Well, most servers will fall back to dialback, but there are some who reject
simon
Zash: good point.
Steffen Larsenhas joined
Zash
I have a bot running on a server with a self-signed cert, which is useful partly for that reason.
simon
I personally run with s2s_secure_auth = true (on prosody) so that I don't have to trust DNS too much.
Steffen Larsenhas left
Bunnehhas joined
dwd
simon, Trouble is, I think the different combinations of security options yield some surprising results. Accepting dialback with self-signed certs is probably (I think) fine in combination with DNSSEC.
Zash
Bunneh, ping acc.umu.se
Bunneh
Zash: Ping failed (remote-server-not-found): Server-to-server connection failed: not-authorized (Your server's certificate is invalid, expired, or not trusted by acc.umu.se)
Zash
Like that :)
dwd
simon, I think that "classic" TLS auth is better than DNSSEC+dialback+unauth-TLS. But it's not by much.
simon
dwd: does one need to use a CA for DANE to work?
simon
my thinking was that DANE + a signed TLD, invalidated the need to use CAs - a good thing imho
Zash
DNSSEC removes some attack vectors from dialback. Attacks on IP routing could still work, but that ought to be harder.
Zash
simon: There are a few variants in DANE. You can say something like 'only this CA is allowed here and you must trust it already'
Zash
or you can point to your own CA and specify that as a root, or point to the actual cert or public key used by the server
simonlikes giving the middle finger to CAs.
Zash
If you use the non-PKI variants of DANE, you'll still have your TLD as CA :)
tatohas left
ralphmlikes his middlefingers. Keeping them.
simon
Would be really nice if someone could write up a basic guide for the wiki. I'd really like to get this deployed on some of my own domains.
simon
(with or without middle-finger-donations)
waqashas joined
SouLhas left
waqashas left
stpeterhas joined
ralphm
Chromebox for Meetings. Wonder how much XMPP is in there.
ralphm: the thing formerly known as libjingle is inside ;-)
ralphm
well, yeah, of course
waqashas joined
SouLhas left
SouLhas joined
waqashas left
Ge0rG
dwd: NebuK is asking about your MUC merge progress. come back to yaxim@chat.yax.im please :)
Jefhas joined
simon
Yaxim + muc would be nice.
Ge0rG
simon: indeed. there is some old code for that, but it needs to be polished and brought forward into current master.
Ge0rG
simon: Dave did some progress with that, but forgot to tell us where to find his code ;)
dwd
Ge0rG, Actual work is a bit busy, sorry. But I've merged to about June, so far.
Ge0rG
dwd: thats ok, but please coordinate more with NebuK on the yaxim MUC.
Ge0rG
dwd: he is starting to merge stuff as well... :)
Ge0rGis a bit busy with staying away from work... and from the laptop. so must delegate this
waqashas joined
simonhas left
NebuKhas joined
NebuK
hi there
NebuK
dwd, and here is the MUC guy ;) i'm currently trying to merge my own horrible code into current master -- how is you progress with that? (even though offtopic -- and/or do you want to come over to yaxims MUC?)
dwd
NebuK, I've merged to about June or so. WOrking through slowly. I'll get there, but I'm busy with work etc right now.
NebuK
oh, ok
NebuK
so ... what exactly are you merging? simply muc into master, or anything else? also, do you have your current state in a git somewhere, so i can start off from there?
Jefhas left
dwd
NebuK, No, it's halfway through a massive rebase. :-) Not something I can push anywhere.
NebuK
uh
NebuK
what are you doing, if i might ask?
fsteinelhas joined
Lloydhas left
Ashhas left
waqashas left
waqashas joined
bearhas left
Ashhas joined
zooldkhas joined
Alexhas left
Alexhas joined
Alex_has joined
SouLhas left
SouLhas joined
bearhas joined
SouLhas left
fsteinelhas left
emchohas left
emchohas joined
lloyd.watkinhas joined
bearhas left
emchohas left
Neustradamushas joined
SouLhas left
SouLhas joined
lloyd.watkinhas left
Neustradamus
I sent an email on the members ML because I have not email since November 2013.
stpeter
Neustradamus: you can send but not receive?
Neustradamus
yes
Zash
Nothing in a spam folder?
