S2S Whitelist Question

I’'m wondering about the semantics of whitelists in an S2S context.

I have two servers, A and B, which are in “more secure” and “less secure” domains respectively. I want A to be able to initiate an S2S connection to B and route XMPP traffic there but I don’‘t want B to be able to reciprocate. I’‘ve setup certificates on both sides and and disabled dialback on both A and B. I tested the configuration by sending messages from x@A to y@B and vice versa and it works fine. Unfortunately, as soon as I create a whitelist for A that doesn’'t include B - which I thought would only prevent messages from y@B to x@A - I can no longer send messages from x@A to y@B.

Have I misunderstood the meaning of whitelists or is this a bug? If it’‘s not the latter I’'ll have to write a plugin to prevent B from sending messages to non-B users.


how can one disable the s2s dialback? I did never hear about this option.


how can one disable the s2s dialback? I did never hear about this option.

On the Server tab, click Security Settings. Under Server Connection Security click the Custom radio button then click the Server Dialback: Not Available radio button. I think clicking the Required radio button has the same effect.

It turns out that I answered my own question by reading the source. From the comments in the source it appears that whitelists control not only who you accept connections from but also who you may make connections to.

I think they would be more useful if they only controlled what servers the server accepts connections from since then you could use them to satisfy the corporate security goons, I mean professionals, by preventing traffic initiation from low security domains into higher security domains. As it stands I’'ll need to create a plugin to accomplish my goal.

… WkH