XSF Discussion - 2017-10-27


  1. Link Mauve

    There is this goldtransfer guy who’s still coming on jabber@conference.jabber.org after having spammed the room, could someone with enough rights ban him (if possible from the entire service)?

  2. Link Mauve

    I’m only administrator of this room, so I have no power here.

  3. Guus

    I'm not sure who's maintaining that server, sorry

  4. Link Mauve

    Me neither, so I hope sending a message here will reach them.

  5. moparisthebest

    postmaster@jabber.org ?

  6. moparisthebest

    Xmpp doesn't have well defined addresses like that does it

  7. Zash

    It does, actually. xmpp@

  8. moparisthebest

    Hmm did not know, do servers implement that

  9. Zash

    Do servers implement a standard mail box?

  10. Zash

    moparisthebest: https://xmpp.org/rfcs/rfc6120.html#contact

  11. Zash

    In XMPP itself there's {xep 0157}

  12. Bunneh

    Zash: XEP-0157: Contact Addresses for XMPP Services (Informational, Active, 2007-01-31) See: https://xmpp.org/extensions/xep-0157.html

  13. Guus

    will add that to Openfire

  14. Guus

    we record that stuff, but don't expose it

  15. Zash

    That one ought to be strongly recommended for public/open services

  16. Link Mauve

    It should be enabled by default in Prosody imo.

  17. Zash

    Is it not?

  18. Link Mauve

    It’s commented out by default. :/

  19. Zash

    I don't think it should be enabled by default for random personal servers

  20. Link Mauve

    Random personal servers which don’t want to publish that should be the ones that should be configured to disable it.

  21. Zash

    Why?

  22. Link Mauve

    Because most deployments will not change the defaults, which makes the whole network unable to contact their admins.

  23. Link Mauve

    When I disabled unencrypted s2s, I tried to contact all of the servers’ admins about that move, and out of some 31 I could only find the contacts details of 5, and only one answered.

  24. Link Mauve

    (They answered that nothing in the RFC forced them to support TLS, so it was our choice to break s2s with them.)

  25. Ge0rG

    I think we should mandate a contact mailbox for IBR servers and servers with other public registration mechanisms.

  26. Zash

    As a server dev, I much prefer if privacy decisions are taken by the admins.

  27. zinid

    Zash: +1

  28. Zash

    It could be changed to look at if IBR is enabled or not

  29. Zash

    Currently, if enabled but not explicitly configured, it'll advertise the JIDs of configured admins

  30. Ge0rG

    Zash: what about making IBR depend on a flag that enables publication of admin JIDs?

  31. Ge0rG

    Should have pushed that into 0.10... 😕

  32. moparisthebest

    Zash: couldn't prosody just forward messages to xmpp@domain to the server admin(s) by default?

  33. moparisthebest

    Seems like it wouldn't be a privacy problem

  34. moparisthebest

    Oh I see, discovery, yuck

  35. moparisthebest

    So a server plugin could autogenerate those and forward them to admin

  36. Arc

    if you're operating a mailserver, you're under no obligation to receive or deliver email, even if the other host is in full compliance

  37. Arc

    many mailservers require cryptographic and anti-spam measures in order to accept, Google's especially