Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. NNTPS via port 563 ([email protected])
----------------------------------------------------------------------
Message: 1
Date: Sat, 15 Aug 2015 22:41:51 +1200
From: <[email protected]>
To: <[email protected]>
Subject: NNTPS via port 563
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hi all,
I'm trying to configure this to work on my server but hitting a few snags.
I followed the instructions for TSL support in the nnrpd docs and have
created a self-signed certificate, set the permissions for it correctly,
updated inn.conf with the correct paths to tlscapath, tlscertfile and
tlskeyfile
I then installed inetd on my debian system and configured it to run 'nntps
stream tcp nowait news <pathbin>/nnrpd nnrpd -S' and confirmed nntps is
stated in etc/services
Now, I have been trying to test localhost connections to port 563 using
Mozilla Thunderbird. I firstly confirmed it was running and open using nmap
of the localhost and it shows port 563 open snews tcp
I then connected using Thunderbird and can see the message
Timestamp: 15/08/2015 10:16:37 p.m.
Error: xxx.xxx.xxx.xxx:563 uses an invalid security certificate. (I have
removed the local IP)
The certificate does not come from a trusted source.
The certificate is only valid for news.bbs.geek.nz
(Error code: mozilla_pkix_error_ca_cert_used_as_end_entity)
I can also see in syslog news nnrpd say 'startttls TLSv1.2 with cipher XXXXX
(removed the numbers) (256/256 bits) no authentication
Then it look like my client is connecting on port 119
Followed by a correct match in readers.conf for the secure auth group and
access group
Does anyone have any ideas how to progress this?
I figured I needed to set up port 563 first before I sorted out some kind of
authentication via user name / password for user logins (does anyone use
username/password auth over plain port 119 thesedays?)
Best, Paul.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/inn-workers/attachments/20150815/e1d24d4b/attachment-0001.html>
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 75, Issue 1
******************************************
