XMPP Service Operators - 2018-01-12


  1. advisory

    I'm getting desperately to the point where I am to bring down these three fucking people anyone want to help me out give their email addresses names and just about everything I have on them including their IP address supposed to be my employer in your fucking me on a 7100 reimbursement

  2. edhelas

    got a wave of spam from swissjabber.org

  3. Ge0rG

    I get spam from silvershop.shop today.

  4. SouL

    What do they sell? Silver?

  5. Ge0rG

    Apparently some kind of Apache2 Debian Default Page

  6. Ge0rG

    Ah, now there is one from username7123@swissjabber.de

  7. edhelas

    sj.ms

  8. mrDoctorWho

    edhelas: is that a spam report?

  9. mrDoctorWho

    I have contacts with sj.ms administration

  10. mrDoctorWho

    Probably I can do something about it

  11. Ge0rG

    mrDoctorWho: I have 2900 JIDs on @sj.ms that sent spam to yax.im.

  12. mrDoctorWho

    Ge0rG: could you paste them somewhere please?

  13. mrDoctorWho

    > Apparently some kind of Apache2 Debian Default Page Is it any good? Worth buying?

  14. Maranda

    I blocked incoming s2s from swissjabber.ch from an eon

  15. Ge0rG

    One day, you'll end up being able to talk with yourself only

  16. Maranda

    That's not a bad thing

  17. Ge0rG

    No, but you don't need XMPP for that.

  18. Maranda

    Expecially if everything that comes from a server is only russian spam shit.

  19. Ge0rG

    russian spam shits comes from many servers.

  20. Maranda

    One of those is swissjabber.ch

  21. Holger

    I think the jabber.at guys contacted them and swissjabber was responsive but somewhat reluctant to actually take any action.

  22. Ge0rG

    Maranda: would you sign the Anti-Spam Manifesto? https://gist.github.com/ge0rg/2e4accf6950821ca45f743fdf587c08e

  23. Maranda

    I think I'll first or laters code a module that on incoming s2s checks if the remote server has IBR enabled and if so bans it.

  24. Maranda

    🏋️‍♂️

  25. Maranda

    Ge0rG gimme a pen.

  26. mathieui

    edhelas, reminder to sign ^

  27. Maranda

    Ge0rG, more than xep-157 they should support xep-268

  28. Ge0rG

    Maranda: "Deferred". Is there any impl?

  29. Maranda

    Even because you can get contact information from other sources

  30. Ge0rG

    Maranda: is there tooling for 268?

  31. Maranda

    Yes metronome supports it, and there should be a plugin for prosody but i didn't update it after I switched so I have no idea if it's broken or not

  32. Zash

    That one always strikes me as insane overkill for most things

  33. Zash

    To the point where I'd have no idea how to express "I got spam" in it

  34. Maranda

    You just write it

  35. Maranda

    (in the adhoc cmd form)

  36. Zash

    The spec, IODEF

  37. Link Mauve

    mathieui, did we sign it?

  38. mathieui

    Link Mauve, no, as you see, only Ge0rG signed it

  39. Maranda

    That's covered by the server you dont need to deal with iodef

  40. mathieui

    but we will

  41. Link Mauve

    We still need to do something for point 3.

  42. Maranda

    But anyways food

  43. Link Mauve

    I suggest upgrading to trunk.

  44. Maranda

    And you dont need to implement all of the iodef set either iirc (I didn't) just what's useful to you

  45. Link Mauve

    Maranda, otherwise, we will never disable IBR until there is a standard and credible alternative.

  46. Holger

    Same here :-)

  47. Maranda

    As long as I don't get spam from you, I couldn't care less upto you, otherwise just be aware that whenever I do I'll (figurately) cut you to pieces 😈🤣

  48. nuron

    hey there, is here anyone who is german or understand german? If not pleas excuse my bad englisch...

  49. nuron

    I wanted to setup my own prosody Server. It looks good so far, but when I try to connect with the server there where an error with the xep-0198 Stream Management... Can someone help me?

  50. nuron

    <!-- Out Fr 12 Jan 2018 16:29:44 CET --> <?xml version='1.0'?> <stream:stream xmlns="jabber:client" to="<domain>" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="de" > <!-- In Fr 12 Jan 2018 16:29:44 CET --> <?xml version='1.0'?> <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='<domain>' id='fe7c8f97-3a3b-471e-abb1-e13a9c70b3e5' version='1.0' xmlns='jabber:client'> <stream:error> <undefined-condition xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>No stream features to proceed with</text> </stream:error> </stream:stream> that is the error...

  51. Zash

    Is that before TLS?

