ZashWell, most servers will fall back to dialback, but there are some who reject
simonZash: good point.
Steffen Larsenhas joined
ZashI have a bot running on a server with a self-signed cert, which is useful partly for that reason.
simonI personally run with s2s_secure_auth = true (on prosody) so that I don't have to trust DNS too much.
Steffen Larsenhas left
Bunnehhas joined
dwdsimon, Trouble is, I think the different combinations of security options yield some surprising results. Accepting dialback with self-signed certs is probably (I think) fine in combination with DNSSEC.
ZashBunneh, ping acc.umu.se
BunnehZash: Ping failed (remote-server-not-found): Server-to-server connection failed: not-authorized (Your server's certificate is invalid, expired, or not trusted by acc.umu.se)
ZashLike that :)
dwdsimon, I think that "classic" TLS auth is better than DNSSEC+dialback+unauth-TLS. But it's not by much.
simondwd: does one need to use a CA for DANE to work?
simonmy thinking was that DANE + a signed TLD, invalidated the need to use CAs - a good thing imho
ZashDNSSEC removes some attack vectors from dialback. Attacks on IP routing could still work, but that ought to be harder.
Zashsimon: There are a few variants in DANE. You can say something like 'only this CA is allowed here and you must trust it already'
Zashor you can point to your own CA and specify that as a root, or point to the actual cert or public key used by the server
simonlikes giving the middle finger to CAs.
ZashIf you use the non-PKI variants of DANE, you'll still have your TLD as CA :)
tatohas left
ralphmlikes his middlefingers. Keeping them.
simonWould be really nice if someone could write up a basic guide for the wiki. I'd really like to get this deployed on some of my own domains.
simon(with or without middle-finger-donations)
waqashas joined
SouLhas left
waqashas left
stpeterhas joined
ralphmChromebox for Meetings. Wonder how much XMPP is in there.
fipporalphm: the thing formerly known as libjingle is inside ;-)
ralphmwell, yeah, of course
waqashas joined
SouLhas left
SouLhas joined
waqashas left
Ge0rGdwd: NebuK is asking about your MUC merge progress. come back to yaxim@chat.yax.im please :)
Jefhas joined
simonYaxim + muc would be nice.
Ge0rGsimon: indeed. there is some old code for that, but it needs to be polished and brought forward into current master.
Ge0rGsimon: Dave did some progress with that, but forgot to tell us where to find his code ;)
dwdGe0rG, Actual work is a bit busy, sorry. But I've merged to about June, so far.
Ge0rGdwd: thats ok, but please coordinate more with NebuK on the yaxim MUC.
Ge0rGdwd: he is starting to merge stuff as well... :)
Ge0rGis a bit busy with staying away from work... and from the laptop. so must delegate this
waqashas joined
simonhas left
NebuKhas joined
NebuKhi there
NebuKdwd, and here is the MUC guy ;) i'm currently trying to merge my own horrible code into current master -- how is you progress with that? (even though offtopic -- and/or do you want to come over to yaxims MUC?)
dwdNebuK, I've merged to about June or so. WOrking through slowly. I'll get there, but I'm busy with work etc right now.
NebuKoh, ok
NebuKso ... what exactly are you merging? simply muc into master, or anything else? also, do you have your current state in a git somewhere, so i can start off from there?
Jefhas left
dwdNebuK, No, it's halfway through a massive rebase. :-) Not something I can push anywhere.
NebuKuh
NebuKwhat are you doing, if i might ask?
fsteinelhas joined
Lloydhas left
Ashhas left
waqashas left
waqashas joined
bearhas left
Ashhas joined
zooldkhas joined
Alexhas left
Alexhas joined
Alex_has joined
SouLhas left
SouLhas joined
bearhas joined
SouLhas left
fsteinelhas left
emchohas left
emchohas joined
lloyd.watkinhas joined
bearhas left
emchohas left
Neustradamushas joined
SouLhas left
SouLhas joined
lloyd.watkinhas left
NeustradamusI sent an email on the members ML because I have not email since November 2013.
stpeterNeustradamus: you can send but not receive?
Neustradamusyes
ZashNothing in a spam folder?
