XMPP Service Operators - 2018-01-26

https://xiaoyu.net:7443/httpfileupload/a3109f0d-bb4f-4543-a76e-ede7b0c631e7/V7Kxuv24TBWt1JMEZynTHQ.jpg

xmpp check not normal work

i am using.ecc cert

that's a screen shot if I ever saw one

now check.messaging.one

hi

Hi

spam from swissjabber.li

blacklisting also this server

just blacklist *@swissjabber.*

> dujin2320@swissjabber.eu wants to subscribe just got that

i cannot blacklist with .*

any idea of all the extensions ?

Internet search gives https://wiki.xmpp.org/web/SwissJabber.ch

Which is ancient.

I used to have a MUC there

Because SwissJabber was the only server I could find that allowed like 500 people in a MUC or something like that

maybe 700

O_o?

"allowed"

Or could handle

better

:P

Whatever you use to describe the participants limit :D

SouL, are there many servers with a limit?

Don't look here.

Limiting sounds like +l on IRC, that's why "handling" is better than "allowed"

Are you expecting scaling issues in MUC?

Yes, are you not?

:P

Given the very small amount of resources used normally by my servers, no.

Link Mauve, I don't know actually. At that time I didn't even had my own server or anything. So I just kept browsing public servers with Psi+ until I found that one, when modifying the MUC settings, the limit would be really big, compared to the ones I used to use.

SouL, at least in Prosody, there is no limit setting.

Hmm each message or presence stanza sent to the muc *needs* to get reflected 700 times, does that ring a bell?

just to begin with.

Maranda, so you’re expecting 700 packets to take your network to its knees?

presence traffic on a MUC is O(N²)

^

Link Mauve: Prosody has MUC traffic limits I keep running into with legitimate traffic, though.

mod_muc_limits is absolutely inadequate.

Holger, you mean mod_muc_limit, the one limiting the amount of concurrent messages?

The queue is filled up with CSNs and then your actual messages are rejected.

https://prosody.im/issues/988

Link Mauve: Probably. I just receive the error stanzas :-)

Note that this is a community module, not part of the server.

If operators use it, they’re on their own.

Link Mauve: So there's some Prosody user in the community who believes that MUC scalability might be an issue :-)

Link Mauve: If they don't, they're not on their own? :-)

Holger, AFAIK, it’s not a solution to scalability, but a solution to random spammers who used to flood MUCs.

DoS against MUC is easy because MUC doesn't scale.

Just that that the rtc of most public traffic (presence and messages) in is O(N^2) as Ge0rG pointed out, is enough to tell you how well MUC scales Link Mauve.

Maranda, rtc?

I think you don't need another reason.

Running Time Complexity?

brb

tbh while mod_muc_limits isn't perfect it looked to always be one of the few viable solutions to muc servers not getting brought down to their knees by a DoS.

so I wouldn't really spit on it.

I'm not spitting on it, it's in use on my server. But I wish somebody would improve it.

The improvements I made to it, was making the limit ratio configurable by room (with muc pluggable config), but I'm confident that could be in Prosody's as well.

adhoc commands?

But I'm not sure that'd fix any issue

no just room config

Maranda: not in default 0.10 MUC code :(

Ge0rG, https://lightwitch.org/Media/Default/Pictures/muc_limit_config.png -- it also can be (? I don't remember if it's the default) setup to ignore traffic from server buddies (xep-267)

Maranda: way too complicated

I like to be able to configure stuff

`[ ] Configure stuff`

`[ 75%] Stuff Stuffyness`

Ge0rG, also you know that mod_muc_limits doesn't drop stanzas from affiliated members right?

Maranda: I know

Marzanna: Host unreachable: Server-to-server connection failed: DNS resolution failed

-certinfo chat.jabb.im ✏

Marzanna: chat.jabb.im has a mismatched certificate issued by Let's Encrypt Authority X3

-certinfo metronome.im

Maranda: metronome.im has a valid certificate issued by Let's Encrypt Authority X3

xiaoyu.net

test site only get T result

The TLS connection failed... You should fix that issue

yon:

client can connect

i.using ecc cert

tls 1.2

maybe site cant test ec cert?

https://uploads.trashserver.net/upload/5Nb8HXHOgUeORUVR/cHnnaS1hRQGd9rjIgVYPKQ.jpg

yon:

Maybe you haven't set an srv record? Or you haven't open this port

which port?

5222 open

should site cant.connect ec cert

i have test some clients can work

https://uploads.trashserver.net/upload/j2VUe8q-H-DnkNT1/0tKU4erUSRClyqVDw6QuZQ.jpg

Hmm when you have tested the TLS and it works everything will be fine

i shoud is A

Recommend a good APP for me?

i download some app not good for use