  52. nuron

    What do you mean? TLS is aktivatet on the server...

  53. Martin

    Zash: it's non standard ports due to install in userspace on the shared hoster you like so much. 😃

  54. Zash

    nuron: How?

  55. nuron

    Oh jes, I forgot to say... I'm running prosody on uberspace.de

  56. nuron

    I have an certificate from letsencrypt...

  57. nuron

    Or what do you mean?

  58. Zash

    nuron: That error is unrelated to stream management. It can either happen because TLS is misconfigured and can't be enabled, or because authentication is misconfigured.

  59. nuron

    I think the password should be right.. And how can I misconfigure TLS?

  60. Zash

    nuron: Thing is, it's not possible to tell from the XML log at what point in the connection process it is.

  61. nuron

    Okay

  62. zuglufttier

    nuron, disable TLS in the client altogether.

  63. zuglufttier

    Or the server.

  64. nuron

    how can i do that in gajim? i only found a box where i can tick when i will be warned, if the connection is witouht tls

  65. Zash

    Look at server debug logs too

  66. nuron

    hmm on the server i can do it in the config?

  67. zuglufttier

    https://prosody.im/doc/logging

  68. nuron

    ohhh.. thats embarrassing... in the path to the tls certificate is an error... just wait a second please

  69. zuglufttier

    If you know where the log files are located, do: tail -f prosody.log The try to connect and look a the output.

  70. zuglufttier

    If you know where the log files are located, do: tail -f prosody.log The try to connect and look at the output.

  71. nuron

    *shame on me*

  72. nuron

    with the new certificate i can log in

  73. nuron

    The only error: when I try to login with gajim there is an error that the certificate could not checked...

  74. nuron

    verified*

  75. Zash

    Got 0.10? Try `prosodyctl check certs`

  76. Zash

    Make sure you configure Prosody to use whatever your LE client calls the file with the full chain of certificates in it

  77. Zash

    Apparently they all had to pick different names

  78. Martin

    Iberspace uses certbot I think. It's called fullchain.pem

  79. nuron

    Checking certificates... Checking certificate for upload.xxx Certificate: /home/xxx/var/prosody/ssl/cert.pem Not valid for server-to-server connections to upload.famkibo.eu. Checking certificate for muc.xxx Certificate: /home/xxx/var/prosody/ssl/cert.pem Not valid for server-to-server connections to muc.famkibo.eu. Checking certificate for xxx Certificate: /home/xxx/var/prosody/ssl/cert.pem For more information about certificates please see http://prosody.im/doc/certificates Problems found, see above.

  80. nuron

    i will renew the certificates for muc. and upload. ...

  81. Ge0rG

    upload.xxx - is that NSFW?

  82. nuron

    under the xxx is my domain :P

  83. Link Mauve

    You mean famkibo.eu? :p

  84. nuron

    äääääääääää

  85. nuron

    ups

  86. Link Mauve

    :D

  87. nuron

    jes

  88. Ge0rG

    You can't hide from us! :P

  89. Ge0rG

    But I'd love to have an XMPP service at upload.xxx

  90. nuron

    haha :P

  91. Zash

    .xxx was pretty expensive iirc

  92. mathieui

    maybe we could buy a .xmpp TLD

  93. Ge0rG

    mathieui: that's even more expensive. And it feels wrong

  94. nuron

    😂

  95. Ge0rG

    Yes! upload.xxx is available, get it now before it's too late! Only £99.99

  96. mathieui

    jabber.mathieui.xmpp

  97. Link Mauve

    Only!

  98. Link Mauve

    mathieui, im.jabberfr.xmpp

  99. Zash

    xmpp.xmpp.xmpp

  100. Ge0rG

    xmpp.jabberfr.jabber

  101. nuron

    xxx.xxx.xxx 😅

  102. Link Mauve

    xxx.xxx does exist, and as expected it’s nsfw.

  103. mathieui

    surprising

  104. Link Mauve

    And redirects to http://www.xxx.xxx/

  105. mathieui

    :D

  106. Link Mauve

    A pretty nice domain in itself.

  107. nuron

    https://uploads.trashserver.net/upload/CmGWI1Tv375_Aa_G/1NKUS89NSlqk1M8jlj8CbA.jpg

  108. nuron

    👌

  109. Link Mauve

    Oh, it’s even the domain the tld redirects to.

  110. nuron

    hmm i have again a question... when an user from an other server tries to start a conversation with me this person get an errormessage: server-to-server connection failed: DNS resolution failed

  111. Ge0rG

    nuron: the host in your SRV record may not be an IP address or a CNAME. Change it to the DNS name of your server instead.

