[Operators] Security Test Day reminder - 4 Jan 2014

Dave Cridland dave at cridland.net
Sat Jan 4 15:57:07 UTC 2014


Something to note; chatting with Jesse Thompson, we found that the errors
we were getting back simply didn't match the likely cases. I saw DNS
errors, he saw similar. I've not isolated the actual fault yet.


On Sat, Jan 4, 2014 at 2:25 PM, Valérian Saliou <
valerian at valeriansaliou.name> wrote:

> Okay, makes sense Marco.
>
> Now, let’s hope the network will be reactive enough to keep up the pace,
> and will conform to the new mandatory contraints.
>
> Here I see that I have about 135 in / 136 out S2S sessions, which seems
> growing back to the usual/normal number that we had before (minus about 10
> servers, in which we can count Gmail.com, Cisco.com and so on), looks
> pretty good overall.
>
> --
>
> *Valérian Saliou*
>
> Jappix <https://jappix.com/> & FrenchTouch Web Agency<http://frenchtouch.pro/>
>  founder.
> Waaave <https://waaave.com/> co-founder.
> Famecoin <http://famecoin.com/> infrastructure manager.
>
> *More about me on *my personal page <https://valeriansaliou.name/>*.*
>
> On Jan 4, 2014, at 2:55 PM, Marco Cirillo <maranda at lightwitch.org> wrote:
>
>  Il 04/01/2014 14:39, Valérian Saliou ha scritto:
>
> Metronome as I noticed; Marco stated it’s related to an unproper StartTLS
> stack being running.
>
>  We’re running Metronome ourselves on Jappix.com <http://jappix.com/>, so
> this might also be due to a stricter policy from Metronome, Marco?
>
> --
>
> *Valérian Saliou*
>
>  Jappix <https://jappix.com/> & FrenchTouch Web Agency<http://frenchtouch.pro/>
>  founder.
> Waaave <https://waaave.com/> co-founder.
> Famecoin <http://famecoin.com/> infrastructure manager.
>
>  *More about me on *my personal page <https://valeriansaliou.name/>*.*
>
>
> No.
>
> Metronome wise, it's because the server (movim.eu) isn't properly
> configured. But I found the same behaviour happening from servers running
> Prosody, ejabberd, OpenFire and beside the latter I think both Prosody and
> ejabberd latest versions have consistently working tls.
>
> Also, there could be only 2 things on which it is stricter (latest tip,
> 3.2.26):
> 1) is that it checks if the stream version is at least 1.0 if not it will
> close down the stream with unsupported-version which I thought being saner
> since those servers (GTalk on head) aren't tls capable s2s wise.
> 2) is that it asserts if a remote server requires starttls and if it isn't
> capable of because mod_tls isn't loaded/configured or not functioning
> correctly and mod_dialback is enabled it'll throw a proper log warning and
> close down the stream to that host.
>
> That's all.
>
> --
>
> *Marco Cirillo*
> *LW.Org/LW.Org <http://LW.Org/LW.Org> IM Owner & Head Developer*
> *Metronome IM Project Mantainer/Developer*
> *Jappix Mantainer/Developer*
> http://lightwitch.org
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140104/e5a8489f/attachment-0001.html>


More information about the Operators mailing list