Neustradamuslike I have already said, jabber.org/xmpp.org are on blacklists
Neustradamusthere were discussions on iteam room, but the problem is not really resolved :/
ZashWhat blacklists?
stpeterNeustradamus: I am going to send you a test message from stpeter@jabber.org - please let me know if you receive it
Neustradamusstpeter: I will inform you if I have
lloyd.watkinhas joined
stpeterNeustradamus: you won't receive it
Neustradamusno
stpetermail.log says:
Feb 7 20:21:32 atlas postfix/smtp[24019]: 3EE4E219EA8: to=<lbxmpp@live.com>, relay=mx2.hotmail.com[65.55.92.184]:25, delay=0.49, delays=0.08/0/0.37/0.04, dsn=4.0.0, status=deferred (host mx2.hotmail.com[65.55.92.184] said: 421 RP-001 (SNT0-MC4-F52) Unfortunately, some messages from 208.68.163.215 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Jefhas joined
Neustradamusintosi said me it is same for AOL and others companies
stpeterwell, for instance, the operators@xmpp.org list has 25 @hotmail.com addresses subscribed, and if we have a lot of traffic on the list then hotmail might consider that spammy
fippoif only mail servers knew about their users subscriptions and could apply that to "karma" limits ;-)
Neustradamushotmail.* live.* outlook.* for ML (not only operators)
Alexhas left
Alex_has left
Neustradamusstpeter: DKIM and SPF are easy no?
ZashSPF is there already
ZashDKIM is anything but easy
stpeterthe last time I tried to install DKIM I hosed my VPS
ZashDKIM and mailing lists are not friends
waqasA lot of the ML emails used to end up in spam, because of DKIM
Neustradamuswhat will be the best solution for you?
stpeterNeustradamus: use a different email service?
NeustradamusBut I am not alone
stpeterNeustradamus: do you know what hotmail's policy is? how many email messages are too many?
KevNo, but if your provider is blocking mail because it's from mailing lists, your choices are limited.
Neustradamusstpeter: no :/
KevAs I understand it, this isn't a blacklisting issues, it's just that your provider doesn't like receiving several mails at once, which is always going to happen with mailing list traffic.
Neustradamusthe server is really secure?
KevNo server is really secure if it's attached to the internet.
stpeter:)
stpetertrue day
stpeterdat even
Neustradamuscorrect
stpeterKev: that's my understanding, too -- they just don't like to receive a burst of messages or "too many messages" (not sure if that's in any particular time frame)
Zash"Reason for rate limitation is related to IP/domain reputation."
waqashas left
waqashas joined
NeustradamusThere are not sender bot on the server?
Bunnehhas left
waqasMailing lists used to work fine on hotmail when I used to use it, but that was a long time ago
intosihotmail loves rate limitjng servers
stpeterless for them to do :-)
intosiphps mailgun can help out? ralphm?
Neustradamusintosi: same for AOL?
intosiyes
Neustradamusbut it is really strange, I had never problem before
Zashhas left
Jefhas left
Zashhas joined
ralphmintosi: didn't you mention we've been blacklisted and that you have been fixing things recently?
dwd.sdrawkcab tuo emoc segassem ym semitemoS
dwd?detaler eb siht dluoC
KevMr. Cridland, please to try to behave.
intosii did
Zash.gnibrutsid kram LTR fo kcal ruoy dnif I :dwd
intosispent many hours on fuxing tjings
intosihacker kbd on a phone screen is.. less ideal
dwdZash, Back before the dawn of time, I used to be able to type backwards fairly fluently. I used to tell people on IRC that I'd changed some setting in my client, and please could they help me.
ZashHaha
Kev/part and /quit are sitting on a wall. /part falls off. Who's left?
KevAs the old one goes.
dwdhas left
intosiheh
dwdhas joined
dwdHey, that was cruel.
KevOr, slightly more amusingly,
Hey this is really cool - see what happens if you type `/disco lights/` in your client!
ZashHahaaaaa
dwdCome to think of it, Gajim actually has /commands, for all I know it has /quit.
ZashI think it even has /exce -o
intosinow my home lugting is blinking
ZashI think it even has /exec -o
intosilighting
ZashPro-tip: Don't /exec -o yes
ZashUnless you /exec -o yes otters!
waqashttp://www.youtube.com/watch?v=mWZLa4AnN5k
Jefhas joined
lloyd.watkinhas left
Zashlolwut
ralphmintosi: so I think that taint could last some time
ZashThey didn't forsee that in StarTrek ^^
ralphmintosi: I'd be happy to see if we can help out, just not right now
XSF Discussion - 2014-02-07