  112. Ge0rG

    nuron: while you are at it, also change the client SRV

  113. nuron

    Okay

  114. nuron

    Client srv?

  115. Ge0rG

    nuron: https://de.wikipedia.org/wiki/SRV_Resource_Record#Aufbau

  116. Ge0rG

    nuron: _xmpp-client._tcp.<yourdomain>

  117. nuron

    Jes, of course

  118. nuron

    i've changed it. i'll see whats happens next ;)

  119. nuron

    but there is again a problem... my client (Conversations, Gajim) loses connection every minute

  120. Ge0rG

    nuron: does your prosody also listen on your ipv6 address?

  121. Ge0rG

    There is probably some other problem as well, but I can't help you right now, gotta go.

  122. nuron

    Hmm don't know... Is ipv6 better?

  123. Ge0rG

    I'm getting a "connection timeout" from my prosody instance after connecting via ipv6 and sending the stream header.

  124. nuron

    But the srv is set to the ipv4

  125. Ge0rG

    looks like there is no prosody listening on the other end

  126. Ge0rG

    nuron: the SRV is now set to the hostname.

  127. Ge0rG

    and the hostname is both IPv4 and v6

  128. nuron

    Hmm okay, you're right

  129. nuron

    I've took the hostname from uberspace.de it should work, right? srv is set to serpens.uberspace.de

  130. Martin

    nuron, no

  131. nuron

    Why?

  132. Martin

    it's <yournick>.serpens.uberspace.de

  133. nuron

    But only for ipv6?!

  134. Martin

    if you are on U6. U7 its <yournick>.uber.space

  135. Martin

    nuron, serpens is the server so serpens.uberspace.de is not your domain as every user on this server gets <yournick>.serpens.uberspace.de

  136. Martin

    that's my assumption

  137. nuron

    okay, i will change it

  138. Martin

    and my experience with my uberspace

  139. nuron

    Okay, now it is changed...

  140. Martin

    I don't know how it work's when you manage your domain yourself as mine is managed by uberspace, but I also had to add my domain

  141. Martin

    uberspace-add-domain -d search.skt4odto3ycrngsv.onion -w

  142. Martin

    ^ example

  143. nuron

    I have added every single domain to the uberspace...

  144. nuron

    <!-- Out Fr 12 Jan 2018 19:52:19 CET --> <!-- Out Fr 12 Jan 2018 19:52:29 CET --> <iq xmlns="jabber:client" to="famkibo.eu" type="get" id="68743c9e-e466-4434-be64-bf8de6a6551c"> <ping xmlns="urn:xmpp:ping" /> </iq> <!-- In Fr 12 Jan 2018 19:52:29 CET --> <iq id='68743c9e-e466-4434-be64-bf8de6a6551c' type='error' from='famkibo.eu'> <error type='cancel'> <service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> </error> </iq> What does this mean?

  145. Zash

    nuron: mod_ping probably not enabled

  146. nuron

    It should be enabled...

  147. nuron

    It is listed in the cibfig file

  148. nuron

    Config

  149. nuron

    Can I change the config file and restart prosody easily or will I get some trouble then?

  150. nuron

    Jan 12 20:07:36 mod_s2s warn Forbidding insecure connection to/from trashserver.net Jan 12 20:07:36 s2sout21fba60 info Outgoing s2s stream famkibo.eu->trashserver.net closed: stream closed Jan 12 20:07:36 s2sout21fba60 info Sending error replies for 1 queued stanzas because of failed outgoing connection to trashserver.net Jan 12 20:07:36 s2sout21fba60 info Session closed by remote with error: not-authorized (Your server's certificate is invalid, expired, or not trusted by trashserver.net)

  151. nuron

    And another point: I can not wright to other servers an in the log file I found this for example:

  152. Zash

    Enable debug logs

  153. nuron

    okay

  154. nuron

    just a second

  155. Zash

    Error from remote probably means your certificate is wrong, somehow.

  156. nuron

    hmmm so i should renew it?

  157. Zash

    And "Forbidding insecure connection" might either be something wrong with their cert, or with your ssl config

  158. Zash

    Both are basically the same issue, from either end.

  159. nuron

    my ssl config means the part of the prosody config ?

  160. nuron

    i think the cert from the other server is okay, because i get this error with every server...

  161. nuron

    i will reinstall the certs...

  162. Zash

    Debug logs ought to say more

  163. Zash

    Could be that Prosody doesn't find the root certs

  164. nuron

    hmmm have i to choose the cert.pem or the fullchain.pem as cert?

  165. Zash

    fullchain.pem

  166. nuron

    maybe that is the error.. i have choosen the cert.pem...

