|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
11 Aug 2008, 11:07 AM | #1 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
chat.messagingengine.com - jabber for all
This is a beta announcement of what I've been working on for the past couple of weeks (modulo firefighting!)
Open up any jabber/XMPP client (I use pidgin, but have tested it with a few others) and use your fastmail login/password (including the domain). Most clients correctly do SRV lookups to find the server. If they don't, just set your server to 'chat.messagingengine.com'. We have federation enabled, so you should be able to chat to any other XMPP user in the world - I've tested with Google Talk and Livejournal, because I have usernames there too. So this means you can chat with your own FM username with no extra effort. Questions: will it support aliases? I'm not sure yet. Have to look at issues like how to store the roster - is it shared or not? A bit tricky. Group chat? I haven't tested that yet. This is a beta after all Anyway - have a play, let me know what you think. I'd like to have a few more users on there to iron out any more bugs before we advertise it to everyone, so forum users, here's your chance to be early adopters again! |
11 Aug 2008, 06:26 PM | #2 |
Cornerstone of the Community
Join Date: Jun 2004
Posts: 740
|
When I connect using iChat under OS X, it reports that the SSL certificate is signed by an unknown certifying authority.
|
11 Aug 2008, 06:41 PM | #3 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
Ahh - I'll pass that one on to Rob to look at. We've got a new certificate (*.messagingengine.com) signed by Digicert. A random google page shows something that seems to recommend them:
http://www.makemacwork.com/secure-instant-messaging.htm as an option... hmm. They are using an intermediate certificate chained back to the Entrust root. It's possible that iChat isn't downloading the intermediate cert? I'm not 100% sure that we've restarted the Jabber server since the intermediate cert got installed actually... I'll restart it now just in case |
11 Aug 2008, 06:43 PM | #4 | |
Cornerstone of the Community
Join Date: Apr 2003
Location: Netherlands
Posts: 507
|
Quote:
Now I need someone to talk to on Jabber (The Netherlands uses MSN almost exclusively...) -- edit -- Whoa, spoke too soon. Adium hops off/on like a mad rabbit. Connects fine, then stays online for about 5 secs, then gives a "read error", goes offline, waits 5 secs, then the whole process starts again. Last edited by bplat : 11 Aug 2008 at 06:49 PM. |
|
11 Aug 2008, 06:49 PM | #5 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
Obnoxious. The server name is chat.messagingengine.com - and it should know that's the host it's negotiating SSL with. Assuming you haven't set an explicit connect host of "fastmail.fm" that is. I think our server is listening on all IP addresses, so fastmail.fm would work.
Can you try putting chat.messagingengine.com as the server? I'll see if there's an instruction for gtalk, because they use a separate server name too... |
11 Aug 2008, 06:55 PM | #6 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
http://209.85.175.104/search?q=cache...ient=firefox-a
Ahh, I see. I'd post the direct link, but trac is returning 500 errors. Basically, you need to explicitly enter chat.messagingengine.com as your server to use SSL, since the RFC is being difficult. Makes it impossible to support multiple domains on a single server just like HTTP all over again. Lovely. I can see their point (otherwise you could just poison SRV records in DNS and make the user verify against an SSL certificate anywhere). Silly SSL. The really stupid thing with SSL in general is you don't want to certify so much "is this the server at foo.bar.com" as you want to certify "am I talking to the same server I was talking to last time". SSH gets this right. |
11 Aug 2008, 07:00 PM | #7 |
Cornerstone of the Community
Join Date: Apr 2003
Location: Netherlands
Posts: 507
|
I've now entered chat.messagingengine.com, and although Adium complains about an unknown CA (DigiCert), it logs me in fine (again). I still have the off/on phenomenon, however.
|
11 Aug 2008, 07:03 PM | #8 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
I guess Adium is trying to do something weird. Hmm.. I don't suppose you can get a protocol dump can you (tcpdump/ethereal/wireshark).
It's ok if it's encrypted, because I have the SSL private key, and can decrypt it... |
11 Aug 2008, 08:12 PM | #9 |
Cornerstone of the Community
Join Date: Apr 2003
Location: Netherlands
Posts: 507
|
I've got a dumpfile (sudo tcpdump -i en0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp, as per Apple's instructions). I'll send it to your mailaccount.
|
11 Aug 2008, 09:03 PM | #10 | |
Cornerstone of the Community
Join Date: Jun 2004
Posts: 740
|
Quote:
This is what I get when I connect to chat.messagingengine.com using openssl s_client: Code:
$ openssl s_client -connect chat.messagingengine.com:5223 CONNECTED(00000003) depth=0 /C=AU/ST=Victoria/L=Melbourne/O=Messaging Engine Pty Ltd/CN=*.messagingengine.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=AU/ST=Victoria/L=Melbourne/O=Messaging Engine Pty Ltd/CN=*.messagingengine.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=AU/ST=Victoria/L=Melbourne/O=Messaging Engine Pty Ltd/CN=*.messagingengine.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=AU/ST=Victoria/L=Melbourne/O=Messaging Engine Pty Ltd/CN=*.messagingengine.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA --- Server certificate -----BEGIN CERTIFICATE---- Code:
$ openssl s_client -connect mail.messagingengine.com:imaps CONNECTED(00000003) depth=2 /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=AU/ST=Victoria/L=Melbourne/O=Messaging Engine Pty Ltd/CN=*.messagingengine.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority 2 s:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- |
|
12 Aug 2008, 03:13 AM | #11 |
Cornerstone of the Community
Join Date: Mar 2003
Location: Baltimore, MD (USA)
Posts: 835
|
So how does one set this up with a hosted domain? I'm not having much luck getting this working in Pidgin; all I'm getting is "Read Error"...
|
12 Aug 2008, 03:32 AM | #12 | |
Cornerstone of the Community
Join Date: Jun 2001
Posts: 879
|
Quote:
-- Kirill |
|
12 Aug 2008, 04:25 AM | #13 | |
Cornerstone of the Community
Join Date: Mar 2003
Location: Baltimore, MD (USA)
Posts: 835
|
Quote:
Screen name: my account name Domain: my family domain Resource: Home Password: my FM login password On the Advanced tab, I've entered "chat.messagingengine.com" as my server and I've checked & unchecked the Require SSL/TLS box. Do I need to change ports? I've tried 80, 443, 5222, and 5223. |
|
12 Aug 2008, 07:42 AM | #14 | |
Cornerstone of the Community
Join Date: Jun 2001
Posts: 879
|
Quote:
If there's a setting for allow plaintext auth or something like this, you should choose that. This is what I right now can think out of my head. (FM's Jabber server doesn't seem to provide SASL authentication... yet.) -- Kirill |
|
12 Aug 2008, 08:48 AM | #15 |
Master of the @
Join Date: Feb 2004
Location: New Hampshire, USA
Posts: 1,561
|
Seems to go OK for me with iChat, until it pops a dialog asking
Code:
Your name and password will be sent in a way that is not secure. Do you still wish to connect to this server? Should I be able to log in securely? If so, would the session also be secure? |
Thread Tools | |
|
|