mirror of https://github.com/tLDP/LDP
717 lines
30 KiB
Plaintext
717 lines
30 KiB
Plaintext
<section><title>Setting up CNews + NNTPd</title>
|
|
|
|
<section><title>Getting the sources and stuff</title>
|
|
|
|
<section><title>The sources</title>
|
|
|
|
<para>C-News software can be obtained from
|
|
<literal>ftp://ftp.uu.net/networking/news/transport/cnews/cnews.tar.Z</literal>
|
|
and will need to be uncompressed using the BSD
|
|
<literal>uncompress</literal> utility or a compatible program. The
|
|
tarball is about 650 KBytes in size. It has its own highly intelligent
|
|
configuration and installation processes, which are very well
|
|
documented. The version that is available is Cleanup Release revision G,
|
|
on which our own version is based.</para>
|
|
|
|
<para>NNTPd is available from
|
|
<literal>ftp://ftp.uu.net/networking/news/nntp/nntp.1.5.12.1.tar.Z</literal>.
|
|
It has no automatic scripts and processes to configure itself. After
|
|
fetching the sources, you will have to follow a set of directions given
|
|
in the documentation and configure some C header files. These
|
|
configuration settings must be done keeping in mind what you have
|
|
specified when you build the C-News sources, because NNTPd and C-News
|
|
must work together. Therefore, some key file formats, directory paths,
|
|
<emphasis>etc.</emphasis>, will have to be specified identically in both
|
|
software systems.</para>
|
|
|
|
<para>The third software system we use is Nestor. This too is to be
|
|
found in the same place where the NNTPd software is kept, at
|
|
<literal>ftp://ftp.uu.net/networking/news/nntp/nestor.tar.Z</literal>.
|
|
This software compiles to one binary program, which must be run
|
|
periodically to process the logs of <literal>nntpd</literal>, the NNTP
|
|
server which is part of NNTPd, and report usage statistics to the
|
|
administrator. We have integrated Nestor into our source base.</para>
|
|
|
|
<para>The fourth piece of the puzzle, without which no Usenet server
|
|
administrator dares venture out into the wild world of public Internet
|
|
newsfeeds, is <literal>pgpverify</literal>.</para>
|
|
|
|
<para>We have been working with C-News and NNTPd for many years now, and
|
|
have fixed a few bugs in both packages. We have also integrated the four
|
|
software systems listed above, and added a few features here and there to
|
|
make things work more smoothly. We offer our entire source base to
|
|
anyone for free download from
|
|
<literal>http://www.starcomsoftware.com/proj/news/src/news.tar.gz</literal>.
|
|
There are no licensing restrictions on our sources; they are as freely
|
|
redistributable as the original components we started with.</para>
|
|
|
|
<para>When you download our software distribution, you will extract it
|
|
to find a directory tree with the following subdirectories and files:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para><literal>c-news</literal>: the source tree of the CR.G
|
|
software release, with our additions like
|
|
<literal>pgpverify</literal> integration, our scripts like
|
|
<literal>mail2news</literal>, and pre-created configuration
|
|
files.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>nntp-1.5.12.1</literal>: the source tree of the
|
|
original NNTPd release, with header files pre-configured to fit in
|
|
with our configuration of C-News, and our addition of bits and
|
|
pieces like Nestor, the log analysis program.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>howto</literal>: this document, and its SGML
|
|
sources and Makefile.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>archives</literal>: a directory containing the
|
|
tarballs of the original C-News, NNTPd, Nestor and
|
|
<literal>pgpverify</literal> source distributions, in case you want
|
|
them. Strictly speaking, the <literal>archive</literal> directory is
|
|
not necessary unless you want to study what changes we have made,
|
|
what files we have added, to the original sources.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>build.sh</literal>: a shellscript you can run
|
|
to compile the entire combined source tree and install binaries in the
|
|
right places, if you are lucky and all goes well.
|
|
</para></listitem>
|
|
</itemizedlist>
|
|
|
|
<para>Needless to say, we believe that our source tree is a better
|
|
place to start with than the original components, specially if you
|
|
are installing a Usenet server on a Linux box and for the first time.
