Administering a Sound Usenet II Site

C News
by Fluffy <fluffy@meow.org>
edits by Russ Allbery <eagle@eyrie.org>
Last modified July 13, 2014

TABLE OF CONTENTS

This is part two of a three part FAQ on maintaining a sound Usenet II site. This first part contains an introduction and overview, including pointers to more information on Usenet II, and then details on configuring INN for Usenet II sondness. The this part covers C News, and the third part covers other news servers (DNEWS, Typhoon, Cyclone, and Diablo) and the credits.

C NEWS CONFIGURATION

Fixing the Server

One requirement for meeting Usenet II's soundness rules is that articles from your site must contain an NNTP-Posting-Host header that the poster cannot change. C News, being unaware of NNTP, doesn't know how to do that. Here's a fix.

  1. Go into your $NEWSCTL directory (normally /usr/lib/news) and cat versionname. If it says anything other than 'Cleanup Release, with patch CR.G', be careful. I haven't checked these fixes to see if they make sense on older versions.

  2. cat mailname. Make sure that it is the fully qualified Internet domain name of your news server, or at the very least the FQDN of some real host in your domain. This is important, because it is what will appear in your NNTP-Posting-Host headers.

  3. cd $NEWSBIN/inject and apply the following patch to pnews (The server date stuff isn't technically required, but it will ease log searches if you ever have soundness problems.):

    =====begin=====
    *** pnews	Mon Aug 29 16:04:29 1994
    --- pnews	Wed Mar 11 12:32:16 1998
    ***************
    *** 10,15 ****
    --- 10,17 ----
      prefix=/tmp/pn$$		# default prefix
      hdrs=/tmp/pn$$hdrs		# 1036-conformant headers
      rmlist="$inhdrs $inbody $hdrs"	# remove hdr & body files by default
    + myhost=`cat $NEWSCTL/mailname`
    + serverdate=`date -u +"%d %h %Y %T GMT"`
      
      umask $NEWSUMASK
      
    ***************
    *** 62,68 ****
      
      	# badsites="pucc.bitnet!"  # tailor, syntax is "host1!host2!...host3!"
      	awk -f $NEWSBIN/inject/defhdrs.awk \
    ! 	 defpath="$badsites$defuser" \
      	 deffrom="$defuser$defmailsuf$fullname" deforg="$deforg" \
      	 defmsgid="$defmsgid" me="$defhostname" $hdrs >$inhdrs
      	status=$?
    --- 64,71 ----
      
      	# badsites="pucc.bitnet!"  # tailor, syntax is "host1!host2!...host3!"
      	awk -f $NEWSBIN/inject/defhdrs.awk \
    ! 	 myhost="$myhost" serverdate="$serverdate"\
    ! 	 defpath="$badsites$defuser"\
      	 deffrom="$defuser$defmailsuf$fullname" deforg="$deforg" \
      	 defmsgid="$defmsgid" me="$defhostname" $hdrs >$inhdrs
      	status=$?
    =====end=====
  4. And now, a patch for $NEWSBIN/inject/defhdrs.awk:

    =====begin=====
    *** defhdrs.awk	Mon Aug 29 16:04:29 1994
    --- defhdrs.awk	Wed Mar 18 07:19:24 1998
    ***************
    *** 25,30 ****
    --- 25,33 ----
      	distrname = "Distribution:"
      	sendername = "Sender:"
      	expiresname = "Expires:"
    + 	badnntpname = "Nntp-Posting-Host:"
    + 	nntpname = "NNTP-Posting-Host:"
    + 	serverdatename = "X-Server-Date:"
      
      	# nullify headers with empty contents
      	for (i in hdrval)
    ***************
    *** 58,63 ****
    --- 61,70 ----
      		hdrval[sendername] = sendername " " deffrom
      
      	# replace user's headers (if any) [this is not currently done]
    + 	if (hdrval[badnntpname] != "")
    + 		hdrval[badnntpname] = ""
    + 	hdrval[nntpname] = nntpname " " myhost
    + 	hdrval[serverdatename] = serverdatename " " serverdate
      
      	# snuff some headers
      	distworld = distrname " world"
    =====end=====
  5. Okay, that's it! C News now has an NNTP-Posting-Host that the poster cannot change, no matter how articles are injected (unless you dump directly into rnews, but hey, INN will let you do that too.)

Fixing Reference NNTP

If you are using any NNTP older than version 1.5.12, upgrade. NNTP versions 1.5.11 and earlier allowed the poster to override [X-]Nntp-Posting-Host, which is a Bad Thing in Usenet II terms. Some sites may have patched 1.5.12 to allow users to override the posting host; if so, you'll need to restore the default behavior.

In server/spawn.c, about line 100, NNTP sets the X-Nntp-Posting-Host header. Some sites have changed this to instead use the name "Nntp-Posting-Host" because that's what versions before 1.5.12 did. If you made such a change, please return to the 'X-Nntp-Posting-Host' form so that our C News patch won't wipe out NNTP's host information.

Finally, review your nntp_access file. Make sure that only peers and not clients have 'xfer' or 'both' (IHAVE) permission. Force auth (capitalize the nntp_access entry) if you need a combination. Stock Reference NNTP doesn't know about shadow passwords; I've got a tiny patch if needed.

Setting up your Feeds

I haven't found a good way to keep stock C News from accepting unsound articles, but we can avoid passing them along to other Usenet II sites without much trouble. For now, just don't peer with sites who want to feed you junk =) [There are some inbound filters available, but I'm still evaluating them.]

  1. Set up your outbound Usenet 2 feeds like this:

      usenet2.feed/u2site,unsoundpeer1,unsoundpeer2:net/4gh,!all:n:

    The 'unsoundpeer' exclusions (replace them with the real path entries used by your non-U2 peers) will keep unsound articles from passing to your sound peers. The '4gh,!all' distribution field makes sure that improperly marked messages from your own or other servers aren't offered to the rest of the net.

    If you also send non-U2 groups to a usenet2 peer, you'll need another sys entry for them, something like:

      u2site.other.groups/u2site:all,!net/all,!4gh:n:

    The !net and !4gh are probably good ideas for /all/ your unsound peers.

  2. Add this entry to your mailpaths:

      net	%s@moderators.usenet2.org
  3. Add to your controlperm:

      net	control@usenet2.org	n	y
      net	control@usenet2.org	r	nv
      net	any			nr	nq

    [PGP information to be added later.]

    C News does not let you set permissions on checkgroups messages, but its behavior is reasonably sane: active won't be touched.

Converted to XHTML by faq2html version 1.33