[jadmin] Jabber Server Config

Randall Severy severy at cyberteams.com
Tue Mar 13 09:21:07 CST 2001

>Brad.Wilson at sita.int wrote:
>Could you possibly help me with the below problem?  I have the jabber server
>running on a linux server with a single IP address and would like to 
>configure the other services. Does the service hostname need to be 
>assigned to a different > IP address?
>  20010309T18:56:24: [alert] (conference.gcsc.nam.atl.sita.int): hostname maps
>  back to ourselves!

      I'm running into the exact same problem that Brad is seeing, and I 
have a similar server configuration.  I have local JUD and conference 
modules set up on my Jabber server, and attempts to connect to either one 
results in the following errors:

20010313T15:12:06: [alert] (conference.cyberteams.com): hostname maps back 
to ourselves!
20010313T15:12:06: [notice] (conference.cyberteams.com): failed to 
establish connection
20010313T15:12:06: [notice] (conference.cyberteams.com): bouncing a packet 
to conference.cyberteams.com from severy at jabber.cyberteams.com/Work: Server 
Connect Failed
20010313T15:13:16: [alert] (users.cyberteams.com): hostname maps back to 
20010313T15:13:16: [notice] (users.cyberteams.com): failed to establish 
20010313T15:13:16: [notice] (users.cyberteams.com): bouncing a packet to 
users.cyberteams.com from severy at jabber.cyberteams.com/Work: Server Connect 

      The Jabber server is set up on jabber.cyberteams.com (which has the 
same IP address as cyberteams.com (  I have set up DNS 
entries for users.cyberteams.com and conference.cyberteams.com that point 
to that same IP address.  I don't have DNS entries for icq.cyberteams.com, 
aim.cyberteams.com, msn.cyberteams.com, or yahoo.cyberteams.com, and yet 
those transports work just fine.  I can connect just fine to 
conference.jabber.org and users.jabber.org, but not to the same services on 
my own server.  My complete config file is below.

       Does anyone have any ideas about how to solve this problem?


Randall Severy


   This is the Jabber server configuration file. The file is
   broken into different sections based on the services being
   managed by jabberd, the server daemon. Most of the important
   sections have comments and are easy to modify. You can find
   full instructions in the server howto, which is available at
   http://docs.jabber.org/. Note that when you see a tag like
   "jabberd:cmdline", it's automatically replaced on startup
   with the command line flag passed in to jabberd. This enables
   you to override parameters set in this configuration file if
   necessary or desired. Also note as you comment things in and
   out that jabberd does not like comments within comments, so
   be careful with your XML. :)

   The following <service/> section is for the session manager,
   the most important component within the server. This section
   contains the following types of information:

     * the server's hostname
     * other basic server information
     * the location of the session log file
     * email addresses for server administrators
     * the location of the server that provides update information
     * registration instructions for new users
     * a welcome message for new users
     * a list of agents with which users can register
     * load rules for the modules within the session manager


   <service id="sessions">

     Change hostname below to something other than "localhost",
     i.e., to the hostname or IP address of your Jabber server.
     Multiple <host/> entries are allowed - each one is for a
     separate virtual server. Note that each host entry must
     be on one line, the server doesn't like it otherwise! :)


     This is the custom configuration section for the
     Jabber session manager, a.k.a. "JSM".

     <jsm xmlns="jabber:config:jsm">

       The <filter/> section below determines settings
       for mod_filter, a server-side module built into
       JSM that enables users to set delivery rules for
       messages they receive (not yet supported by all
       clients. The <allow/> subsection specifies which
       conditions and actions to enable. High-level
       descriptions of each setting can be found below
       (see docs.jabber.org for full details):

       * <default/> - a user cannot delete this one, it's
         the default rule for delivering messages
       * <max_size/> - the maximum number of rules in a
         user's rule set (we don't want to overdo it!)
       * conditions...
         * <ns/> - matches the query xmlns attrib on an iq packet
         * <unavailable/> - matches when user is unavailable
         * <from/> - matches the sender of the message
         * <resource/> - matches the receiver's resource
         * <subject/> - matches the subject of the message
         * <body/> - matches the body of the message
         * <show/> - matches the show tag on the receiver's presence
         * <type/> - matches the type of the message
         * <roster/> - matches if the sender is in your roster
         * <group/> - matches if the sender is in the specified group
       * actions...
         * <error/> - replies with an error
         * <offline/> - stores the messages offline
         * <forward/> - forwards the message to another jid
         * <reply/> - sends a reply to the sender of the message
         * <continue/> - continues processing of the rules
         * <settype/> - changes the type of the message

       <!-- The server vCard -->

         <FN>CyberTeams Jabber Server</FN>
         <DESC>An internal Jabber Server for CyberTeams team members</DESC>

       Registration instructions and required fields. The
       notify attribute will send the server administrator(s)
       a message after each valid registration if it is set
       to "yes".

       <register notify="yes">
         <instructions>Choose a username and password to register with this 

       A welcome note that is sent to every new user who registers
       with your server. Comment it out to disable this function.