|
|
We will be available on email to provide technical assistance should
|
|
you run into trouble.</para>
|
|
|
|
</section>
|
|
|
|
<section><title>The key configuration files</title>
|
|
|
|
<para>Once you get the sources, you will need some key configuration
|
|
files to seed your C-News system. These configuration files are
|
|
actually database tables, and are changing frequently, whenever
|
|
newsgroups are created, modified or deleted. These files specify
|
|
the list of active newsgroups in the ``public'' Usenet. You can,
|
|
and should, add your organisation's internal newsgroups to this
|
|
list when you set up your own server, but you will need to know
|
|
the list of public standard newsgroups to begin with. This list
|
|
can be obtained from the same FTP server by downloading the files
|
|
<literal>active.gz</literal> and <literal>newsgroups.gz</literal> from
|
|
<literal>ftp://ftp.uu.net/networking/news/config/</literal>. You
|
|
can create your own <literal>active</literal> and
|
|
<literal>newsgroups</literal> files by retaining a subset of the entries
|
|
in these two files. Both these are ASCII text files.</para>
|
|
|
|
<para>Getting the sources from our server will not obviate the need to
|
|
get the latest versions of these files from
|
|
<literal>ftp.uu.net</literal>. We do not (yet) maintain an up-to-date
|
|
copy of these files on our server, and we will add no value to the
|
|
original by just mirroring them.</para>
|
|
|
|
</section>
|
|
|
|
</section>
|
|
|
|
<section><title>Compiling and installing</title>
|
|
<para>
|
|
For installing, first make sure you have an entry for a user called
|
|
<literal>news</literal> in your <literal>/etc/password</literal> file. Add one if not present. This
|
|
is setting the news-database owner to <literal>news</literal>. Now download
|
|
the source from us and untar it in the home directory of news. This creates
|
|
two main directories <emphasis>viz.</emphasis> <literal>c-news</literal>
|
|
and <literal>nntp</literal>.
|
|
To install and compile, run the script <literal>build.sh</literal> as root
|
|
in the
|
|
directory that contains the script. It is important that the script run as
|
|
<literal>root</literal> as it sets ownerships and installs and compiles as
|
|
<literal>news</literal> and hence should have adequate permissions to do
|
|
this. This
|
|
is a one-step process that puts in place both the C-News and the
|
|
NNTP software, setting correct permissions and paths.
|
|
Following
|
|
is a brief description of what build.sh does:
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para>
|
|
Checks for the <literal>OS</literal> platform and exits if
|
|
it is not <literal>Linux</literal>.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Again, exits if you are not running as
|
|
<literal>root</literal>.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Looks for and exits if cannot find the above two directories.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Compiles <literal>C-News</literal> and exits on error. This builds
|
|
all the software. Writes the error into a file called <literal>make.out</literal>. Read it to
|
|
determine the cause. Also, performs regression tests if the
|
|
compilation was successfull and does not exit on error. Sends out a
|
|
warning to read the error file <literal>make.out.r</literal> and fix 'em.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Performs the above operation in the <literal>nntp</literal> directory, too.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Checks the presence of the three key directories:
|
|
<literal>$NEWSARTS - (/var/spool/news)</literal> that houses the artciles,
|
|
<literal>$NEWSCTL -(/var/lib/news)</literal> that contain
|
|
the configuration, log and status files and <literal>$NEWSBIN -
|
|
(/usr/lib/newsbin)</literal> that contain the binaries and
|
|
executables for
|
|
the working of the Usenet News system. Tries to create them if non-existent
|
|
and exits if it results in failure.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Changes the ownership of these directories to <literal>news.news</literal>.
|
|
This is important since the entire Usenet News System runs as user <literal>news.</literal> It
|
|
will not function properly as any other user.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Then starts the installation process of C News. It runs
|
|
<literal>make install </literal>to install binaries at the right locations; <literal>make setup </literal>to set
|
|
the correct paths, umask, create directories for newsgroups, determine who
|
|
will receive reports; make ui to set up inews and injnews and
|
|
make readpostcheck to use readnews, postnews and checknews provided by
|
|
C News. The errors, if any are to be found in the respective make.out
|
|
files. e.g. make.setup will write errors to make.out.setup
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
<literal>Newsspool</literal> which queues incoming
|
|
batches in <literal>$NEWSARTS/in.coming</literal> directory should run as
|
|
set-userid and set-groupid This is done.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
A softlink is made to <literal>/var/lib/news</literal> from
|
|
<literal>/usr/lib/news.</literal>
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The NNTP software is installed.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Sets up the manpages for C News and makes it world
|
|
readable. The NNTP manpages get installed when the software is installed.
