💾 Archived View for g.nubecita.online › services › very-basic-nntp.gmi captured on 2023-06-14 at 13:58:01. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Very basic set-up to run an innd service

Remember, all executables are in `/usr/libexec/news' (Fedora and Manjaro) or `/usr/lib/news/bin' (Debian and Ubuntu).

Starting inn

Install inn. Configure inn.conf (see Section [Configure inn.conf]), check configuration, and create history databases. Run innd.

sudo dnf install inn

cd /usr/libexec/
cd news/

# See Section Configure inn.conf!
emacs -nw /etc/news/inn.conf

# Checking inn.conf syntax
./inncheck

cd /var/lib/news/
/usr/libexec/news/makedbz -i -o
sudo chown news:news *
chmod 644 *
ls
ll

systemctl start innd
systemctl status innd

Still conection problems: denied access from Gnus client. Because readers.conf do not allow external requests: it needs configuration.

The `journalctl -xeu innd.service' commands says (where XXX.XXX.XXX.XXX is the client IP):

nov 12 11:23:42 HOST nnrpd[85565]: ? reverse lookup for XXX.XXX.XXX.XXX failed: Name or service not known -- using IP address for access nov 12 11:23:42 HOST nnrpd[85565]: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) connect - port 119 nov 12 11:23:42 HOST nnrpd[85565]: Reading access from /etc/news/readers.conf nov 12 11:23:42 HOST nnrpd[85565]: Auth strategy 'localhost' does not match client. Removing. nov 12 11:23:42 HOST nnrpd[85565]: No auth realms to check! nov 12 11:23:42 HOST nnrpd[85565]: XXX.XXX.XXX.XXX removing irrelevant access group localhost nov 12 11:23:42 HOST nnrpd[85565]: XXX.XXX.XXX.XXX no_permission nov 12 11:23:42 HOST nnrpd[85565]: XXX.XXX.XXX.XXX times user 0.012 system 0.012 idle 0.000 elapsed 0.154 nov 12 11:23:42 HOST nnrpd[85565]: XXX.XXX.XXX.XXX time 154 nntpwrite 0(1)

Configure inn.conf

Open `/etc/news/inn.conf' and uncomment the following lines. Fill it with the proper information:

pathhost:                    usenet.my-server.com
domain:                      usenet.my-server.com
server:                      usenet.my-server.com
bindaddress:                 0.0.0.0

Uncomment and complete the following if you are not using systemd to start the innd service.

#runasuser:                 news                                           
#runasgroup:                news

Configure readers.conf

Readers "auth" blocks are checked bottom-up.

Remember to add your local IP (the one starting "192.168.") or any IP referencing the host at the "localhost" auth block.

auth "unauthenticated-user" {
     hosts: "*"
     auth: "ckpasswd -f /var/lib/news/newsusers"
     default: "unauthenticated-user"
}

auth "localhost" {
      hosts: "localhost, 127.0.0.1, ::1, stdin, ADD_YOUR_LOCAL_IP_TOO"
      default: "<localhost>"
  }

access "localhost" {
    users: "<localhost>"
    newsgroups: "*"
    access: RPA
}

access "myusenetnews" {
     users: "*"
     newsgroups: "myusenet.news.*"
}

Check configuration syntax with `/usr/libexec/inncheck'.

👉 It is not required to restart the service! ⚠ Respect strictly the space at `key: value'.

Create at least one newsgroup

Add it

This will create a non-moderated ("y") group. Moderated groups are created witn "m" flag.

/usr/libexec/news/ctlinnd newgroup myusenet.news.notifications y admin

After that check if your group were added with the command explained in Section [List groups].

List groups

Check newsgroups and messages with:

,----

| /usr/libexec/news/getlist

`----

In some systems, `getlist' would not work and the port and host must be provided. The default value of host is to use the `server' value in `inn.conf', or to use the NNTPSERVER environment variable. The host configured in those values may not resolve to an IP. In this case, is preferable to change the `pathhost' and `server' values to the domain name of the server, or to add the server name to `/etc/hosts' Nevertheless, `getlist' can be executed with the following parameters to specify the server IP address and port:

,----

| /usr/libexec/news/getlist -h 127.0.0.1 -p 119

`----

Sending articles to the usenet server

From the server terminal

Sending articles to the server from localhost

Create a file at `~/welcome.txt':

From: admin@example.org
Subject: Welcome!
Newsgroups: myusenet.news.notifications
Date: Sat, 12 Nov 2022 13:44:00 -0300

Welcome to the myusenet Usenet service!

Send it with:

./inews -h ~/welcome.txt

It will say nothing if the article were sent. Also, the output from `journalctl -xeu innd.service' will tell you if the message is accepted:

nov 12 14:22:50 XXXXX innd[89572]: localhost:18 checkpoint seconds 0 accepted 1 refused 0 rejected 0 duplicate 0 accepted size 556 duplicate size 0 rejected size 0 nov 12 14:22:50 XXXXX nnrpd[89834]: HOST post ok <...@HOST.DOMAIN.DOMAIN>

From a client host

Using Gnus and/or Pan require TLS configuration by default!

See Section [Configure TLS].

Configure TLS

Add the following to the inn.conf:

tlscapath:      /etc/news/certs
tlscafile:      /etc/news/certs/chain.pem
tlscertfile:    /etc/news/certs/cert.pem
tlskeyfile:     /etc/news/certs/privkey.pem

Create the certs directory and copy the "let's encrypt" files. ⚠ This is very insecure! So use it for testing purposes.

mkdir /etc/news/certs
cp /etc/letsencrypt/live/MY.HTTP.DOMAINNAME/* /etc/news/certs/
chown -r news:news /etc/news/certs

With this it should be possible to send message from another host to the server.