         <body>Welcome to the Jabber server at CyberTeams -- we hope you 
enjoy this service! For information about how to use Jabber, visit the 
Jabber User's Guide at http://docs.jabber.org/</body>

       IDs with admin access - these people will receive admin
       messages (any message to="yourhostname" is an admin
       message).  These addresses must be local ids, they cannot
       be remote addresses.

       Note that they can also send announcements to all
       users of the server, or to all online users. To use
       the announcement feature, you need to send raw xml and be
       logged in as one of the admin users. Here is the syntax
       for sending an announcement to online users:

         <message to="yourhostname/announce/online">
           <body>announcement here</body>

         <message to="yourhostname/announce/motd">
           <body>message (of the day) that is sent only once to all users 
that are logged in and additionally to new ones as they log in</body>

       Sending to /announce/motd/delete will remove any existing
       motd, and to /announce/motd/update will only update the motd
       without re-announcing to all logged in users.

       The <reply> will be the message that is automatically
       sent in response to any admin messages.

         <read>severy at jabber.cyberteams.com</read>
         <write>severy at jabber.cyberteams.com</write>
           <subject>Auto Reply</subject>
           <body>This is a special administrative address.  Your message 
was received and forwarded to server administrators.</body>

       This is the resource that checks for updated versions
       of the Jabber server software. Note that you don't lose
       any functionality if you comment this out. Removing the
       <update/> config is especially a good strategy if your
       server is behind a firewall. If you want to use this
       feature, change 'localhost' to the hostname or IP address
       of your server, making sure that it is the same as your
       entry for <host/> above.


       This enables the server to automatically update the
       user directory when a vcard is edited.  The update is
       only sent to the first listed jud service below.  It is
       safe to remove this flag if you do not want any users
       automatically added to the directory.


       The <browse/> section identifies the transports and other
       services that are available from this server. Note that each
       entity identified here must exist elsewhere or be further
       defined in its own <service/> section below. These services
       will appear in the user interface of Jabber clients that
       connect to your server.


         This is the default agent for the master Jabber User
         Directory, a.k.a. "JUD", which is located at jabber.org.
         You can add separate <service/> sections for additional
         directories, e.g., one for a company intranet.

         <service type="jud" jid="users.jabber.org" name="Jabber User 

         <service type="jud" jid="users.cyberteams.com" name="CyberTeams 
User Directory">

         <conference type="public" jid="conference.cyberteams.com" 

         <service type="icq" jid="icq.cyberteams.com" name="ICQ Transport">

         <service type="msn" jid="msn.cyberteams.com" name="MSN Transport">

         <service type="yahoo" jid="yahoo.cyberteams.com" name="Yahoo 

         <service type="aim" jid="aim.cyberteams.com" name="AIM Transport">



     The following section dynamically loads the individual
     modules that make up the session manager. Remove or
     comment out modules to disable them. Note that the order
     of modules is important, since packets are delivered
     based on the following order!!

     <load main="jsm">


   <!-- OK, we've finished defining the Jabber Session Manager. -->

   <!-- The <xdb/> component handles all data storage, using the 
filesystem. -->

   <xdb id="xdb">
     <xdb_file xmlns="jabber:config:xdb_file">

   The following service manages incoming client socket connections.
   There are several items you can set here to optimize performance:

     * authtime - default is unlimited, but you can set this to
       limit the amount of time allowed for authentication to be
       completed, e.g., <authtime>10</authtime> for 10 seconds

     * karma - this is an input/output rate limiting system that
       the Jabber team came up with to prevent bandwidth hogging.
       For details about karma, read the io section at the bottom
       and/or see docs.jabber.org. These are the low settings and
       apply per connection/socket and can be changed as desired.


   <service id="c2s">
     <pthcsock xmlns='jabber:config:pth-csock'>
       Use these to listen on particular addresses and/or ports.
       <ip port="5222"></ip>
       <ip port="5222"/>
       The <ssl/> tag acts just like the <ip/> tag.  Except SSL is used
       on the ports and ips specified.  You must specify an IP here, or the
       connections will fail.

       <ssl port='5223'></ip>
       <ssl port='5224'></ip>

   This is the default server error logging component,
   which copies to a file and to STDERR.

   <log id='elogger'>
     <format>%d: [%t] (%h): %s</format>

   This is the default server record logging component,
   which logs general statistical/tracking data.

   <log id='rlogger'>
     <format>%d %h %s</format>

   <!-- The following two services are for handling server-to-server 
traffic. -->

   <!-- External asychronous DNS resolver -->

   <service id="dnsrv">
     <dnsrv xmlns="jabber:config:dnsrv">
         <resend service="_jabber._tcp">s2s</resend> <!-- for supporting 
SRV records -->

   The following 's2s' config handles server connections and
   dialback hostname verification.  The <legacy/> element is
   here to enable communication with old 1.0 servers. The
   karma settings are a little higher here to handle the
   higher traffic of server-to-server connections (read
   the io section below for more details, medium settings).