|
|
Compiles the C News documentation guide.ps and makes it readable and
|
|
available in <literal>/usr/doc/packages/news</literal> or
|
|
<literal>/usr/doc/news</literal>.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Checks for the PGP binary and asks the administrator to get
|
|
it if not found.
|
|
</para></listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section><title>Configuring the system: What and how to configure files?</title>
|
|
<para>Once installed, you have to now configure the system to accept feeds and
|
|
batch them for neighbours. You will have to do the following:</para>
|
|
<itemizedlist>
|
|
<listitem><para><literal>nntpd</literal>:
|
|
Copy the compiled nntpd into a directory where
|
|
executables are kept and activate it. It runs on port 119 as a daemon
|
|
through inetd unless you have compiled it as stand-alone.
|
|
|
|
An entry in the services file for nntp would look like this:
|
|
<programlisting>nntp 119/tcp \# Network News Transfer Protocol</programlisting>
|
|
|
|
An entry in the inetd.conf file will be:
|
|
<programlisting>nntp stream tcp nowait news path-to-tcpd path-to-nntpd</programlisting>
|
|
|
|
The last two fields in the inetd.conf file are the paths to binaries of the
|
|
tcp daemon and the nntpd daemon respectively.
|
|
</para></listitem>
|
|
|
|
<listitem><para><emphasis role=bold>Configuring control files:</emphasis>
|
|
There are plenty of control files in <literal>$NEWSCTL</literal> that will
|
|
need to be configured before you can
|
|
start using the news system. The files mentioned here are explained in some
|
|
detail in chapter 8, section 8.1. The files to be configured are dealt in
|
|
detail in the following section.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem><para><literal>sys</literal>:
|
|
One line per system/NDN listing all the
|
|
newsgroup hierarchies each system subscribes to. Each line is prefixed
|
|
with the system name and the one beginning with ME: indicates what we
|
|
are going to receive. Following are typical entries that go into this
|
|
file:
|
|
|
|
<programlisting>ME:comp,news,misc,netscape</programlisting>
|
|
|
|
This line indicates what newsgroups your server, as determined by the
|
|
whoami file have subscribed to and will receive.
|
|
|
|
<programlisting>server/server.starcomsoftware.com:all,!general/all:f</programlisting>
|
|
|
|
This is a list of newsgroups this site will pass on to its NDN.
|
|
The newsgroups specified should be a comma separated list and no spaces
|
|
should be inserted in the whole line. The f flag indicates that the
|
|
newsgroup name and article no. alongwith its size will be one entry in
|
|
the togo file in the $NEWSARTS/out.going directory.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>explist</literal>:
|
|
This file has entries indicating
|
|
which <literal>articles</literal> expire and when and if they have to be
|
|
archived The order in which the newsgroups are listed is important. An
|
|
example follows:
|
|
|
|
<programlisting>comp.lang.java.3d x 60 /var/spool/news/Archive</programlisting>
|
|
|
|
This means that the articles of comp.lang.java expire after 60 days and
|
|
shall be archived in the directory mentioned as the fourth field.
|
|
Archiving is an option. The second field indicates that this line
|
|
applies to both moderated and unmoderted newsgroups.
|
|
<emphasis>m</emphasis> would
|
|
specify moderated and <emphasis>u</emphasis> would specify unmoderated
|
|
groups. If you want to specify an extremely large no. as the expiry
|
|
period you can use the word 'never'.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>batchparms</literal>:
|
|
Sendbatches is a program that
|
|
adminsters batched transmission of news to other sites. To do this it
|
|
consults the batchparms file. Each line in the file specifies the
|
|
behaviour for each site. There are five fields for each site to be
|
|
specified.</para>
|
|
|
|
<screen>server u 100000 100 batcher | gzip -9 | viauux -d gunzip</screen>
|
|
<para>
|
|
The first field is the site name which matches the entry in the sys
|
|
file and has a corresponding directory in $NEWSARTS/out.going by that
|
|
name.
|
|
</para>
|
|
<para>
|
|
The second field is the class of the site, 'u' for UUCP and 'n' for
|
|
NNTP feeds. A '!' in this field means that batching for this site has
|
|
been disabled.
|
|
</para>
|
|
<para>
|
|
The third field is the size of batches to be prepared in bytes.
|
|
</para>
|
|
<para>
|
|
The fourth field is the maximum length of the output queue for
|
|
transmission to that site.
