead for TLS support:
%%{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}, starttls, {certfile, "C:\Program Files\ejabberd-1.1.3/conf/server.pem"}]},
%%{5223, ejabberd_c2s, [{access, c2s}, tls, {certfile, "C:\Program Files\ejabberd-1.1.3/conf/server.pem"}]},
%% Remove this line if you want to prevent s2s connections:
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}, {max_stanza_size, 131072}]},
%% remove http_poll to remove support for http polling
%% remove web_admin to disable admin interface:
{5280, ejabberd_http, [http_poll, web_admin]}
%% This is an example on how to define an external service/transport:
%%{8888, ejabberd_service, [{access, all},
%% {hosts, ["icq.localhost.homeip.net", "sms.localhost.homeip.net"],
%% [{password, "secret"}]}]}
]}.
% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.
% Used modules:
{modules,
[
{mod_shared_roster, []},
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_adhoc, []},
{mod_configure, []}, % Depends on mod_adhoc
{mod_configure2, []},
{mod_disco, []},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_announce, [{access, announce}]}, % Depends on mod_adhoc
{mod_echo, [{host, "echo.localhost.homeip.net"}]},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]},
% {mod_muc_log, []},
% {mod_shared_roster, []},
{mod_pubsub, [{access_createnode, pubsub_createnode}]},
{mod_time, []},
{mod_last, []},
% {mod_xmlrpc,[{port, 4560},{timeout, 5000}]},
{mod_version, []}
]}.
% Local Variables:
% mode: erlang
% End:
As an update
As an update
i tried mod_filter to see if it will work with this, but unfortunately i wasn't filtering any user.
its been almost a week without any kind of response, but it seems to me that this would be a common issue, and easily resolvable
can someone help me either with the acl's or with mod_filter to block certain msn users from being able to speak with the company's ejabberd users?
on the ejabberd log im getting several errors like this.
=ERROR REPORT==== 2007-09-05 17:04:23 ===E(<0.328.0>:ejabberd_hooks:187): {undef,
[{ejabberd_logger,
debug_msg,
[mod_filter,
32,
"filtering packet...",
[]]},
{mod_filter,filter_packet,1},
{ejabberd_hooks,run_fold1,4},
{ejabberd_router,do_route,3},
{ejabberd_router,route,3},
{gen_iq_handler,handle_info,2},
{gen_server,handle_msg,6},
{proc_lib,init_p,5}]}
running hook: {filter_packet,[]}
Try removing the DEBUG code
=ERROR REPORT==== 2007-09-05 17:04:23 ===E(<0.328.0>:ejabberd_hooks:187): {undef,
[{ejabberd_logger,
debug_msg,
[mod_filter,
32,
"filtering packet...",
[]]},
{mod_filter,filter_packet,1},
...
running hook: {filter_packet,[]}
For some reason erlang complains that a function in ejabberd_logger can't be found. The easy solution is to edit mod_filter.erl and remove this line:
?DEBUG("filtering packet...", []),I didnt have an opportunity
I didnt have an opportunity to try that, i thank you for your help tho.
I moved to another XMPP server which i think will better serve my needs.
ejabberd's community seems great an all but, it doesnt seem as active.
"ejabberd community" is now
"ejabberd community" is now badlop only. So it's not surprising that it looks dead.
Drupal statistics
"ejabberd community" is now badlop only. So it's not surprising that it looks dead.
Drupal provides some statistics about which users post more comments:
For All Time:
For the past year:
And for the last 6, 4, 3, 2,
And for the last 6, 4, 3, 2, 1 months?
Last month stats, and overall analysis
And for the last 6, 4, 3, 2, 1 months?
The only additional information I could get is this.
For the past month:
I think the trend is quite clear: in the old days there were 3 people that answered all questions: Badlop, Sander, and Teo. In the last year both Sander and Teo has been completely inactive: no posts answering technical questions, only offtopic comments (like in this thread). While the other historic member (Badlop) has maintained (or increased a little) his comment ratio (and consequently the time invested in the project) to try to keep forum threads with at least an answer, as much as possible.
Another interesting change in the last year or so is that other people have started to answer questions. Looking at forum stats: Legoscia, Evadim, Mremond, D.k.brazz, Xram/Zinid, Bbrazell, K0NCTANT1N...
This trend is also visible in the mailing list and the chatroom: a lot of questions are nowadays answered by people that got involved in the last months, not by the people that was already present years ago. Unfortunately I don't know how to get statistics out of mailing list and chatroom logs.
"ejabberd community" is now badlop only. So it's not surprising that it looks dead.
I have several comments for your analysis:
BTW, I think the intrinsic attractiveness that a software project may have decreases greatly when it doesn't get regular releases. And ejabberd doesn't get regular releases currently. The last feature release was a year ago. And I'm convinced this hurts ejabberd overall health. Not having a feature release reduces the number of support questions, but also reduces the interest of people that answer questions. Do you agree with me?
It's probably possible to get statistics from other time periods modifying Drupal source code. Are you interested in it? What interest do you have in those statistics?
prozaker wrote: this server
this server is intended to be used in a local network, to restrict access to other msn contacts, and only allow those that are related to work.
all the people have their accounts as
all of them are logging into the the msn service with their passport account, so they can use w/e domain they registered, in this case
i can see the transport service on exodus and psi.
i can login with the admin account no problem, but i still see all of the passport users.
ACL and ACCESS in ejabberd_service is used to restrict which Jabber accounts can use the service. The fact that the service is a transport is not an ejabberd duty. If you want the transport to only show certain MSN contacts, it's a feature request in the transport.