   <service id="s2s">
     <dialback xmlns='jabber:config:dialback'>
       <!-- Use these to listen on particular addresses and/or ports.
       <ip port="7000"/>
       <ip port="5269"></ip>
       <ip port="5269"/>

   If you identified additional agents in the main <service/>
   section (see examples above), you'll need to define each
   of them here using a separate <service/> section for each
   <agent/> you identified. Note that the <agent/> sections
   determine what gets shown to clients that connect to your
   server, whereas the following <service/> sections define
   these services within the server itself. The following are
   examples only, you will need to create/modify them to get
   them working on your Jabber server. See the README files
   for each agent and/or the server howto for further

   <service id="jud">
     <jud xmlns="jabber:config:jud">
         <FN>User Directory on cyberteams.com</FN>
         <DESC>This service provides a user directory service.</DESC>

   <service id="conference">
     <conference xmlns="jabber:config:conference">
         <FN>Conferencing Service</FN>
         <DESC>This service is for private chatrooms.</DESC>
         <join> has joined</join>
         <leave> has left</leave>
         <rename> is now known as </rename>

   <service id="icq.cyberteams.com">
     <icqtrans xmlns="jabber:config:icqtrans">
       <instructions>Please enter your ICQ number (in the "username" field),
         nickname, and password.  Leave the "username" field blank to create
         a new ICQ number.</instructions>
       <search>Search for ICQ users</search>
         <FN>ICQ Transport</FN>
         <DESC>This is the ICQ Transport</DESC>

   <service id="msn.cyberteams.com">
     <msntrans xmlns="jabber:config:msntrans">
       <instructions>Enter your MSN Messenger account and password.  Example:
         user1 at hotmail.com.  Nickname is optional.</instructions>
         <FN>MSN Transport</FN>
         <DESC>This is the MSN Transport</DESC>

   <service id="yahoo.cyberteams.com">

   <service id="aim.cyberteams.com">
     <aimtrans xmlns="jabber:config:aimtrans">
         <FN>AIM Transport</FN>
         <DESC>This is the AIM Transport</DESC>

   <!-- we're commenting these out, of course :)

   <service id="irc">

   end of <service/> examples -->

   The following <io/> config initializes the top-level
   I/O, otherwise known as MIO (Managed Input/Output).


     <!-- Set the default karma for *all* sockets -->
     <!-- definition of terms:
         Avg. Throughput:    The ammount of bytes you can send every second 
without incuring any penalty
         Burst allowed to:   The maximum you can send in 2 seconds without 
incuring any penalty
         max sustained rate: if you send data as fast as you can, you will 
hit penalty, and will not be able to send for 10 seconds,
                             this is the average rate you can dump data 
when you are dumping as much as you can, as fast as you can.
         seconds to recover from burst: The ammount of time it will take to 
reach Avg. Throughput capability, after sending max burst
                                        of data
         penalty length:     Penalty will last abs(penalty) * Heartbeat 
seconds  so a penalty of -5 and heartbeat of 2 will last 10 sec.
                             NOTE: penalty CANNOT be less than -100.. 
otherwise strange things might happen.
     <!-- Example of Low Karma Limits
         Avg. throughput:  1k-2k/s
         burst allowed to: 5.5k/s
         max sustained rate: 485b/s
         seconds to recover from burst: 20
         penalty length:   12 seconds

     <!-- Example of Medium Karma Limits
         Avg. throughput:  5k-10k/s
         burst allowed to: 125.5k/s
         max sustained rate: 12.6k/s
         seconds to recover from burst: 25
         penalty length:   10 seconds

     <!-- Example of High Karma Limits
         Avg. throughput:  5k-10k/s
         burst allowed to: 206k/s
         max Sustained rate: 34.3k/s
         seconds to recover from burst: 21
         penalty length:   6 seconds

     Set rate limits to monitor the number of connection
     attempts from a single IP, any more than [points]
     within [time] will engage the limit.  This setting
     applies to all incoming connections to any service,
     unless otherwise overridden by that service.

     <rate points="5" time="25"/>

     The following section initializes SSL for top-level I/O.
     This works only when the server is compiled with openssl!
       <key ip=''>/path/to/cert_and_key.pem</key>
       <key ip=''>/path/to/other/cert_and_key.pem</key>

     The following section is used to allow or deny
     communications from specified IP networks or
     addressses. If there is no <allow/> section,
     then *all* IPs will be allowed to connect. If
     you allow one block, then only that block may
     connect. Note that <allow/> is checked before
     <deny/>, so if a specific address is allowed
     but the network for that address is denied,
     then that address will still be denied.


   This specifies the file to store the pid of the process in.


Randall Severy    severy at cyberteams.com    http://www.cyberteams.com/severy
CyberTeams, Inc.    info at cyberteams.com    http://www.cyberteams.com
Frederick, MD           "Building effective teams in cyberspace"
(301) 682-8885       Maintain your web site through your browser with
1-888-832-5575   WebSite Director Express!  Now available from CyberTeams!

More information about the JAdmin mailing list