|
|
</para>
|
|
<para>
|
|
The fifth field is the command line to be used to build, compress and
|
|
transmit batches to that site. It receives the contents of the togo file
|
|
on standard input.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem><para><literal>controlperm</literal>:
|
|
This file controls how the news
|
|
system responds to control messages. Each line consists of 4-5 fields
|
|
separated by white space.</para>
|
|
|
|
<programlisting>comp,sci tale@uunet.uu.net nrc pv news.announce.newsgroups</programlisting>
|
|
|
|
<para>
|
|
The first field is a newsgroup pattern to which the line applies.
|
|
</para>
|
|
<para>
|
|
The second field is either 'any' or an e-mail address. The latter
|
|
specifies that the line applies only to control messages from that
|
|
author.
|
|
</para>
|
|
<para>
|
|
The third field is a set of opcode letters indicating what control
|
|
operations need to be performed on messages emanating from the e-mail
|
|
address mentioned in the second field. 'n' stands for creating a
|
|
newgroup, 'r' stands for deleting a newsgroup and 'c' stands for
|
|
checkgroup.
|
|
</para>
|
|
<para>
|
|
The fourth field is a set of flag letters indicating how to respond to
|
|
a control message that meets all the applicability tests:
|
|
<screen>
|
|
y Do it.
|
|
n Don't do it.
|
|
v Report it and include the entire control
|
|
message in the report.
|
|
q Don't report it.
|
|
p Do it iff the control message carries a valid PGP signature.
|
|
</screen>
|
|
Exactly one of y, n or p must be present.
|
|
</para>
|
|
<para>
|
|
The fifth field, which is optional, will be used if the fourth field
|
|
contains a 'p'. It must contain the PGP key ID of the public key to be
|
|
used for signature verification.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem><para><literal>mailpaths</literal>:
|
|
This file describes how to reach
|
|
the moderators of various heirarchies of news groups by mail. Each line
|
|
consists of two fields: a news group pattern and an e-mail address. The
|
|
first line whose group pattern matches the newsgroup is used. As an
|
|
example:
|
|
|
|
<screen>
|
|
comp.lang.java.3d somebody@mydomain.com
|
|
all %s@moderators.uu.net
|
|
</screen>
|
|
|
|
In the second example, the %s gets replaced with the groupname and all
|
|
dots appearing in the name are substituted with dashes.
|
|
</para></listitem>
|
|
|
|
<listitem><para><emphasis role=bold>Miscellaneous files:</emphasis>
|
|
The other files to be modified are:
|
|
<itemizedlist>
|
|
<listitem><para><literal>mailname:</literal>
|
|
Contains the Internet domain name of the
|
|
news system. Consider getting one if you don't have it.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>organization:</literal>
|
|
Contains the default value for the
|
|
Organization: header for postings originating locally.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>whoami:</literal>
|
|
Contains the name of the news system. This
|
|
is the site name used in the Path: headers and hence should concur
|
|
with the names your neighbours use in their sys files.
|
|
</para></listitem>
|
|
</itemizedlist>
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>active </literal>file:
|
|
This file specifies one line for each
|
|
newsgroup (not just the hierarchy) to be found on your news system. You
|
|
will have to get the most recent copy of the active file from
|
|
<literal>ftp://ftp.isc.org/usenet/CONFIG/active</literal> and prune it
|
|
to delete
|
|
newsgroups that you have not subscribed to. Run the script "addgroup"
|
|
for each newsgroup in this file which will create relevant directories
|
|
in the <literal>$NEWSARTS</literal> area. The "addgroup" script takes
|
|
two paramters: the newsgroup name being created and a flag. The flag can
|
|
be any one of the following:
|
|
<screen>
|
|
y local postings are allowed
|
|
n no local postings, only remote ones
|
|
m postings to this group must be approved
|
|
by the moderator
|
|
j articles in this group are only passed and not kept
|
|
x posting to this newsgroup is disallowed
|
|
=foo.bar articles are locally filed in
|
|
"foo.bar" group
|
|
</screen>
|
|
|
|
An entry in this file looks like this:
|
|
|
|
<programlisting>comp.lang.java.3d 0000003716 01346 m </programlisting>
|
|
|
|
The first field is the name of the newsgroup. The second field is the
|
|
highest article number that has been used in that newsgroup. The
|
|
third field is the lowest article number in the group. The fourth
|
|
field is flag as explained above.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>newsgroups </literal>file:
|
|
This contains a one line description
|
|
of each newsgroup to be found in the active file. You will have to
|
|
get the most recent file from
|
|
<literal>ftp://ftp.isc.org/usenet/CONFIG/newsgroups</literal>
|
|
and prune it to remove unwanted information. As an example:
|
|
|
|
<programlisting>comp.lang.java.3d 3D Grphics APIs for the Java language</programlisting>
|
|
</para></listitem>
|
|
|
|
<listitem><para><emphasis role=bold>Create aliases: </emphasis>
|
|
These aliases are required for trouble reporting.
