|Last modified: 14-11-2012|
INN for the Impatient
organization: My Very Fine Company
telnet localhost nntp
Connected to localhost.localdomain.
Escape character is '^]'.
200 localhost InterNetNews server INN 2.2.1 25-Aug-1999 ready
Subject: testing new INN installation
Date: 26 April 2000 18:00:00 GMT
Connection closed by foreign host.
News servers can be either leaf nodes (a site that does not serve as a pathway for articles between other sites. The only articles it sends to its neighbors are locally generated ones), hub nodes (sites that are responsible for transporting news between all of the various news systems that comprise Usenet), or gateways (set up to to allow access to mailing lists in newsgroups, or to offer access to newsgroups to people who do not have acess to Usenet.)
In a nutshell, the INNd daemon only waits for connections, from your
newsfeed or clients on your LAN. If an incoming connection originates from a
client, it forks an instance of NNRPd to handle the rest of the NNTP
session between your local news server and a client. Access rights from clients
are checked with the nnrpd.access file.
As both feeds and clients connect to the same port number (119), INN can tell them apart based on the hosts.nntp file which lists news server with which your news server interacts. Practically, it should contain only a reference to the news feed at your ISP.
NNTP is both a relayer-to-relayer transport protocol and a newsreader-access protocol, and basic NNTP commands are inews, ihave, head. The collection of NNTP newsreader services is called the "Network News Reader Protocol", or NNRP, and is implemented under INN as nnrpd.
In addition to its own configuration file (/etc/news/inn.conf), INNd
uses the configuration file active which lists the newsgroups
your server will accept from your ISP and will make available to your users.
Each article generates a log entry in the history file, which
can grow pretty big. You do not need to back it up as it can be re-created following
Whether you'll be running it as a private news server (ie. it will only contain private, corporate newsgroups) or a public news server (ie. it is fed by a news server at your ISP and will contain some or all of the newsgroups available from your ISP) depends on the active file. Articles are saved in a tree structure of sub-directories that maps the newsgroup architecture. When installing INN through an RPM package, this tree could be located under /var/spool/news/ . Sub-directories are created automatically by INNd as needed, and articles belonging to the same newsgroup are saved in the adequate sub-directory. As an example, article #57 in comp.lang.pascal will be saved in
, along with other articles currently available on your news server for newsgroup comp.lang.pascal.
Articles that are generated locally are uploaded to your newsfeed by running
NNTPSEND, which is actually a script that calls the INNXMIT binary.
Where articles generated by your local users are sent and how they are sent is determined by the newsfeed file. Setting up this file is probably the hardest part of installing INN on your network.
Changes to your news server can be done by running the binary ctlinnd
with ad hoc parameters. Ctrlinnd also makes use of its configuration file control.ctl.
Changes are actually sent to INNd through special types of news articles that
contain an additional Control field. Common tasks are cancel (to remove articles),
creating and removing groups (newgroup and rmgroup), verifying the groups that
should exist in a hierarchy (checkgroups), sending information about your system
(sendsys, senduuname, and version), and implementing a special type of feed
usually used by UUCP systems (ihave and sendme.)
As the news feed could send such control articles and make changes to your server, it is highly recommended that you take advantage of the PGP feature to only allow changes from your ISP.
ra/ra.nrl.navy.mil:*,!psu.*/!psu:Tf,Wnm:The first field is very important, as NNTPSEND uses it to tell whether an article available on your local server was generated locally or originated from your feed. In other words, an article that contains this first line in its PATH field was already dowloaded from your feed and should not be uploaded to your ISP. ra is the name of the feed, and ra.nrl.navy.mil is an alias for ra. Using a Fully-Qualified Domain Name ensures that this entry in the Path field is unique.
The second field (*,!psu.*/!psu) tells what articles will be sent out to the site ra (ra.nrl.navy.mil), namely all articles except those found under the psu. newsgroups (Pennsylvania University), and those with a Distribution field of psu .
The last field specifies that the feed is a file feed (Tf; most feeds are file feeds), and that the relative parth name and the Message-ID of the article should be written to this file (Wnm; The "n" means "relative path name", the "m" means "Message-ID of the article").
By default, the output file is called the same name as your feed file, and is in your out.going directory. In this exemple, every article meant for the ra feed will have its filename and Message-ID written to the file /var/spool/news/out.going/ra.
Remember that any change to a file requires that you relaunch INNd (here, through ctlinnd reload newsfeed 'testing' ).
