Welcome to the free, free of charge and secure XMPP/Jabber server "jabber-germany.de" !
Hier geht es zur deutschen Fassung.
!!! Attention !!!
As a current occasion, I ask all users to read this article about the impending chat control 2.0 - please join!
About:
"jabber-germany.de" provides various services like XMPP, DoH/DoT, NTP/NTS etc. hosted by myself. The main reason I run these services is because I like to be in control of my own data where feasible. The easiest way to accomplish that is to host the services I use. I make them public and maintain them simply because I want to.
Registration:
Due to the increased incidence of spam messages, a registration is required from now on. There are two options available:
- Send an email to the address below with the desired name to be registered. The account will be created as soon as possible and a response with a temporary password will be sent.
Please use this way in case you want to get recovered (or reset) your password at a later stage as this is only way to verify you unambiguously.
- EMail address for registration: jomo <at> morbitzer.de
- PGP/GPG: 4096R/D982BBD6 (12/24/2013)
- Use the web registration form. Please note that resetting the password with this method is not trivial in case of password loss. If in doubt, please select option 1 (see above).
I hope for your understanding, the fight against spam has become an important issue, and this new method of registration finally helps all users.
By using this server to communicate with third parties you agree that data
will be passed to third parties. Messages sent to other users are subject to policies those users agreed to.
The current configuration is as follows:
- XMPP software version: Prosody 0.12.4
- Activated XEP Modules: XEP-0198, XEP-0280, XEP-0065, XEP-0012, XEP-0092, XEP-0030, XEP-0163, XEP-0199, XEP-0090, XEP-0202, XEP-0054, XEP-0237, XEP-0357, XEP-0191, XEP-0124, XEP-0206, XEP-0352, XEP-0363, XEP-0313, mod_muc_mam, mod_vcard4, mod_vcard_legacy, XEP-0384, csi_battery_saver, XEP-0411, XEP-0410, XEP-0288, XEP-0215, XEP-0045, cloud_notify_filters, cloud_notify_encrypted,firewall,unified_push,pubsub_serverinfo
- Password storage: hashed
- CA: Let's Encrypt
- Certificate Key size 4096
- Certificate sha256 Fingerprint=BA:0A:C1:C6:39:8C:54:93:4F:07:29:22:B9:19:1F:80:53:38:18:2E:B0:52:9A:12:9A:10:37:A0:92:34:9D:23
- OS: Debian Linux 64 Bit
- Server location: Germany
- Hosting provider: Netcup
- Internet link: 2.5 Gbit/s
- Backup procedure: borgbackup, nightly snapshot (external destination)
- C2S require encryption: Yes
- S2S require encryption: Yes
- Inband registration allowed: No (see above)
- Group chat support: Yes
- Contact (email): admin <at> jabber-germany.de
- Contact (xmpp): admin <at> jabber-germany.de
- Offline Messages: 31 days (MAM: 14 days)
- http upload file size limit (XEP-0363): 40 MB
- http upload file expiration after: 14 days
- http upload quota per day: 400 MB
- http upload quota global : 2048 MB
- Tor address: xmpp://gku6irp4e65ikfkbrdx576zz6biapv37vv2cmklo2qyrtobugwz5iaad.onion:5222
- Converse.js address: https://jabber-germany.de:5281/conversejs
Recommended OpenSource XMPP/Jabber clients are :
Privacy Policy:
Things that are being stored:
- User name and hash of password.
- Offline messages. If someone sends you a message while you are
offline that message will be stored until you get back online.
- Archive. By default we will be keeping an archive of your messages
for later retrieval by yourself. This can come in handy if you log in
with a new device and want access to your message history and is also
required if you want to use the OMEMO encryption with multiple
devices. You can opt-out of this by setting your server-side
archiving preferences with your XMPP client.
- Files. Every file you share with a contact or a conference will be
uploaded and stored for later retrieval by the recipients.
- A list of your contacts (Roster, Buddylist). This list is maintained
by you. You decide who goes on that list and who gets deleted.
- Semi public data you are publishing for your contacts to see like
your avatar or the OMEMO public keys.
- Other private data your XMPP client might upload like a list of
conference bookmarks.
- Registering for a push does make an HTTP call which logs a user’s IP temporarily, this is necessary for the service to operate.
- I might activate and keep logs temporarily if this helps mitigating attacks (service maintenance).
Things that are not being stored:
- IP addresses.
- Any connection and/or duration times.
Remarks:
- I collect only a minimum amount of information, only what is really needed to run my services.
- Under no circumstances will data be collected, analyzed and shared for commerce!
- And last but not least: I care about privacy on all levels!