|
|
Once the system is in place and scripts are run, anomalies/problems
|
|
are reported to addresses in the /etc/aliases file. These entries
|
|
include email addresses for <literal>newsmaster, newscrisis, news,
|
|
usenet, newsmap</literal>
|
|
They should ideally point to an email address that will be
|
|
looked at regularly. Arrange the emails for "newsmap" to be
|
|
discarded to minimize the effect of "sendsys bombing" by practical
|
|
jokers.
|
|
</para></listitem>
|
|
|
|
<listitem><para><emphasis role=bold>Cron jobs:</emphasis>
|
|
Certain scripts like newsrun that picks up incoming
|
|
batches and maintenance scripts, should run through news-database
|
|
owner's cron. The cron entries ideally will be for the following: A more
|
|
detailed report can be found in <xref linkend="cronjobs"/>
|
|
<orderedlist>
|
|
<listitem><para><literal>newsrun: </literal>
|
|
This script processes incoming batches of
|
|
article. Run this as frequently as you want them to get digested.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>sendbatches:</literal>
|
|
This script transmit batches to the
|
|
NDNs. Set the frequency according to your requirements.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>newsdaily:</literal>
|
|
This should be run ideally once a day
|
|
since it reports errors and anomalies in the news system.
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>newswatch:</literal>
|
|
This looks for errors/anomalies at a more detailed level and hence
|
|
should be run atleast once every hour
|
|
</para></listitem>
|
|
|
|
<listitem><para><literal>doexpire:</literal>
|
|
This script expires old articles as
|
|
determined by the explist file. Run this once a day.
|
|
</para></listitem>
|
|
</orderedlist>
|
|
</para></listitem>
|
|
|
|
<listitem><para>newslog:
|
|
Make an entry in the system's syslog.conf
|
|
file for logging messages spewed out by the nntp daemon in "newslog".
|
|
It should be located in <literal>$NEWSCTL</literal>. The entry will
|
|
look like this:
|
|
|
|
<programlisting>news.debug -/var/lib/news/newslog</programlisting>
|
|
</para></listitem>
|
|
|
|
<listitem><para>Newsboot:
|
|
Have newsboot run (as "news", the
|
|
news-database owner) when the system boots to clear out debris left
|
|
around by crashes.
|
|
</para></listitem>
|
|
|
|
<listitem><para>Add a Usenet mailer in sendmail:
|
|
The mail2news program provided as
|
|
part of the source code is a handy tool to send an e-mail to a newsgroup
|
|
which gets digested as an article. You will have to add the following
|
|
ruleset and mailer definition in your sendmail.cf file:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para>Under SParse1, add the following:
|
|
<programlisting>
|
|
R$+ . USENET < @ $=w . > $#usenet $: $1
|
|
</programlisting>
|
|
</para></listitem>
|
|
|
|
<listitem><para>Under mailer definitions, define the mailer Usenet as:
|
|
<screen>
|
|
MUsenet P=/usr/lib/newsbin/mail2news/m2nmailer, F=lsDFMmn,
|
|
S=10, R=0, M=2000000, T=X-Usenet/X-Usenet/X-Unix, A=m2nmailer $u
|
|
</screen>
|
|
</para></listitem>
|
|
</itemizedlist>
|
|
|
|
<para>In order to send a mail to a newsgroup you will now have to suffix
|
|
the
|
|
newsgroup name with usenet <emphasis>i.e.</emphasis> your To: header
|
|
will look like this:
|
|
<screen>To: misc.test.usenet@yourdomain.</screen>
|
|
The mailer definition of usenet will intercept this mail and post it to
|
|
the respective newsgroup, in this case, misc.test</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para>
|
|
This, more or less, completes the configuration part.
