ZashWell, most servers will fall back to dialback, but there are some who reject
simonZash: good point.
Steffen Larsenhas joined
ZashI have a bot running on a server with a self-signed cert, which is useful partly for that reason.
simonI personally run with s2s_secure_auth = true (on prosody) so that I don't have to trust DNS too much.
Steffen Larsenhas left
dwdsimon, Trouble is, I think the different combinations of security options yield some surprising results. Accepting dialback with self-signed certs is probably (I think) fine in combination with DNSSEC.
ZashBunneh, ping acc.umu.se
BunnehZash: Ping failed (remote-server-not-found): Server-to-server connection failed: not-authorized (Your server's certificate is invalid, expired, or not trusted by acc.umu.se)
ZashLike that :)
dwdsimon, I think that "classic" TLS auth is better than DNSSEC+dialback+unauth-TLS. But it's not by much.
simondwd: does one need to use a CA for DANE to work?
simonmy thinking was that DANE + a signed TLD, invalidated the need to use CAs - a good thing imho
ZashDNSSEC removes some attack vectors from dialback. Attacks on IP routing could still work, but that ought to be harder.
Zashsimon: There are a few variants in DANE. You can say something like 'only this CA is allowed here and you must trust it already'
Zashor you can point to your own CA and specify that as a root, or point to the actual cert or public key used by the server
simonlikes giving the middle finger to CAs.
ZashIf you use the non-PKI variants of DANE, you'll still have your TLD as CA :)
ralphmlikes his middlefingers. Keeping them.
simonWould be really nice if someone could write up a basic guide for the wiki. I'd really like to get this deployed on some of my own domains.
simon(with or without middle-finger-donations)
ralphmChromebox for Meetings. Wonder how much XMPP is in there.
fipporalphm: the thing formerly known as libjingle is inside ;-)
ralphmwell, yeah, of course
Ge0rGdwd: NebuK is asking about your MUC merge progress. come back to firstname.lastname@example.org please :)
simonYaxim + muc would be nice.
Ge0rGsimon: indeed. there is some old code for that, but it needs to be polished and brought forward into current master.
Ge0rGsimon: Dave did some progress with that, but forgot to tell us where to find his code ;)
dwdGe0rG, Actual work is a bit busy, sorry. But I've merged to about June, so far.
Ge0rGdwd: thats ok, but please coordinate more with NebuK on the yaxim MUC.
Ge0rGdwd: he is starting to merge stuff as well... :)
Ge0rGis a bit busy with staying away from work... and from the laptop. so must delegate this
NebuKdwd, and here is the MUC guy ;) i'm currently trying to merge my own horrible code into current master -- how is you progress with that? (even though offtopic -- and/or do you want to come over to yaxims MUC?)
dwdNebuK, I've merged to about June or so. WOrking through slowly. I'll get there, but I'm busy with work etc right now.
NebuKso ... what exactly are you merging? simply muc into master, or anything else? also, do you have your current state in a git somewhere, so i can start off from there?
dwdNebuK, No, it's halfway through a massive rebase. :-) Not something I can push anywhere.
NebuKwhat are you doing, if i might ask?
NeustradamusI sent an email on the members ML because I have not email since November 2013.
stpeterNeustradamus: you can send but not receive?
ZashNothing in a spam folder?
Neustradamuslike I have already said, jabber.org/xmpp.org are on blacklists
Neustradamusthere were discussions on iteam room, but the problem is not really resolved :/
stpeterNeustradamus: I am going to send you a test message from email@example.com - please let me know if you receive it
Neustradamusstpeter: I will inform you if I have
stpeterNeustradamus: you won't receive it
Feb 7 20:21:32 atlas postfix/smtp: 3EE4E219EA8: to=<firstname.lastname@example.org>, relay=mx2.hotmail.com[126.96.36.199]:25, delay=0.49, delays=0.08/0/0.37/0.04, dsn=4.0.0, status=deferred (host mx2.hotmail.com[188.8.131.52] said: 421 RP-001 (SNT0-MC4-F52) Unfortunately, some messages from 184.108.40.206 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Neustradamusintosi said me it is same for AOL and others companies
stpeterwell, for instance, the email@example.com list has 25 @hotmail.com addresses subscribed, and if we have a lot of traffic on the list then hotmail might consider that spammy
fippoif only mail servers knew about their users subscriptions and could apply that to "karma" limits ;-)
Neustradamushotmail.* live.* outlook.* for ML (not only operators)
Neustradamusstpeter: DKIM and SPF are easy no?
ZashSPF is there already
ZashDKIM is anything but easy
stpeterthe last time I tried to install DKIM I hosed my VPS
ZashDKIM and mailing lists are not friends
waqasA lot of the ML emails used to end up in spam, because of DKIM
Neustradamuswhat will be the best solution for you?
stpeterNeustradamus: use a different email service?
NeustradamusBut I am not alone
stpeterNeustradamus: do you know what hotmail's policy is? how many email messages are too many?
KevNo, but if your provider is blocking mail because it's from mailing lists, your choices are limited.
Neustradamusstpeter: no :/
KevAs I understand it, this isn't a blacklisting issues, it's just that your provider doesn't like receiving several mails at once, which is always going to happen with mailing list traffic.
Neustradamusthe server is really secure?
KevNo server is really secure if it's attached to the internet.
stpeterKev: that's my understanding, too -- they just don't like to receive a burst of messages or "too many messages" (not sure if that's in any particular time frame)
Zash"Reason for rate limitation is related to IP/domain reputation."
NeustradamusThere are not sender bot on the server?
waqasMailing lists used to work fine on hotmail when I used to use it, but that was a long time ago
intosihotmail loves rate limitjng servers
stpeterless for them to do :-)
intosiphps mailgun can help out? ralphm?
Neustradamusintosi: same for AOL?
Neustradamusbut it is really strange, I had never problem before
ralphmintosi: didn't you mention we've been blacklisted and that you have been fixing things recently?
dwd.sdrawkcab tuo emoc segassem ym semitemoS
dwd?detaler eb siht dluoC
KevMr. Cridland, please to try to behave.
Zash.gnibrutsid kram LTR fo kcal ruoy dnif I :dwd
intosispent many hours on fuxing tjings
intosihacker kbd on a phone screen is.. less ideal
dwdZash, Back before the dawn of time, I used to be able to type backwards fairly fluently. I used to tell people on IRC that I'd changed some setting in my client, and please could they help me.
Kev/part and /quit are sitting on a wall. /part falls off. Who's left?
KevAs the old one goes.
dwdHey, that was cruel.
KevOr, slightly more amusingly,
Hey this is really cool - see what happens if you type `/disco lights/` in your client!
dwdCome to think of it, Gajim actually has /commands, for all I know it has /quit.
ZashI think it even has /exce -o
intosinow my home lugting is blinking
ZashI think it even has /exec -o
ZashPro-tip: Don't /exec -o yes
ZashUnless you /exec -o yes otters!
ralphmintosi: so I think that taint could last some time
ZashThey didn't forsee that in StarTrek ^^
ralphmintosi: I'd be happy to see if we can help out, just not right now