Blacklisted s2s domain still consumes outbound available threads

Description

While Openfire will properly block blacklisted domains from establishing outbound s2s connections, this block happens after a thread has been allocated. So when naughty folks attempt to send lots of packets to a blacklisted domain, <theory> Openfire can exhaust its available pool of outbound threads and cause valid traffic to hang awaiting resources to become available</theory>.

This theory appears to be happening on open_chat as when we notice MUC latencies, the server is logging lots of blocked s2s connections at the time.

Environment

None
Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Dave Cridland

Reporter

Daryl Herzmann