|
|
</para>
|
|
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section><title>Testing the system</title>
|
|
<para>
|
|
To locally test the system, follow the steps given below:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem><para>post an article:
|
|
Create a local newsgroup
|
|
<screen>
|
|
cnewsdo addgroup mysite.test y
|
|
</screen>
|
|
and using <literal>postnews </literal>post an article to it.
|
|
</para></listitem>
|
|
|
|
<listitem><para>Has it arrived in <literal>$NEWSARTS</literal>/in.coming?:
|
|
The article should show up in the directory mentioned. Note the nomenclature
|
|
of the article.
|
|
</para></listitem>
|
|
|
|
<listitem><para>When newsrun runs:
|
|
When newsrun runs through cron, the article disappears from in.coming
|
|
directory and appears in <literal>$NEWSARTS</literal>/mysite/test. Look how
|
|
the newsgroup, active, log and history (not the errorlog) files and
|
|
<literal> .overview </literal>file in
|
|
<literal>$NEWSARTS/mysite/test</literal> reflect the digestion of the file
|
|
into the news system.
|
|
</para></listitem>
|
|
|
|
<listitem><para>reading the article:
|
|
Try to read the article through readnews or any
|
|
news client. If you are able to, then you have set most everything right.
|
|
</para></listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section><title><literal>pgpverify</literal> and <literal>controlperms</literal></title>
|
|
<para>
|
|
As mentioned in <xref linkend="controlmsg"/>, it becomes necessary to
|
|
authenticate control messages to protect yourself from being attacked by
|
|
pranksters. For this, you will have to configure the
|
|
<literal>$NEWSCTL</literal>/controlperm file to declare whose control
|
|
messages you are willing to honour and for what newsgroups alongwith their
|
|
public key ID. The controlperm manpage shall give you details on the format.
|
|
</para>
|
|
|
|
<para>
|
|
This will work only in association with <literal> pgpverify </literal> which
|
|
verifies the Usenet control messages that have been signed using the
|
|
<literal>signcontrol</literal> process. The script can be found at
|
|
<literal>ftp://ftp.isc.org/pub/pgpcontrol/pgpverify</literal>.
|
|
<literal> pgpverify </literal>pgpverify internally uses the PGP binary which
|
|
will have to be made available in the default executables directory. If you
|
|
wish to send control messages for your local news system, you will have to
|
|
digitally sign them using the above mentioned "signcontrol" program which is
|
|
available at
|
|
<literal>ftp://ftp.isc.org/pub/pgpcontrol/signcontrol</literal>. You will
|
|
also have to configure the signcontrol program accordingly.
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>Feeding off an upstream neighbour</title>
|
|
<para>
|
|
For external feeds, commercial customers will have to buy them
|
|
from a regular News Provider like <literal>dejanews.com</literal>
|
|
or <literal>newsfeeds.com</literal>. You will have to specify
|
|
to them what hierarchies you want and decide on the mode of
|
|
transmission, <emphasis>i.e.</emphasis> UUCP or NNTP, based on
|
|
your requirements. Once that is done, you will have to ask them to
|
|
initiate feeds, and check <literal>$NEWSARTS/in.coming</literal>
|
|
directory to see if feeds are coming in.
|
|
</para>
|
|
|
|
<para>
|
|
If your organisation belongs to the academic community or is
|
|
otherwise lucky enough to have an NDN server somewhere which is
|
|
willing to provide you a free newsfeed, then the payment issue goes
|
|
out of the picture, but the rest of the technical requirements
|
|
remain the same.
|
|
</para>
|
|
|
|
<para>
|
|
One problem with incoming NNTP feeds is that it is far easier to use
|
|
(relatively) efficient NNTP inflows if you have a server with a
|
|
permanent Internet connection and a fixed IP address. If you are a
|
|
small office with a dialup Internet connection, this may not be
|
|
possible. In that case, the only way to get incoming newsfeeds by
|
|
NNTP may be by using a highly inefficient pull feed.
