From 9d4b4344b49de3c474302e8316576b759249c409 Mon Sep 17 00:00:00 2001 From: genius3000 Date: Thu, 27 Jul 2017 03:05:44 -0600 Subject: Inform the client when a SASL message cannot be sent When SASL is properly configured with a 'target' server, we are able to inform the client when the message fails to send. Currently if a target is configured and it is offline, no response is sent. This can cause some clients to time out while waiting for a response. If a target isn't configured, behaviour will not change with this commit. The default of '*' will still send to all servers. Updated example config with 'target' variable. --- docs/conf/modules.conf.example | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs') diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index b39ee5d2b..8e193904d 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1591,6 +1591,13 @@ # Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded # for SASL to work. # +# Define the following to your services server name to improve security +# by ensuring the SASL messages are only sent to the services server +# and not to all connected servers. This prevents a rogue server from +# capturing SASL messages. Having this defined can also improve client +# connections when your services are down, as the client will be told +# that SASL failed rather than just timing out on registration. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, -- cgit v1.2.3