XMPP Service Operators - 2020-11-26

HELP! Hey guys, my server running 3k users now, and suddenly the delivery for the messages very slow now Any thoughts please

Anas: What software is running your server?

^

Anas: RAM overflows on SWAP?

Running out of dedotated wam fo servah

Anas. 3K online or 3K all?

Hi, I hope not to disturb but maybe can anyone give me some time to check my xmpp server in the point of security? 😀 I think it's pretty fine now, I get 100% on every test I made so far.

creep.im: https://github.com/JabberSPAM/blacklist/commit/70c122e02c297803e94aa90b5849d538b269761e

Ge0rG: yes, I was informed already. I believe this is a good thing until we have means to automatically block spammers on the origin server

I've seen >1000 bots from creep.im in the last two weeks

yes, it's pretty popular with both spammers and real people

no hard feelings about inclusion into the spam list therefore

cool, I'll block these right away

thanks

it's nice to have a short contact way for reports, like in this MUC

you can add me directly: a@creep.im. I'm not available all the time though

yay! a captcha!

it worked

creep.im: > you can add me directly: a@creep.im. I'm not available all the time though I got spammed by your captchas 😄

But I also sent you emails.

Martin: since we are at it right now, I think it's a good thing to connect now. you have only to solve captcha once

I solved it at least three times and got still spammed by captcha requests. 🤔

https://files.mdosch.de:5281/upload/D0A-Awp2wqJC8Dnv/Screenshot_20201011-141025_Conversations.png

well, we just connected with Ge0rG just fine right now

Martin: you can send me your JID privately and I will add you myself first, this should work

Wouldn't work, as creep.im is on the blocklist now.

🙂

But it's the same as my email martin@mdosch.de

good to know 😅

but yeah, you can always drop me messages via email

Did my emails to a arrive? I didn't get any error bounce so I assume they did.

yes, I can see your emails

I think I reported two or three times spammers and one time complained about the captcha spamming (see screenshot I shared earlier) which really pissed me off. 😂

the only action I can take is to block this one spammer JID you mentioned in your fourth email

fweslty@creep.im (1. Email) lifelockt@creep.im (2. Email), Complaint about captcha spamming (3. Email). I don't see a fourth email in my sent folder. :-/

it's actually third. I see that your first email was not specifically to me, but to the Operators list ✏

it's actually third. I see that your first email was not addressed specifically to me, but to the Operators list ✏

lifelockt is banned now

Thanks :)

creep.im: As my server has not yet fetched the updated blocklist I tried again. I successfully filled the captcha but I get > 26.11.20 15:23:12 ! Error from a@creep.im: Messages from strangers are rejected

https://files.mdosch.de:5281/upload/ND6UJqwDp-2ONS7d/2020-11-26-152446_scrot.png

I can see your request

added you back

hello guys, I'm trying to understand if my router is the culprit for my ejabberd server no to be available in my LAN when not specifying the local IP in the client as the host. Some of you were suspecting a hair-pinning issue with my consumer router, so as suggested I used tcpdump on port 5222 and tried to connect. I was supposed to check if the local IP would be issued instead of the external IP by the client. I have a log now, but I'm not really sure. I get the external IP most of time, the local appeared here and there but it's really not predominant. So I'm confused now.. do I have a hair-pinning problem?

I tried to specify the LAN IP of the server in the client and sniffed the packets with tcpdump, now I only get the LAN IP of my xmpp client, and the client does connect to ejabberd, while I get the "Server not found" error in Conversations if I leave the host unspecified. Could it be a DNS issue?

alpha_dead: did you limit tcpdump to only incoming packets? I'm not an expert, but `tcpdump -n#Q in` gives me lines like the following one when I connect to a local http server from the same network, using the router's public addr: `38 17:36:41.014306 IP 192.168.0.1.40401 > 192.168.0.42.443: Flags …` (Where 192.168.0.1 is the router's internal addr, and 192.168.0.42 is server's) And the server's logs confirm a connection from 192.168.0.1:40401. Needless to say, everything works.

That is, I don't see the router's external address anywhere at all

You should probably disable 5222 forwarding for the time of testing, so there would be no noise from actual external connections ✏

mjk: umm, maybe not a good idea, since you connect to domain:5222

alpha_dead: you already tried to search "my router model nat" ?

Licaon_Kter: Oh yeah, that could introduce false negatives

Licaon_Kter, I have a NAT/PAT section in my router advanced panel, that's where I do the port-forwarding though

I'm trying with mjk's filter with tcpdump now

mjk, by using your filter I get the same output, external IP:random port > external IP:5222

from time to time I get the pattern external IP:random port > local IP:5222, but only here and there

I couldn't set up proper SRV records due to Webmin limitations, I'm waiting for the company to write them properly, now I'm using the xmpp.domain.tld in my client to connect from outside of the network. I can connect with no issue but I plan on fixing it. I'm wondering if this might cause problems locally

Licaon_Kter, maybe you were suggesting something more, I'll research the exact model. It's a consumer HUAWEI router, nothing enteprise-grade

Not a HUAWEI, I'm sorry. I got confused, it's a Sagecom ✏

> external IP:random port > external IP:5222 Wait wat. Just to make sure: you run tcpdump on the server machine, and the server machine ≠ router, right?

If that's the case, then it seems something really is wrong with the router

alpha_dead: I remember you saying it's rented, so not sure if your ISP would allow flashing a decent firmware (openwrt, dd-wrt...)

alpha_dead: do you have same behavior with a HTTP server? I'd advice focusing on testing with such a simpler protocol to check NAT on a non standard (80,443) port.

bastoon, I might indeed test with an http server to make sure, also.. I could host a Converse.js instance

Yes that would push away the dns SRV and TLS issues. Use only http and not https. For your router perform all tests (http and XMPPs) without any "firewall", "syn flood" enabled broken features.

Always reboot router after each router configuration modification.

bastoon, then I will use a non-standard port for an apache2 website, that's the daemon I have at hand

👍 Try the inside / outside network case with http://blabla:port