This tells nntpsend that articles in the feed file "ra" (really, /var/spool/news/out.going/ra), should be sent to the site "ra.nrl.navy.mil".
The format of the active file is four fields per line, separated by single spaces. The fields are: the group name, the maximum article number in the group, the minimum article number in the group, and a control flag for the group (usually either y for an unmoderated group or m for a moderated one.) If you try to post an article to a moderated newsgroup, the posting agent mails the article to the moderator for consideration, rather than sending it to your host's relayer.
Here are some samples:
control 0001671903 0001530841 y
news.announce.newsgroups 0000006307 0000006117 m
The maximum and minimum fields are fixed length, now typicall ten digits, and padded with zeros. For local newsgroups, use organization-specific names, eg. acme.general, to avoid clashes with established newsgroups names.
When the control flag is set to n, the newsgroup does not accept any
locally generated postings. Setting the control flag to x for a group
causes any article posted only to that group to be completely discarded, which
is useful when your feed is sending you something that you can't manage to make
him stop, but that you don't want to waste any resources storing.
INN also support flag j to accept articles for groups that you don't want stored in the regular newsreader space, but do want to be able to propagate to neighbors. The articles are instead stored in the junk pseudogroup and propagated according to their Newsgroups headers.
The = flag can be used to file articles from one newsgroup in another group.
Keep an eye on explicit expiry dates set by someone who decided that his articles deserver to expire when he wants them to. The entries in the history file should be retained for at least a week, even if the articles themselves expire sooner, so that the news software can detect duplicate copies of arriving articles.
The following sample specifies that history entries should be kept for at
least 14 days, that default newsgroups should have their articles kept for a
minimum of one day with a the default expiration of 7 days (if there is no "Expires"
header) and 21 days at the maximum, while settings for the psu.* newsgroups
should be 1 day, 14 days, and 28 days, respectively:
Default settings should be listed first, and specific settings last.
In case your host has been down for a while, first do an immediate expire run with much shorter expiry times than usual, to make room for the incoming deluge from your feed.
If your news server contains both Internet newsgroups, and private corporate newsgroups, users could end up cross-posting to both public and private newsgroups. Besides keeping two separate servers (one for Internet newsgroups as delivered by your ISP, and another for corporate newsgroups only), you could set up your news software to forbid crossposting to both internal and external newsgroups. Actually, this is an additional protection, since it's possible for an outsider to post an article to both a Usenet newsgroup and one of your internal newsgroups, if he knows the name of the internal newsgroup, and thus, mislead your own users into posting followup articles that also go to both newsgroups.
Also watch out for the ihave/sendme control-message protocol: Even though message IDs are no longer very predictable, an outside could still get confidential information posted to internal newsgroups. Disable ihave/sendme control messages.
ctrlinnd newgroup linux.acme.com.newgroup1 y "Adding newgroup1, non-moderated"
ctrlinnd rmgroup linux.acme.com.newgroup1
ctrlinnd changegroup linux.acme.com.newgroup1 m "Changing newgroup1 to moderated"
On the other hand, if you need to make heavy changes to the active
file, use the following sequence:
ctlinnd pause "John Doe/Pausing INN to update active file"Note: The "reason" (ie. the string) given in a go command must match what is given in the string of the pause command.
-- Here, edit the active file with your favorit editor or through a script
ctlinnd reload active "John Doe/Reloading the active file"
ctlinnd go "John Doe/Pausing INN to update active file"
Here's a sample script to add several newsgroups to the active file:
ctlinnd pause 'adding new rec.photo group'
ctlinnd flush <CHECK: If this still needed?>
cat >> active << EOF
rec.photo.advanced 0000000000 0000000000 y
rec.photo.darkroom 0000000000 0000000000 y
ctlinnd reload active 'rec.photo reorg'
ctlinnd go 'adding new rec.photo groups'
Caution: Since a cltinnd newgroup/rmgroup could have arrived before you paused innd, run a ps and check for any active control message scripts, like newgroup or rmgroup, before proceeding with the active file update.
Connected to linux.acme.com.Under development.
Escape character is '^]'.
200 news.acme.com InterNetNews NNRP server INN 2.2.2 13-Dec-1999 ready (posting ok).
Subject: Boot-time Usenet warning on linux.acme.com... you need to run news.daily from /etc/cron.daily:
From: firstname.lastname@example.org (news)
Old .news.daily file; need to run news.daily?
<CHECK: Does running this script when connected as root cause history files to end up being owned by root and cause INN to crash?>