Administering a Sound Usenet II Site

Other Servers and Credits
by Russ Allbery <>
Last modified November 21, 2018


This is part three of a three part FAQ on maintaining a sound Usenet II site. This first part contains an introduction and overview, including pointers to more information on Usenet II, and then details on configuring INN for Usenet II soundness. The second part covers C News, and the third part covers other news servers (DNEWS, Typhoon, Cyclone, and Diablo) and the credits.


With Diablo, the two things you have to be sure of is that you don't accept net.* from any of your unsound peers and you don't feed net.* to any of your unsound peers. This requires that you add:

    filter net.*
    delgroupany net.*

to the entries for all of your unsound peers in dnewsfeeds. That should be all you have to do.

As of Diablo 1.16-test5, Diablo has some support for Distribution. For your sound feeds, add:

    adddist 4gh

and for your unsound feeds, add:

    deldist 4gh

(This information is somewhat tentative and may not be completely accurate.)


Typhoon is trivial to make sound if your upstream is sound, since then you're only talking through sound sites anyway. Otherwise, add !net.* to UpstreamSubscription if your upstream isn't sound, have your upstream provider add !net.* to your Subscription (and add net.* to FilterSubscription so as not to leak Usenet II traffic back to them), and then add a feed object for each of your sound peers with a Subscription of net.*.

Instead of (or in addition to) asking your upstream to not send you net.*, you can add:

    IncomingGroupFilter net.*

In order to prevent leaking, you will probably also want to add:

    UpstreamFilterSubscription !*,net.*
    UpstreamDistribution *, 4gh

(modifying according to your current settings, of course).

To make sure that new locally-posted articles have the correct distribution in Typhoon, add the appropriate line to etc/distributions (Typhoon should come with the correct line already there, just commented out).

Cyclone and Typhoon both also support external Perl filters that can catch traffic leaking through that isn't caught using the above scheme, as well as checking for other Usenet II rule violations if you wish.


DNEWS is relatively easy to make sound, and it can even enforce most of the Usenet II rules without requiring external filters. You'll need DNEWS 4.5d4 or later for the following to work.

Create the file distrib.conf in the same directory as newsfeeds.conf and place this line in the file (or add this line if distrib.conf already exists):


This ensures that the distribution is 4gh for articles posted to net.*.

In newsfeeds.conf, you should add @net.* to the groups of EVERY feed to your upstream sites (we will create a separate feed for net.* groups to all sound upstream servers later). This prevents leaking (including via crossposting to non-net.* groups) and allows rules to be enforced on articles posted upstream:

            groups *,@net.*

In newsfeeds.conf, you should create a separate feed (yes, you can have multiple feeds to the same site in newsfeeds.conf) for all sound upstream sites to feed just net.* articles:

            groups @*,net.*
            type builtin
            accept default
            reject body "\nContent-Type"
            accept body "text/plain"
            reject body "\nContent-transfer-encoding: base64"

This groups line prevents crossposting to anything outside of net.*. An entry like this should prevent most articles containing binaries from being sent upstream. You may also want to add the line:

            maxcross 3

to prevent articles crossposted to more than three groups from being sent upstream (this is just a bit more restrictive than the rules, but there are very few individuals who should be cross-posting to more than three groups). It would be a good idea to increase the maxcross to perhaps 30 if feeding net.* to downstream sites, but otherwise this is reasonable configuration for feeding net.* to downstream sites.

Optionally, one can also add the following lines to "site me" to reject attempts by users to post binaries to net.* when they post them rather than blocking them from being sent upstream. (This particular rule requires version DNEWS 4.6a or later and may be too CPU intensive for large sites or full feeds.)

    site me
            accept default
            reject body "\nContent-transfer-encoding: base64"
            accept newsgroups !"net"
            accept newsgroups "bina"

If you are sucking net.* from a different (sound) source, then in dnews.conf, you'll want to add !net.* to the main feed (nntp_feeder) and add a new feed (e.g. nntp_suck2):

    nntp_feeder *,!net.*
    nntp_suck2 net.*
    update_at2 *5 *

Or if you are being sent the net.* from a new source (nntp ihave feed), you do not need to add nntp_suck2, just add a line to access.conf:*

You're basically done, just reload the config files:

    tellnews reload

And if you've just added a new site in dnews.conf to get net.* articles, then pick up the new groups with (where 2 is the nntp_suck feed number from above):

    tellnews getgroups 2

That's it.


All non-U2 feeds should be prefixed by !net.* before any other specifics. So, for example, if one is feeding, the entry may look something like:


Remember that the exclusion needs to go before the positive patterns.

To catch leaks of net.* articles coming in from unsound sites, I believe that presently it's necessary to set up inbound filters. If there is some other way of doing this under NNTPRelay, please let me know.


This FAQ is maintained by Russ Allbery <> for the Usenet II community. The first draft was written by me, based on comments and threads in net.config, on the Usenet II rules, and on the original details.txt file (written by Odd Einar Aurbakken).

The information on C News is all from Fluffy.

Additional updates based on comments by Peter da Silva. Diablo information from Michael Shields and Kjetil Torgrim Homme. Typhoon and Cyclone information from Jeremy Nixon, Jeff Garzik, Thomas Boyda, Stig Sandbeck Mathisen, Karsten Thygesen, and Robert Kiessling. DNEWS information courtesy of Craig Anderson. NNTPRelay information from Pete Ashdown.

I am always looking for information about any servers not already listed.

Converted to XHTML by faq2html version 1.33