[Operators] server reputation

Jonathan Schleifer js-xog at webkeks.org
Sat Apr 19 07:38:47 CDT 2008


Peter Saint-Andre <stpeter at stpeter.im> wrote:

> So at jabber.org we might ask amessage.de and sapo.pt (or
> whatever) about new servers on the network.

amessage.* is exactly the opposite: It's an example for a server that
doesn't work correctly. It's s2s is very broken, it doesn't work far
more often than it does work.

Broken s2s really got an annoying problem. More and more servers appear
with broken s2s, for whatever reasons. Servers like amessage.* at least
have an administrator who knows what he's doing (at least, that's the
impression I got about mawis), but the real problem are small servers
with unknowing administrators, sometimes those even blame others for
s2s not working, though they have no idea how Jabber works. I want to
give a few examples here, but won't give any names:

EXAMPLE 1:
The server blocked port 5269 via a packet filter and didn't have any
other port specified in an SRV record for s2s, thus there was no port
where other servers could connect to. After contacting the admin, the
admin blamed me that it has to be my server since he can get
connections to other servers. He wouldn't listen when I told him that
this is because he tried to initiate the connection to the other
servers, but others couldn't initiate it due to the port begin
filtered. He wouldn't listen and instead go on that it's my servers
fault. But it seems like he finally acknowledged it's his problem and
fixed it now.

EXAMPLE 2:
The server had a broken ejabberd installation. I couldn't debug it as
the server just closed the connection when I tried to connect to it.
The other way around, it worked, that server could connect to mine.
That was the most annoying part, if you got a message and didn't answer
instantly, s2s was closed due to idle and you couldn't answer then.
I contacted the administrator of that server about the problem, the
only answer I got was that my server has to be broken since there are
other servers that don't have that problem.
After a few months, he told me he found the problem, his ejabberd build
was broken, the thread crashed when someone requested TLS on s2s, but
if the server requsted it from other servers, it worked. And all
servers that did work didn't request TLS when they connected to it. It
took a long time until the administrator admitted that it's his server's
fault and not mine. But instead of fixing ejabberd then, he just
switched to jabberd2.

EXAMPLE 3:
The server was running ejabberd and hosting a MUC. But there was no
CNAME record for conference.$domain. That admin was totally clueloss on
how to fix it when I told him that s2s doesn't work for components of
his server. I more or less had to explain how s2s works and that those
subdomains need to exist for other servers to be able to connect to the
components.

These three are all examples where servers are broken because people
think having a Jabber server is cool, but knowing how Jabber works is
uncool. Many just want to have a JID with their domain and setup a
Jabber server that often is totally misconfigured. That alone wouldn't
be that big of a problem, the problem is that they promote others to
use their server as well. And then it starts getting annoying and even
hurting the Jabber network.
The server in example 2 even got that annoying that I blacklisted it
until it was fixed.

Spammers are not a big deal ATM, what we need a solution for is servers
with broken s2s, this is hurting the Jabber network far more now.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/operators/attachments/20080419/ce568248/attachment-0001.pgp 


More information about the Operators mailing list