Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: access question (Julien ?LIE)
2. Re: access question (Nick Edwards)
3. Re: access question (Nick Edwards)
4. Re: access question (Russ Allbery)
5. Re: access question (Nick Edwards)
6. Re: hide headers (Nick Edwards)
7. Re: hide headers (Russ Allbery)
8. Re: hide headers (Nick Edwards)
----------------------------------------------------------------------
Message: 1
Date: Tue, 09 Sep 2014 21:46:36 +0200
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: access question
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi Nick,
> I think I have the access file sorted but to make sure, our readers.conf is
>
> auth "localhost" {
> hosts: "localhost, 127.0.0.1, ::1, stdin"
> default: "<localhost>"
> }
>
> access "localhost" {
> users: "<localhost>"
> newsgroups: "*"
> access: RPA
> }
>
>
> auth custs {
> hosts: "IP.RA.NG.E/CIDR, *.anotherdomain, *.yetanotherdomain"
> default: <custs>
> }
>
> access custs {
> newsgroups: *
> }
>
>
> If my reading on man is right, this appear secure, but is it
> appropriate? Do we need a users: line or is it implied ?
Hmm... Though I have not tested your example, I believe it does not
work the way you would like.
Keep in mind that the last matching auth group is used. Similarly, the
last matching access group is also used. So I believe "access custs"
will always be used.
I for one add the key: parameter to make sure my groups are correctly
configured (use the same key: parameter for localhost, and the same for
custs).
Documentation is here:
http://www.eyrie.org/~eagle/software/inn/docs/readers.conf.html
The users: parameter is not necessary (it defaults to "*").
--
Julien ?LIE
? Obsequium amicos ueritas odium parit. ? (T?rence)
------------------------------
Message: 2
Date: Wed, 10 Sep 2014 08:50:07 +1000
From: Nick Edwards <[email protected]>
To: Julien ?LIE <[email protected]>
Cc: [email protected]
Subject: Re: access question
Message-ID:
<CAMD-=VLjr9ixO5Za-uFn7e0aWmuFB7iZmXQGM3TwyxJKq=hr=w...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 9/10/14, Julien ?LIE <[email protected]> wrote:
> Hi Nick,
>
>> I think I have the access file sorted but to make sure, our readers.conf
>> is
>>
>> auth "localhost" {
>> hosts: "localhost, 127.0.0.1, ::1, stdin"
>> default: "<localhost>"
>> }
>>
>> access "localhost" {
>> users: "<localhost>"
>> newsgroups: "*"
>> access: RPA
>> }
>>
>>
>> auth custs {
>> hosts: "IP.RA.NG.E/CIDR, *.anotherdomain, *.yetanotherdomain"
>> default: <custs>
>> }
>>
>> access custs {
>> newsgroups: *
>> }
>>
>>
>> If my reading on man is right, this appear secure, but is it
>> appropriate? Do we need a users: line or is it implied ?
>
> Hmm... Though I have not tested your example, I believe it does not
> work the way you would like.
> Keep in mind that the last matching auth group is used. Similarly, the
> last matching access group is also used. So I believe "access custs"
> will always be used.
> I for one add the key: parameter to make sure my groups are correctly
> configured (use the same key: parameter for localhost, and the same for
> custs).
>
> Documentation is here:
> http://www.eyrie.org/~eagle/software/inn/docs/readers.conf.html
>
> The users: parameter is not necessary (it defaults to "*").
>
>
Ahh OK, I was close, I think, so, default: <custs> should in fact be <LOCAL>
Just trying to get my head around the linking of the two, rather steep
learning curve compared to what I'm used to ( a singe line:
*.example.com:read,post:::* ) need to allocate bit more time to
understand access I think :-)
Nik
------------------------------
Message: 3
Date: Wed, 10 Sep 2014 11:24:52 +1000
From: Nick Edwards <[email protected]>
To: Julien ?LIE <[email protected]>
Cc: [email protected]
Subject: Re: access question
Message-ID:
<CAMD-=VJ-M+8KR3V9C4vMWJHAXLOcOGdM6dMfg_xXzfoGZZ=4...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 9/10/14, Nick Edwards <[email protected]> wrote:
> On 9/10/14, Julien ?LIE <[email protected]> wrote:
>> Hi Nick,
>>
>>> I think I have the access file sorted but to make sure, our readers.conf
>>> is
>>>
>>> auth "localhost" {
>>> hosts: "localhost, 127.0.0.1, ::1, stdin"
>>> default: "<localhost>"
>>> }
>>>
>>> access "localhost" {
>>> users: "<localhost>"
>>> newsgroups: "*"
>>> access: RPA
>>> }
>>>
>>>
>>> auth custs {
>>> hosts: "IP.RA.NG.E/CIDR, *.anotherdomain, *.yetanotherdomain"
>>> default: <custs>
>>> }
>>>
>>> access custs {
>>> newsgroups: *
>>> }
>>>
>>>
>>> If my reading on man is right, this appear secure, but is it
>>> appropriate? Do we need a users: line or is it implied ?