Neustradamus
like I have already said, jabber.org/xmpp.org are on blacklists
Neustradamus
there were discussions on iteam room, but the problem is not really resolved :/
Zash
What blacklists?
stpeter
Neustradamus: I am going to send you a test message from stpeter@jabber.org - please let me know if you receive it
Neustradamus
stpeter: I will inform you if I have
lloyd.watkinhas joined
stpeter
Neustradamus: you won't receive it
Neustradamus
no
stpeter
mail.log says:
Feb 7 20:21:32 atlas postfix/smtp[24019]: 3EE4E219EA8: to=<lbxmpp@live.com>, relay=mx2.hotmail.com[65.55.92.184]:25, delay=0.49, delays=0.08/0/0.37/0.04, dsn=4.0.0, status=deferred (host mx2.hotmail.com[65.55.92.184] said: 421 RP-001 (SNT0-MC4-F52) Unfortunately, some messages from 208.68.163.215 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Jefhas joined
Neustradamus
intosi said me it is same for AOL and others companies
stpeter
well, for instance, the operators@xmpp.org list has 25 @hotmail.com addresses subscribed, and if we have a lot of traffic on the list then hotmail might consider that spammy
fippo
if only mail servers knew about their users subscriptions and could apply that to "karma" limits ;-)
Neustradamus
hotmail.* live.* outlook.* for ML (not only operators)
Alexhas left
Alex_has left
Neustradamus
stpeter: DKIM and SPF are easy no?
Zash
SPF is there already
Zash
DKIM is anything but easy
stpeter
the last time I tried to install DKIM I hosed my VPS
Zash
DKIM and mailing lists are not friends
waqas
A lot of the ML emails used to end up in spam, because of DKIM
Neustradamus
what will be the best solution for you?
stpeter
Neustradamus: use a different email service?
Neustradamus
But I am not alone
stpeter
Neustradamus: do you know what hotmail's policy is? how many email messages are too many?
Kev
No, but if your provider is blocking mail because it's from mailing lists, your choices are limited.
Neustradamus
stpeter: no :/
Kev
As I understand it, this isn't a blacklisting issues, it's just that your provider doesn't like receiving several mails at once, which is always going to happen with mailing list traffic.
Neustradamus
the server is really secure?
Kev
No server is really secure if it's attached to the internet.
stpeter
:)
stpeter
true day
stpeter
dat even
Neustradamus
correct
stpeter
Kev: that's my understanding, too -- they just don't like to receive a burst of messages or "too many messages" (not sure if that's in any particular time frame)
Zash
"Reason for rate limitation is related to IP/domain reputation."
waqashas left
waqashas joined
Neustradamus
There are not sender bot on the server?
Bunnehhas left
waqas
Mailing lists used to work fine on hotmail when I used to use it, but that was a long time ago
intosi
hotmail loves rate limitjng servers
stpeter
less for them to do :-)
intosi
phps mailgun can help out? ralphm?
Neustradamus
intosi: same for AOL?
intosi
yes
Neustradamus
but it is really strange, I had never problem before
Zashhas left
Jefhas left
Zashhas joined
ralphm
intosi: didn't you mention we've been blacklisted and that you have been fixing things recently?
dwd
.sdrawkcab tuo emoc segassem ym semitemoS
dwd
?detaler eb siht dluoC
Kev
Mr. Cridland, please to try to behave.
intosi
i did
Zash
.gnibrutsid kram LTR fo kcal ruoy dnif I :dwd
intosi
spent many hours on fuxing tjings
intosi
hacker kbd on a phone screen is.. less ideal
dwd
Zash, Back before the dawn of time, I used to be able to type backwards fairly fluently. I used to tell people on IRC that I'd changed some setting in my client, and please could they help me.
Zash
Haha
Kev
/part and /quit are sitting on a wall. /part falls off. Who's left?
Kev
As the old one goes.
dwdhas left
intosi
heh
dwdhas joined
dwd
Hey, that was cruel.
Kev
Or, slightly more amusingly,
Hey this is really cool - see what happens if you type `/disco lights/` in your client!
Zash
Hahaaaaa
dwd
Come to think of it, Gajim actually has /commands, for all I know it has /quit.