|
Version 6.4 |
|
| |||||||||||||||||||||
Extensible Messaging and Presence Protocol (XMPP)The CommuniGate Pro XMPP Module implements the XMPP protocol functionality. It uses one
TCP Listener for both client-server and server-server connections, distinguishing them
not by the port number the remote side connects to, but by the XML data transferred.
When a client-server connection is established, the XMPP module authenticates a user, and creates a session for the user Account. It then sends the Real-Time Signals on that Account behalf. When a server-server connection is established, the XMPP module receives XMPP requests, converts them into internal Real-Time Signals, and submits them to the Real-Time component for processing and further delivery. It also receives the Signals directed to it by the Real-Time component and delivers them to remote XMPP systems. The XMPP Module maintains a separate queue for each target and source domain, i.e. there are different queues
for requests to the target.dom Domain coming from addresses in the source1.dom and source2.dom domains.
The XMPP message requests are sent as MESSAGE Real-Time requests,
the XMPP presence requests are sent as SUBSCRIBE and NOTIFY Real-Time requests
(using the presence Event package), the XMPP iq requests are sent as INFO Real-Time requests.
XMPP Server SettingsUse the WebAdmin Interface to configure the XMPP module. Open the Real-Time pages page in the Settings realm, then open the XMPP pages.
Use the Log Level setting to specify what kind of information the XMPP module should put in the Server Log. Usually you should use the Major (message transfer reports) or Problems (message transfer and non-fatal errors) levels. But when you experience problems with the XMPP module, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well. When the problem is solved, set the Log Level setting to its regular value, otherwise your System Log files will grow in size very quickly. The XMPP server records in the System Log are marked with the XMPPI tag.
System Log records for outgoing server-to-server XMPP connections are marked with the XMPPO tag. When you specify a non-zero value for the Channels
setting, the XMPP module creates a TCP listener,
and the module starts to accept XMPP connections from client applications and remote servers.
By default, the XMPP module Listener accepts clear text connections on the
TCP port 5222 ("client port") and 5269 ("server port") and secure TLS connections on the TCP port 5223 ("secure client port").
The XMPP module supports the starttls command; it allows client applications and remote servers to establish a connection in the clear text mode and then turn it into a secure connection. The XMPP module supports all available SASL authentication methods. Additionally,
the module supports the legacy Jabber authentication - plain text "password" and "digest".
XMPP Client SettingsUse the WebAdmin Interface to configure the XMPP module. Open the Real-Time pages page in the Settings realm, then open the XMPP pages.
Secure (encrypted) RelayingYou can configure your CommuniGate Pro Server XMPP module to use secure (encrypted) connections when relaying IM and presence data to certain remote sites. This feature is especially useful if your company has several offices and the traffic between the offices is sent via the public Internet. You should simply list the domain names that should receive IM/Presence information from your server via secure connections: The specified names can contain a wildcard - the asterisk (*) symbol. When the CommuniGate Pro XMPP module connects to a relay of one of the listed domains, it checks if that relay supports the starttls protocol command. Then the XMPP module uses this command to initiate a secure connection with that relay. The CommuniGate Pro XMPP module checks the validity of the remote relay Certificate using
the specified set of the Trusted Certificates.
To solve this problem, you should explicitly route all traffic to the company.dom domain via the server.company.dom relay, using the following Router record: NoRelay:company.dom = company.dom@server.company.dom._via
Note: this feature ensures that information sent from your server to the remote relay
is transferred securely. To provide complete end-to-end security, you should verify that:
If the domain is listed in the Send Secure To Domains list, and the receiving server does not support the starttls command, or the remote server certificate cannot be validated, or the remote server certificate Subject does not match the domain or domain relay name, all Signals sent to that domain are rejected, ensuring that no data is sent via a potentially insecure link.
Monitoring XMPP ActivityThe Monitors realm of the WebAdmin Interface allows Server Administrators to monitor the XMPP module activity. Click the Real-time link in the Monitors realm to open the XMPP Monitoring page. This page has the same format as the IMAP Monitoring WebAdmin page. RegistrationThe XMPP module implements the XEP-0077 extension (registration and password changes). The Auto Signup option allows users to 'register' (to create Accounts for themselves). If the Allow to Modify Password option is enabled, the users can modify their passwords themselves. Chat RoomsThe XEP-0045 extension (Multi-User Chat) is implemented outside the XMPP module itself, using the CG/PL chatroom Named Task. The Named Task is started automatically when the first user tries to access it. The Named Task receives all Instant Message and Presence requests sent to it from various clients (XMPP, XIMSS, other Tasks, etc.), and distributes these Signal requests to the room participants. ComponentsThe XMPP module implements the XEP-0114 extension (Jabber Component Protocol).
It allows "trusted components" to connect to the CommuniGate Pro XMPP module. Usually these
"trusted components" are external servers acting as gateways to some other IM/Presence networks.
Use the WebAdmin Interface to open the Receiving page in of the XMPP Module Settings.
If, for example, a "trsuted component" has connected to the XMPP Module to serve the icq.company.dom domain, then all Signal requests directed to any address in the icq.company.dom domain is accepted with the XMPP module, and it delivers the Signal request to this "trusted component" (which is likely to be a gateway to the ICQ network). Supplementary Discovery ItemsThe XMPP module allows you to specify additional XMPP entities (domains, JIDs, resources) that
are returned when the 'item discovery' request is sent to the Server or to any of the Server Domains.
These items are returned together with the list of all chatrooms and registered Components.
You may want to use this feature to add the commonly-used external Gateways and Chatrooms to the 'item discovery' lists retrieved with the XMPP and XIMSS clients. Use the WebAdmin Interface to open the Receiving page in of the XMPP Module Settings.
To remove an item, delete its name, and click the Update button. |