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>Configuring outgoing feeds</title>
|
|
<para>
|
|
If you are a leaf node, you will only have to send feeds back to your
|
|
news provider for your postings in public newsgroups to propagate
|
|
to the outside world. To enable this, you need one line in the
|
|
<literal>sys</literal> and <literal>batchparms</literal> files
|
|
and one directory in <literal>$NEWSARTS/out.going</literal>. If
|
|
you are willing to transmit articles to your neighbouring
|
|
sites, you will have to configure <literal>sys</literal> and
|
|
<literal>batchparms</literal> with more entries. The number of directories
|
|
in <literal>$NEWSARTS/out.going</literal> shall increase, too. Refer
|
|
to chapter 8, section 8.1 and 8.2 for a better understanding of
|
|
outgoing feeds. Again, you will have to determine how you wish to
|
|
transmit the feed: UUCP or NNTP.
|
|
</para>
|
|
|
|
<section><title>By UUCP</title>
|
|
<para>For outgoing feeds by UUCP, we recommend that you start with
|
|
Taylor UUCP. In fact, this is the UUCP version which forms part
|
|
of the GNU Project and is the default UUCP on Linux
|
|
systems.</para>
|
|
|
|
<para>A full treatment of UUCP configuration is beyond the scope of
|
|
this document. However, the basic steps will be as follows. First,
|
|
you will have to define a ``system'' in your Usenet server for the
|
|
NDN (next door neighbour) host. This definition will include various
|
|
parameters, including the manner in which your server will call the
|
|
remote server, the protocol it will use, <emphasis>etc.</emphasis>
|
|
Then an identical process will have to be followed on the NDN
|
|
server's UUCP configuration, for your server, so that
|
|
<emphasis>that</emphasis> server can recognize
|
|
<emphasis>your</emphasis> Usenet server.</para>
|
|
|
|
<para>Finally, you will need to set up appropriate
|
|
<literal>cron</literal> jobs for the user <literal>uucp</literal>
|
|
to run <literal>uucico</literal> periodically. Taylor UUCP comes with
|
|
a script called <literal>uusched</literal> which may be modified to
|
|
your requirements; this script calls <literal>uucico</literal>. One
|
|
<literal>uucico</literal> connection will both upload and download
|
|
news batches. Smaller sites can run <literal>uusched</literal> even
|
|
once or twice a day.</para>
|
|
|
|
<para>Later versions of this document will include the
|
|
<literal>uusched</literal> scripts that we use in Starcom. We use
|
|
UUCP over TCP/IP, and we run the <literal>uucico</literal>
|
|
connection through an SSH tunnel, to prevent transmission of
|
|
UUCP passwords in plain text over the Internet, and our SSH tunnel
|
|
is established using public-key cryptography, without passwords
|
|
being used anywhere.</para>
|
|
</section>
|
|
|
|
<section><title>By NNTP</title>
|
|
<para>For NNTP feeds, you will have to decide whether your server
|
|
will be the connection initiator or connection recipient. If you are
|
|
the connection initiator, you can send outgoing NNTP feeds more
|
|
easily. If you are the connection recipient, then outgoing feeds
|
|
will have to be pulled out of your server using the NNTP
|
|
<literal>NEWNEWS</literal> command, which will place heavy loads on
|
|
your server. This is not recommended.</para>
|
|
|
|
<para>Connecting to your NDN server for pushing out outgoing feeds
|
|
will require the use of the <literal>nntpsend.sh</literal> script,
|
|
which is part of the NNTPd source tree. This script will perform
|
|
some housekeeping, and internally call the
|
|
<literal>nntpxmit</literal> binary to actually send the queued set
|
|
of articles out. You may have to provide authentication information
|
|
like usernames and passwords to <literal>nntpxmit</literal> to allow
|
|
it to connect to your NDN server, in case that server insists on
|
|
checking the identity of incoming connections. (You can't be too
|
|
careful in today's world.) <literal>nntpsend.sh</literal> will clean
|
|
up after an <literal>nntpxmit</literal> connection finishes, and
|
|
will requeue any unsent articles for the next session. Thus, even if
|
|
there is a network problem, typically nothing is lost and all
|
|
pending articles are transmitted next time.</para>
|
|
|
|
<para>Thus, pushing feeds out <emphasis>via</emphasis> may mean
|
|
setting up <literal>nntpsend.sh</literal> properly, and then
|
|
invoking it periodically from <literal>cron</literal>. If your
|
|
Usenet server connects to the Internet only intermittently, then the
|
|
process which sets up the Internet connection should be extended or
|
|
modified to fire <literal>nntpsend.sh</literal> whenever the Internet
|
|
link is established. For instance, if you are using the Linux
|
|
<literal>pppd</literal>, you can add statements to the
|
|
<literal>/etc/ppp/ip-up</literal> script to change user to
|
|
<literal>news</literal> and run <literal>nntpsend.sh</literal></para>
|
|
</section>
|
|
</section>
|
|
</section>
|