XMPP Service Operators - 2024-01-21

  1. Stefan

    hi, perhaps you remember, I changed some SRV Records in order to get gajim connect faster, that worked. but now I have a problem, that showed up only after a server restart (ejabberd), when trying to send from the machine the server is on, with go-sendxmpp `[warning] <0.723.0>@ejabberd_s2s_out:process_closed/2:157 Failed to establish outbound s2s connection chat.server.de -> chat.server.de: DNS lookup failed: enoname; bouncing for 113 seconds` Does anyone have an idea whats the reason for this now?

  2. moparisthebest

    That's really odd

  3. Stefan

    all other connections seem to work.

  4. moparisthebest

    I could explain go-sendxmpp not being able to connect to the local server, but not ejabberd trying to s2s to itself....

  5. moparisthebest

    Might be a better question for the ejabberd room

  6. Stefan

    ok. go-sendxmpp doesn't show errors

  7. Martin

    Stefan: You don't have SRV records it seems (which is ok, clients will just connect to 5222 and servers to 5269 then) and no connectivity on IPv6. But I don't see how go-sendxmpp could trigger s2s errors.

  8. Martin

    > s2s connection chat.server.de -> chat.server.de: DNS lookup failed: That's also weird. Why is your server trying to look up itself via DNS?

  9. Stefan

    > > s2s connection chat.server.de -> chat.server.de: DNS lookup failed: > That's also weird. Why is your server trying to look up itself via DNS? I don't know. I'm doing a backup at the moment, want to upgrade the pi to bookworm.

  10. Stefan

    after all, it worked. I had some auth failures wenn trying out with go-sendxmpp, but that should not be a problem? mod_fail2ban ist not active.

  11. Menel

    There is nothing a client can do that would make your server behave like this. It is a problem on your machine or ejabberd config, not any client

  12. Martin

    Yeah, you need to tell it to use SCRAM-SHA-1 only for the moment, as ejabberd is trying to use tls-unique on TLSv1.3, so SCRAM-SHA-1-PLUS fails. This is fixed in ejabberd, but not yet released.

  13. Menel

    But... That's unrelated to s2s errors

  14. Menel

    Maybe I don't follow

  15. Martin

    He said he had auth errors with go-sendxmpp.

  16. Stefan

    go-sendxmpp doesn't show errors. theres only that line in log.

  17. Martin

    But you said right now you had auth errors?

  18. Stefan

    I have that setting in authmechanism

  19. Stefan

    before. wrong password i think. bzw. wrong username.

  20. Martin

    Ok. no idea about that line in the log. It's seems weird that your server tries to s2s to itself. Maybe the ejabberd MUC can help you there. I have no idea what's happening there.

  21. Stefan

    already asked there, but it's sunday morning ;-)

  22. Stefan

    I will at first upgrade to bookworm now.

  23. hook

    > Is something wrong on my side or are conference.yunohost.org and muc.metronome.im really not accessible? Both accessible again for me now. I didn’t touch my sever, no idea what that was about.

  24. mirux

    > Establishing a secure connection to prosody.im failed. Certificate hash: a7befd6a011dc19a789c082659a608eff7ecdfe6. Error with certificate 0: certificate has expired.

  25. mirux

    Or do I have a cache issue? 😇

  26. MattJ

    No, others have reported it too

  27. MattJ

    But I did fix it once

  28. agris

    There was a physical security incident with nuegia.net. The physical servers were removed from service and secured. The service will return when a new secure location is found and setup. No data was compromised. Full disk encryption and redundant backups were employed before and at the time of incident. Services are expected to resume in a month or 2. Maybe less.

  29. klaudie

    Stay well agris

  30. agris


  31. Bob Evans

    Who is the operator or associated with the "b1t.rip" server.

  32. klaudie

    What precautionary steps is everyone taking to prepare for the 2024 United States elections?

  33. agris

    Getting the hell out of cities

  34. MattJ

    klaudie, can you explain specifically how your question relates to XMPP?

  35. klaudie

    I mean like server security aspects

  36. klaudie

    Nation states appear to be on a rampage

  37. MattJ

    We strive to keep our servers secure at all times, right?

  38. klaudie


  39. klaudie

    But maybe worth double checking everything and adding more

  40. MattJ

    So hopefully we can leave politics out of it

  41. klaudie

    It has nothing to do with politics

  42. MattJ

    Great, I'm glad you agree

  43. Bob Evans

    Have there been server incidents in past elections.

  44. klaudie


  45. techmetx11


  46. techmetx11

    hope this election won't be as bad though

  47. Bob Evans

    Have there been incidents specific to XMPP servers.

  48. MattJ


  49. agris

    Your question is too vague

  50. Bob Evans

    Have XMPP operators been explicitly targeted.

  51. Bob Evans

    Not counting spam.