>>
>> Hmm... Though I have not tested your example, I believe it does not
>> work the way you would like.
>> Keep in mind that the last matching auth group is used. Similarly, the
>> last matching access group is also used. So I believe "access custs"
>> will always be used.
>> I for one add the key: parameter to make sure my groups are correctly
>> configured (use the same key: parameter for localhost, and the same for
>> custs).
>>
>> Documentation is here:
>> http://www.eyrie.org/~eagle/software/inn/docs/readers.conf.html
>>
>> The users: parameter is not necessary (it defaults to "*").
>>
>>
> Ahh OK, I was close, I think, so, default: <custs> should in fact be
> <LOCAL>
> Just trying to get my head around the linking of the two, rather steep
> learning curve compared to what I'm used to ( a singe line:
> *.example.com:read,post:::* ) need to allocate bit more time to
> understand access I think :-)
>
> Nik
scrub that, <LOCAL> says transit mode, not wjhat I what Im sure, need
some sleep I think
------------------------------
Message: 4
Date: Tue, 09 Sep 2014 19:13:58 -0700
From: Russ Allbery <[email protected]>
To: [email protected]
Subject: Re: access question
Message-ID: <[email protected]>
Content-Type: text/plain
Nick Edwards <[email protected]> writes:
> Ahh OK, I was close, I think, so, default: <custs> should in fact be
> <LOCAL>
No, I think what you wanted is:
access custs {
users: "<custs>"
newsgroups: *
}
Remember this mantra: readers.conf works by assigning an identity to a
connection, and then giving privileges to that identity. So, first, add
auth blocks that assign identities to incoming users. Then, second,
assign access to the resulting identities.
If you leave off users entirely, that means "give any user this access,"
which in turn means that any incoming connection that matches any of the
auth stanzas will get those permissions unless something later in the file
overrides them. You generally do not want to do this for most cases.
It's better to assign an explicit identity and then reference that in the
access block.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
------------------------------
Message: 5
Date: Wed, 10 Sep 2014 13:15:26 +1000
From: Nick Edwards <[email protected]>
To: Russ Allbery <[email protected]>
Cc: [email protected]
Subject: Re: access question
Message-ID:
<CAMD-=VJ-3RBuY7NLKJdaY=3_xymq-xuywmqkkbm50nrypa6...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Ahh yes, got it, and tested to work as reqiured :)
Thanks all.
On 9/10/14, Russ Allbery <[email protected]> wrote:
> Nick Edwards <[email protected]> writes:
>
>> Ahh OK, I was close, I think, so, default: <custs> should in fact be
>> <LOCAL>
>
> No, I think what you wanted is:
>
> access custs {
> users: "<custs>"
> newsgroups: *
> }
>
> Remember this mantra: readers.conf works by assigning an identity to a
> connection, and then giving privileges to that identity. So, first, add
> auth blocks that assign identities to incoming users. Then, second,
> assign access to the resulting identities.
>
------------------------------
Message: 6
Date: Wed, 10 Sep 2014 13:22:13 +1000
From: Nick Edwards <[email protected]>
To: Julien ?LIE <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: hide headers
Message-ID:
<CAMD-=VKcCqG9FpFzP_ap-LG4OS8fV=gu22mkjb8bwfh8g71...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
OK, touching back on this base, we have the filters working fine, what
I see remains to kill is
in path- Path: news.test.lan!.POSTED!jupiter.test.lan!root
(jupiter is the dev areas second box, using root user posting to
local.test using pine)
Trying now to strip out the remote-host:user Did try "strippath"
in readers.conf/access and even in inn.conf, no change, do I need to
conjure up another addition to the post filter?
