I know I annoyed you a lot lately. But you have my word: it’s over.



What cause’d the trouble? Well let me explain.

The server for changed a few weeks ago. Now it’s running on some shiny new SSDs with an awesome performance. But… I also had to reinstall the OS. Normally I get the new server, Install and configure everything and set my home-DNS Server so it points to the new server. This allows me to test everything before I do the big move to the new server.

Everything seemd to be fine and everything was working as a charm, and it was damn fast too.

Then I installed the first system updated and shit hit the fan. The webserver didn’t came up and some other services were not responding anymore. Bughunting revealed that the server was too fast.

  • Boot up
  • start network interfaces
  • start webserver
  • // webserver crash: network not ready
  • network ready

I think you see the problem.


It took me hours of research, reading errorlogs and try things, reboot the server, reinstall the whole server, and so on.

Today I got it. Everything returned to normal.



At least now I understand systemd and how to handle its units…



Hi everyone.

You might realized it: has a new set of certificates.

Since I use Letsencrypt certificates are getting changed every 3 month.

If you get a warning about a new certificate you can compare the certificate used on the homepage.



After some years, it finally happened.!

But lets start from the beginning:

Last week, on the 21st of june, I got a ticket with a “lost password” topic.
I proved the rightful owner by asking him for 5 contacts out of his list and some details he put in when the account was created.
Sadly there wasn’t an email connected to this account.

I reset the password and wrote the new password to the ticket. – BAD MISTAKE.

I don’t know how, but the guy which requested the password was NOT the rightful owner. The real owner contacted me just a few hours later.
And he COULD authenticate and proove it was his account due earlier tickets he created. He names me the right email address and so on.

I could give him his account back and learned a good thing. But now I am in a twist.

I don’t want your personal information. IAF uses the principle of “as less data as possible, as much data as needed”.
You can use completely anonymized, with TOR and so on.
But I need some information to validate your rightful ownership in cases like this.

So heres a semi good Idea:

Add a valid email address to your profile. Use a spamming adress. One you don’t need everyday. One which can float around on the net.

If you need a password reset, or something, I will write to THIS address, attached to your Jabber Account.

If someone tries to steal your account, and can trick me into believing its his account, not yours, you might can’t login. But then you can be sure your new password is in YOUR mailbox and your account is still safe from others.

Nobody is perfect. I have a lot of security, but in the end I’m human. And if someone can answere all security questions, and fool me into reset a password, there is still this last step.

Hope you can understand what I try to say.

  • Use different passwords for different services!
  • Use a Password generator if you can’t find good passwords!
  • Suggestion: Keepass2


Related: How secure is

Hi everyone.

Some of you might recognized, some might not: has a new set of SSL certificates.
And now the Web and the XMPP Server use the same set of certs.

The last years I used a lot of certificate providers. Startcom, Geotrust, RapidSSL, Symantec etc.etc.
Now I try a new provider: Lets Encrypt.

– It’s free (less costs for me)
– It’s scriptable. Means I don’t have to update them by hand and restart all services. – This can be done automatically
– I get a warning if my certs are running out
– Same cert for Webserver and Chatserver

– They are only valid for three month. So there are four changes/year instead of one.

If you get a certificate warning when connecting to, be sure you have the right certificate.

Serial number:
‎03 3e 4b db ec 5f 92 ce 19 32 d9 71 e8 04 d3 22 8e 91

Finger print:
‎f5 d2 a6 20 41 6b 22 b8 4e f7 6f 22 f9 4e 6f 32 b3 27 61 38

Let’s Encrypt Authority X3

Valid until:

Thanks for your patience

Oh, by the way: score
SSL Labs A+ rating 😀

In tha last days I reworked the whole encryption/page security thing.

And I got my A+ rating on back :). Unfortunately also many old and outdated browsers and platforms are no longer able to connect to the homepage of You can have a look on the rating to see which devices are now not able to connect to

This does not affect the mail or jabber server. They have an own set of encryption algorythms.

Sorry for the recent restarts, but I am still NOT DONE with those spamming cunts.

For all the new people here: In-Band registration is now disabled. This means you can’t register an account via Jabber-Client.

If you want to register an account on, you have to do this >>here<< (this was available since months, but I just wanted to point it out again)


So what happend? In the last days I got hundrets and hundrets of spammers and bots which tried to register (in summary) 134.763 accounts on, and They are stupid and didn’t knew that its only possible to create an account every ten minutes from the same IP address, so I could block nearly 90% of their tries without moving a finger. Additional 8% were blocked by my “servers are not allowed to registrate an account” rule. Means if a server on the net (those you can rent from hosting companies) are not allowed to register an XMPP account. (Don’t get me wrong, if you want to use your jabber account on IRSSI or any other CMD-Messenger on linux or windows, feel free to do so, you just couldn’t REGISTER an account.) Anyways. I got sick of it. Then the real spamming started. Russian Jabber messages  about “Quality Jabber Spam, 2 Million accounts! Just contact blahblah@spamm.fu. So I took action.


Here are the latest changes:

  1. In-Band registration is deactivated. Means you have to register an account via Website.
  2. Strangers can’t text you anymore. Means, if you want to chat with somebody, you have to add him to your contact list first.
  3. You still can join MUCs (rooms) and chat with everyone, whisper to anyone and get whispers from anyone in the room.

I hope now the spamming stops. We’ll see.