  167. nuron

    Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for upload.famkibo.eu... Jan 12 20:15:34 certmanager debug No certificate/key found for upload.famkibo.eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for famkibo.eu... Jan 12 20:15:34 certmanager debug No certificate/key found for famkibo.eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for eu... Jan 12 20:15:34 certmanager debug No certificate/key found for eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for upload.famkibo.eu... Jan 12 20:15:34 certmanager debug No certificate/key found for upload.famkibo.eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for famkibo.eu... Jan 12 20:15:34 certmanager debug No certificate/key found for famkibo.eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for eu... Jan 12 20:15:34 certmanager debug No certificate/key found for eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for upload.famkibo.eu... Jan 12 20:15:34 certmanager debug No certificate/key found for upload.famkibo.eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for famkibo.eu... Jan 12 20:15:34 certmanager debug No certificate/key found for famkibo.eu Jan 12 20:15:34 certmanager debug Searching /home/famkibo/.toast/armed/etc/prosody/certs for a key and certificate for eu... Jan 12 20:15:34 certmanager debug No certificate/key found for eu Thats what i found in debug logs ...

  168. Zash

    The automatic pastebin in the prosody room sure is nice

  169. nuron

    ?

  170. Zash

    You filled my entire screen

  171. nuron

    should i use a pastebin?

  172. nuron

    ohh i'm sorry

  173. nuron

    next time i will use a pastebin

  174. Zash

    Hm, second time I see it trying to find a cert for the TLD

  175. Zash

    Odd

  176. nuron

    jes, but in a completly wrong direktory?!

  177. Zash

    Oh, and I'd like to preemtively blame toast for all your problems

  178. nuron

    and that means? what should i change?

  179. Zash

    Means I last I looked, toast didn't build Prosody correctly. And I didn't wanna review 8 thousand lines of perl to figure out why.

  180. nuron

    so i should re-toast prosody?

  181. Zash

    nuron: It looks in config dir /certs/ for certificates. If you have configured filenames that would override anything it finds by searching

  182. Zash

    If you have certbot installed in home dir, you could set 'certificates = "/home/you/path/to/certbot/blah/live"' or something

  183. nuron

    Hmm okay, let me try

  184. Zash

    And then everything should magically just work

  185. Zash

    `prosodyctl check certs` to verify

  186. nuron

    I'll hope ;)

  187. nuron

    That tells me, that there are no problems...

  188. Zash

    It's however not yet able to check chains

  189. nuron

    I can't reinstall the certs... Letsencrypt told me, that there are too many requests... So I have to wait a week 😖

  190. nuron

    I don't understand... Letsencrypt told me that there were too many requests... But I've never requestet more that 20 certs...

  191. Zash

    Do you need to?

  192. nuron

    > Do you need to? A cert?

  193. Zash

    Re-request them

  194. Zash

    Sounded like you had them already, just not configured correctly

  195. nuron

    Thats what I don't understand... I've deleted them and wanted to reinstall them, but I wasnt allowed...

  196. nuron

    No, because I'm stupid I've deleted them

  197. Zash

    Not much to do then

  198. nuron

    I have to wait a week...

  199. nuron

    Or can I get an cert otherwise? I have one free cert from my hoster... But I need a few more, right?

  200. Zash

    Self-signed. Other CAs. Duno.

  201. nuron

    Hmm okay... Thank you for your help, I'll wait until next Friday...

  202. nuron

    I have to do a lot of other things..

  203. Martin

    nuron: I can agree toast is b...shit. I just install stuff the common way in uberspace and everything is fine

  204. nuron

    Martin: how do you install prosody?

  205. Martin

    Wait a minute till I have a keyboard.

  206. Martin

    1. Remove prosody install from toast 2. Pull prosody from git OR download and unzip it 3. Move to the prosody folder 4. ./configure --prefix=${HOME} 5. make 6. make install

  207. Zash

    from git... :/

  208. Martin

    1. Remove prosody install from toast 2. Pull prosody from hg OR download and unzip it 3. Move to the prosody folder 4. ./configure --prefix=${HOME} 5. make 6. make install

  209. Martin

    Zash, sorry I forgot

  210. Zash

    `./configure;make;./prosody` should just work too

  211. Zash

    which is how I mostly run it for dev and stuff

  212. nuron

    Okay Martin, i'll try it next week...

  213. Martin

    >Zash‎: `./configure;make;./prosody` should just work too When you only have userspace access I assume you'll always need ./configure --prefix=${HOME}

  214. Martin

    Ah, you run it directly from the build dir

  215. Martin

    Now I see. Sorry, forget what I said.