Same with message-id it posts as
<[email protected]>
not news.test.lan..
Thanks
Nik
On 9/9/14, Nick Edwards <[email protected]> wrote:
> On 9/9/14, Julien ?LIE <[email protected]> wrote:
>> Hi Nick,
>>
>>> we need to sort out some hiding of headers.
>> [...]
>>> I get "addnntppostinghost: false" but how do we stop all of the other
>>> X-trace and X-X stuff that identifies a poster?
>>
>> Besides Steve's wise answer I also recommend regarding the X-Trace:
>> header field, I suggest you have a look at:
>> <http://www.eyrie.org/~eagle/faqs/inn.html#S6.11>
>>
>> ---
>> Hide the Injection-Info header
>>
>> There is no built-in support for suppressing generation of the
>> Injection-Info header. You can, however, remove it from inside a Perl
>> posting filter. Try using a posting filter like this:
>>
>> sub filter_post {
>> $modify_headers = 1;
>> delete $hdr{'Injection-Info'};
>> return '';
>> }
>>
>> Note that you have to set $modify_headers to make changes to the article
>> header effective in the actual posted article. Instead of removing the
>> header, you can also alter it if you modify $hdr{'Injection-Info'}.
>> ---
>>
>> This method of course works for other headers.
>> I hope it answers your needs in case you wish to hide other headers than
>> the X-Trace: one or the Injection-Info: one.
>>
>>
>>
>> More information about posting filters:
>> <http://www.eyrie.org/~eagle/software/inn/docs/hook-perl.html#S5>
>>
>>
>> And welcome to INN by the way. Do not hesitate to ask questions here or
>> in news.software.nntp in case you need some help.
>>
>>
>
> Thanks, with this and Steve's, I think I got it nutted out, have one
> more question, but to keep uniformity I'll start a new thread.
>
------------------------------
Message: 7
Date: Tue, 09 Sep 2014 20:33:17 -0700
From: Russ Allbery <[email protected]>
To: [email protected]
Subject: Re: hide headers
Message-ID: <[email protected]>
Content-Type: text/plain
Nick Edwards <[email protected]> writes:
> OK, touching back on this base, we have the filters working fine, what
> I see remains to kill is
> in path- Path: news.test.lan!.POSTED!jupiter.test.lan!root
> (jupiter is the dev areas second box, using root user posting to
> local.test using pine)
> Trying now to strip out the remote-host:user Did try "strippath"
> in readers.conf/access and even in inn.conf, no change, do I need to
> conjure up another addition to the post filter?
strippath: in readers.conf should do it. Are you sure that you added it
to the correct access block and that the nnrpd that you posted through was
started after the configuration change?
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
------------------------------
Message: 8
Date: Wed, 10 Sep 2014 15:10:32 +1000
From: Nick Edwards <[email protected]>
To: Russ Allbery <[email protected]>
Cc: [email protected]
Subject: Re: hide headers
Message-ID:
<CAMD-=VJg=9MsqUzaDzJTATFZpSM5rQs=ajfdntpmujiuewq...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi Russ,
On 9/10/14, Russ Allbery <[email protected]> wrote:
> Nick Edwards <[email protected]> writes:
>
>> OK, touching back on this base, we have the filters working fine, what
>> I see remains to kill is
>
>> in path- Path: news.test.lan!.POSTED!jupiter.test.lan!root
>
>> (jupiter is the dev areas second box, using root user posting to
>> local.test using pine)
>
>> Trying now to strip out the remote-host:user Did try "strippath"
>> in readers.conf/access and even in inn.conf, no change, do I need to
>> conjure up another addition to the post filter?
>
> strippath: in readers.conf should do it. Are you sure that you added it
> to the correct access block and that the nnrpd that you posted through was
> started after the configuration change?
We only have the localhost and custs auth/access's none others, but I
did fix the problem by stop / start, reload did not seem to do it?
Now the path is done the only thing remaining is the message-id being
remote still, not the news server, perhaps I'm on information
overload, and need to walk away till morning, but this one I cant find
any option to deal with.
Nik
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 64, Issue 5
******************************************
