-
mjk
csh: https://www.ted.com/talks/james_veitch_this_is_what_happens_when_you_reply_to_spam_email Maybe you weren't friendly enough?
-
moparisthebest
don't respond ever
-
raghavgururajan
How's jabber.network different from xmpp.net?
-
menel
raghavgururajan: the one checks the server xeps the other messures tsl.
-
menel
tls
-
raghavgururajan
menel: Ah thanks!
-
tom
hey btw
-
tom
you can also test the server's tls with testssl.sh
-
tom
it supports the xmpp STARTTLS variant
-
jonas’
yes, but you need a very recent version for s2s tests
-
tom
the XMPP observatory seems to have severe threading limitations
-
jonas’
the xmpp observatory runs on a very old stack which nobody knows how to maintain anymore
-
tom
oh
-
jonas’
I do have a rewrite (incidentally based on testssl.sh) in the pipeline :)
-
tom
oh neat, thanks jonas’!
-
tom
jonas’: what is the old stack?
-
jonas’
it is actually mostly done, only needs the DNSSEC and DANE stuff sorted out.
-
jonas’
tom, a fork of a subset of prosody’s XMPP stack with some strange patches, surrounded by more bits of lua and php
-
tom
jonas’: I would like to follow your work on the rewrite
-
jonas’
tom, you’re welcome to: https://github.com/horazont/testxmpp
-
tom
thanks
-
ernst.on.tour
Whats about: ``` echo | openssl s_client -starttls xmpp -servername domain.tls -connect domain.tld:5222 2>/dev/null | openssl x509 -noout -subject -dates -checkend $(($days*24*60*60)) && echo lives more than $days || echo need new cert ```
-
tom
» 2>/dev/null discards stderr, » openssl x509 -noout -subject -dates -checkend $(($days*24*60*60)) && echo lives more than $days || echo need new cert downloads the certificate, checks it's experation date and checks it's it's close to expiring
-
tom
» openssl s_client -starttls xmpp -servername domain.tls -connect domain.tld:5222 connects and setups up TLS over the STARTTLS method
-
ernst.on.tour
I test my cert with above code, it's a oneliner in crontab
-
tom
I just use dyhdrated.sh and a slightly modified quark
-
tom
quark can be found on suckless.org
-
tom
it's a minimal webserver written in less then 1000LOC
-
tom
dehydrated is an ACME implementation written in a few hundred lines of bash
-
ernst.on.tour
Change "echo need new cert" to "curl ...." to send via mod_post_msg an xmpp-msg to me
-
tom
it's very good and keeping the certs fresh, and even more advanced things like stapling, cipher selection, and alternative names
-
tom
there's a line in /etc/aliases the redirects root to postmaster@nuegia.net, and cronic, another small shell script ensures cron only fires an email if there's a problem
-
tom
it's a very extensible and simple system
-
tom
many daemons and users across the system can use it
-
ernst.on.tour
I use https://github.com/srvrco/getssl to generate my certs