DNS, DNS-over-TLS, DNS-over-HTTPS, NTP/NTS, and NTFY:
The server is running an open, caching-only DNS server as part of the OpenNIC project and can be used by any user, too, of course. The details are as follows:
- DNS ipv4: 152.53.15.127#53
- DNS ipv6: 2a03:4000:6b:191:9825:1cff:fe34:bbe#53
- DNS-over-TLS ipv4: 152.53.15.127#853
- DNS-over-TLS ipv6: 2a03:4000:6b:191:9825:1cff:fe34:bbe#853
- DNS-over-TLS: tls-auth "jabber-germany.de", sha256 digest "AvU/FDJMioBifgP6Z1ADb/5Ok2flfaTbIdJcfXCze8I="
- DNS-over-HTTPS: https://www.jabber-germany.de/dns-query
- Limit rates for DoH and DoT: 2000 requests/minute per source IP (with "burst" of 50).
- NTP ipv4: 152.53.15.127#53
- NTP ipv6: 2a03:4000:6b:191:9825:1cff:fe34:bbe#53
- NTS ipv4: 152.53.15.127#4460
- NTS ipv6: 2a03:4000:6b:191:9825:1cff:fe34:bbe#4460
- NTFY Push service: https://ntfy.jabber-germany.de
Latest changes, news and updates:
- 2024-11-04: Due to some IP spoofing the hosting provider got abuse messages and took down the server until I managed to explain to them that the mentioned port scanning was definately NOT coming from my server. Very annoying.
- 2024-08-22: Disabled SearxNG for good - we were blocked everywhere due to request floodings.
- 2024-08-22: SYNC flooding attack to the sslh multiplexer, port 443 was no longer "usable". Disabled sslh (and therefore the connection to XMPP via tcp port 443) for now. Update: The root cause was searxng which was being flooded, stopped this service for now, and enabled sslh again.
- 2024-08-09: Prosody server was hanging the last days from time to time. Increased the number of max open files, which should fix things.
- 2024-04-20: Prosody server was down for a few hours, sorry, was due to a PID file not being able to generate, will not happen again.
- 2024-03-13: DoH was no longer working since the move to the new server box due to a missing Apache module - fixed!
- 2024-03-12: Added the Snowflake Proxy service to the server box.
- 2024-03-10: Moved all services to new hardware: 10(!) CPU cores instead of 2, doubled RAM, doubled SSD disk space, latest Debian Linux (Bookworm) + new IPv4 address (SearXNG should work better again)... Enjoy!
- 2023-12-09: Added "mod_unified_push" module.
- 2023-10-25: After having seen the encrypted traffic interception @ jabber.ru I activated an external certificate checker.
- 2023-09-07: Updated Prosody to version 0.12.4.
- 2023-04-11: Facing some DDoS on port 443, bringing the webserver into trouble, working on it. Update: It was several addresses from Iran that got my server into trouble. Probably as a "thank you" for having a Snowflake proxy running in parallel. I have blocked the addresses manually for now. Update: "mod_evasive" running.
- 2023-03-30: dist-upgrade from Debian Linux "buster" to "bullseye".
- 2023-02-22: Updated Prosody to version 0.12.3.
- 2023-01-04: Added bot protection / rate limit for SearXNG
- 2022-12-15: Updated Prosody to version 0.12.2.
- 2022-08-15: Added JabberSPAM.
- 2022-07-13: Switched search engine from Searx to SearXNG.
- 2022-06-11: Updated Prosody to version 0.12.1.
- 2022-03-30: Since the upgrade to 0.12.0 the web registration was broken - fixed now, sorry.
- 2022-03-18: Updated Prosody to version 0.12.0.
- 2022-03-07: Added NTFY push service (please see here for documentation and examples).
- 2022-01-29: Updated Prosody to version 0.11.13.
- 2022-01-19: Configured the NTP time server to serve NTS, too.
- 2022-01-15: Updated Prosody to version 0.11.12.
- 2021-12-24: Updated Prosody to version 0.11.11.
- 2021-08-05: Updated Prosody to version 0.11.10.
- 2021-05-15: Updated Prosody to version 0.11.9.
- 2021-04-13: Optimised the OpenNIC DNS caching server (better DNS geo handling and faster answers).
- 2021-04-02: Updated Searx search engine to version 1.0.0.
- 2021-03-21: After the upgrade from Debian 9.X to 10.X the Unbound DNS server did no longer work (DoH and DoT was down, too), sorry, my bad, it is working again!
- 2021-03-20: Updated OS from Debian Stretch to Debian Buster.
- 2021-02-18: Updated Prosody to version 0.11.8.
- 2021-02-15: The server had to be shut down for 30 minutes due to faulty hardware, sorry for any inconvenience.
- 2021-01-16: Added modules "cloud_notify_filters" and "cloud_notify_encrypted".
- 2020-12-26: Server was in trouble today due to a DDOS from Turkmenistan (WTF?), fixed now, sorry in case some services weren't as stable as expected.
- 2020-12-17: Updated Searx search engine to version 0.18.0
- 2020-10-03: Updated Prosody to version 0.11.7.
- 2020-09-15: Updated Prosody to version 0.11.6.
- 2020-08-31: Updated Searx search engine to version 0.17.0
- 2020-04-30: Added XEP-0045 (MUC presence probes)
- 2020-04-21: Added XEP-0215 + TURN-Server for audio/video calls.
- 2020-03-26: Updated Prosody to version 0.11.5.
- 2020-02-01: Updated Searx search engine to version 0.16.0
- 2020-01-21: Updated Prosody to version 0.11.4.
- 2019-10-28: Added the meta search engine Searx to the server.
- 2019-10-02: Updated Prosody to version 0.11.3.
- 2019-09-11: Added DNS-over-HTTPS (DoH) services ( https://www.jabber-germany.de/dns-query ).
- 2019-08-12: Webserver was down since September, 22nd, after a reboot ... no one recognised (or simply did not let me know), just figured myself ;-) .
- 2019-06-27: On July, 18th 2019 the server will be down between 11:00h and 12:00h (TZ Europe/Berlin) for security updates (Intel ZombieLoad/MDS).
- 2019-06-10: Added XEP "converse.js".
- 2019-05-14: Activated fail2ban to scan for failed authentication attempts, ending up in blocking the corresponding ip address(es) for a while.
- 2019-01-16: A DDOS attack happened tonight, torturing the free, uncensored DNS server, filling up the logfiles (some dozend GB), ending up in 100% disk space usage. Sorry for that, I assume some people might had issues with XMPP the last 12 hours, too. All cleaned up now, and I will reduce the logging verbosity of the iptables entries.
- 2019-01-11: Updated Prosody to version 0.11.2.
- 2018-11-30: Updated Prosody to version 0.11.1.
- 2018-11-25: Updated Prosody to version 0.11.0.
- 2018-08-31: On September 3rd, 2018 (03.09.2018) the server will be down between 10:00h and 12:00h CEST for around 30 minutes due to a maintenance/security update (Intel Spectre/SpectreNG etc.).
- 2018-08-07: Webregistration activated (next to the manual account request mechanism via email).
- 2018-07-25: XMPP over HTTPS is activated from today onwards (for clients being blocked by some odd firewall rules, like from internet cafes, Free-Wifi APs and such).
- 2018-07-25: Moved Prosody server and all accounts to new server box which is more than twice as fast. Upgraded Debian OS, too, during this procedure.
- 2018-07-12: Added free DNS and DNS-over-TLS services (in addition to the XMPP service).
- 2018-06-01: Update from Prosody version 0.10.1 to 0.10.2.
- 2018-05-29: MUC service down this morning. New module "mod_vcard_muc" was causing the issue, which is disabled for now. Update: Opened a bug report, module should be fixed in the meantime. Update: Bug was fixed here https://issues.prosody.im/1152.
- 2018-05-17: Update from Prosody version 0.10.0 to 0.10.1.
- 2018-01-08: Service was down for an hour due to the Meltdown bugfix (and the necessary reboot of the server afterwards).
- 2017-12-30: Update from 0.9.12 to 0.10.0, including latest module versions and omemo_all_access support (alpha release from Daniel G., thanks!!). I wish you all the best for 2018...
- 2017-10-03: 30 minutes outage this morning, did some preparations for the new version 0.10, ran one wrong command :-( ... and had to restore some things from the nightly backup. Sorry, my bad.
- 2017-09-27: Will remove XEP-0138 upon the next restart of the server due to https://hg.prosody.im/prosody-modules/rev/3092ae96c1f0.
- 2017-09-18: This morning messages were queued forever at some point, don't know what happened. I did install the latest mod_mam.lua last weekend, after reverting this module to the previous version and restarting the server the messages started flowing again. I need to investigate whether the latest mod_mam.lua is/was the root cause of the issue. Update: opened an issue ticket at Prosody. Update: Missed a patch in mod_mam.lua, sorry.
- 2017-08-31: There are rare situations where the Prosody XMPP server is using 100% CPU time for a longer time period (+10 minutes or so), for no obvious reasons, the logfile does not print anything useful at those times, and running "perf" on a LUA process isn't helpful either, so I need to start debugging things *sigh*. Currently a monitoring tool is restarting the process automatically in those rare situations.
- 2017-08-10: Increased max size for http_upload from 10 to 20 MB and expiry from 7 to 14 days.
- 2017-07-18: This afternoon XMPP clients reported certificate and connection errors here and there, happened to me with Conversations, too. It was fine again an hour or two later. Don't know what happened, of course problems like this always happen while being on vacation :-) .
- 2017-07-16: The prosody server was looping today, using 100 percent CPU time, new connects failed, so I had to do a full restart. I have no idea yet what the problem was, the logs don't show anything obvious unfortunately. Update: the max amount of file descriptors was reached, I increased the limits accordingly, should be fine from now on, sorry for the issue.
- 2017-06-20: Moved mam storage from RAM to xmlarchive since the memory usage of the prosody server constantly increased, causing serious trouble.
Have fun ;-) !!!
Impressum