Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Except for 75% of the women, everyone in the whole world wants to have sex. -- Ellyn Mustard


computers / news.software.nntp / Re: cancels, innflags: "-C" and propagation

SubjectAuthor
* cancels, innflags: "-C" and propagationjdanield
+* Re: cancels, innflags: "-C" and propagationRuss Allbery
|+* Re: cancels, innflags: "-C" and propagationjdanield
||`* Re: cancels, innflags: "-C" and propagationRuss Allbery
|| `- Re: cancels, innflags: "-C" and propagationjdanield
|`- Re: cancels, innflags: "-C" and propagationJulien ÉLIE
`- Re: cancels, innflags: "-C" and propagationJulien ÉLIE

1
cancels, innflags: "-C" and propagation

<tdsqdj$2a5ul$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1115&group=news.software.nntp#1115

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: jdd...@dodin.org (jdanield)
Newsgroups: news.software.nntp
Subject: cancels, innflags: "-C" and propagation
Date: Sun, 21 Aug 2022 10:29:38 +0200
Organization: A noiseless patient Spider
Lines: 62
Message-ID: <tdsqdj$2a5ul$1@dont-email.me>
Reply-To: jdd@dodin.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 21 Aug 2022 08:29:39 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="615ae1e893d89b5d2b3a2bc9c46c3dc9";
logging-data="2430933"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19YKQiDR8oPR6VNUCjhgJZw4kxdFgpD/2M="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.12.0
Cancel-Lock: sha1:mXq2Bt1X7gTw5FTt2c3vz/vpTbg=
Content-Language: en-US
 by: jdanield - Sun, 21 Aug 2022 08:29 UTC

Hello,

I need some clarification on both the way INN works and the preferred
policy.

I try to setup for the fr.* hierarchy a server as easily accessible as
possible. That is, just now, without the need of authentication.

I already use nocem to prevent spam, and I plan to setup
control-lock/control-key soon.

In the mean time I want to forgive cancels on this servers (I can cancel
a message manually for a user if necessary).

To achieve this I setup

innflags: "-C"

However, the documentation is not that clear.

https://www.eyrie.org/~eagle/software/inn/docs-2.6/inn.conf.html

say:

"In order not to actually process any cancel or supersedes messages, you
can start innd with the -C flag, or add this flag to the innflags
parameter. "

what I did.

But

https://www.eyrie.org/~eagle/software/inn/docs-2.5/innd.html

say:

"-C

This flag tells innd to accept and propagate but not actually
process cancel or supersedes messages. This is intended for sites
concerned about abuse of cancels, or that wish to use another cancel
mechanism with stronger authentication. "

the difference here is in the "propagate".

and effectively, the cancel message received is shared with peers, and
it may be processed by them.

The problem I have right now (with a nearly flame war against me on
french group) is that somebody found funny to send a forged cancel
message to cancel a message of an other user. funny because the
cancelled message was unimportant.

so my question is: giving I don't process cancel messages, do I need to
propagate them anyway or use some way to stop them completely? what's do
I have to do?

In the second case, is the "refusecybercancel: true" option in inn.conf
a good solution, or is there an other better one?

thanks
jdd

Re: cancels, innflags: "-C" and propagation

<87pmgtsjir.fsf@hope.eyrie.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1116&group=news.software.nntp#1116

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.killfile.org!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.software.nntp
Subject: Re: cancels, innflags: "-C" and propagation
Date: Sun, 21 Aug 2022 08:28:44 -0700
Organization: The Eyrie
Message-ID: <87pmgtsjir.fsf@hope.eyrie.org>
References: <tdsqdj$2a5ul$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="29838"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:QzIJSoN3/jepN4LEdfY82BhURbM=
 by: Russ Allbery - Sun, 21 Aug 2022 15:28 UTC

jdanield <jdd@dodin.org> writes:

> In the mean time I want to forgive cancels on this servers (I can cancel a
> message manually for a user if necessary).

> To achieve this I setup

> innflags: "-C"

Yeah, that doesn't do what you want; that still lets anyone post cancels
and propagates them, it just doesn't honor them locally.

> so my question is: giving I don't process cancel messages, do I need to
> propagate them anyway or use some way to stop them completely? what's do
> I have to do?

You would need to prevent them from being posted entirely.

I'm not sure INN has a good way of doing this other than using a Perl or
Python posting filter. (I'm a bit surprised that we don't, but I can't
find one off-hand.) Feels like there should be an access: letter for
readers.conf permissions that controls whether users can post cancel
messages, but it doesn't look like that's something that's already
implemented.

The posting filter is very simple, though: just reject any message with a
Control or Supersedes header. (You could do something finer-grained with
the Control header if you want to allow users to post newgroup and rmgroup
control messages, although for your use case I'm not sure I'd bother.)

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

Re: cancels, innflags: "-C" and propagation

<tdtlc5$2cj8o$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1117&group=news.software.nntp#1117

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: jdd...@dodin.org (jdanield)
Newsgroups: news.software.nntp
Subject: Re: cancels, innflags: "-C" and propagation
Date: Sun, 21 Aug 2022 18:09:40 +0200
Organization: A noiseless patient Spider
Lines: 39
Message-ID: <tdtlc5$2cj8o$1@dont-email.me>
References: <tdsqdj$2a5ul$1@dont-email.me> <87pmgtsjir.fsf@hope.eyrie.org>
Reply-To: jdd@dodin.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 21 Aug 2022 16:09:41 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="615ae1e893d89b5d2b3a2bc9c46c3dc9";
logging-data="2510104"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/VXIKluExk59dhDNJ/Daa77X093Ux/UEk="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.12.0
Cancel-Lock: sha1:CDhcjrCmx0RZb/A/wOEc8/nNCKU=
Content-Language: en-US
In-Reply-To: <87pmgtsjir.fsf@hope.eyrie.org>
 by: jdanield - Sun, 21 Aug 2022 16:09 UTC

Le 21/08/2022 à 17:28, Russ Allbery a écrit :
> jdanield <jdd@dodin.org> writes:

>> innflags: "-C"
>
> Yeah, that doesn't do what you want; that still lets anyone post cancels
> and propagates them, it just doesn't honor them locally.

yes, I just discovered this some days ago :-)

>
>> so my question is: giving I don't process cancel messages, do I need to
>> propagate them anyway or use some way to stop them completely? what's do
>> I have to do?
>
> You would need to prevent them from being posted entirely.

OK. Thanks

> find one off-hand.) Feels like there should be an access: letter for
> readers.conf permissions that controls whether users can post cancel
> messages, but it doesn't look like that's something that's already
> implemented.

yep. As cancels are done internally it's difficult to get how manage
them (looking at the source is beyond my capability)

>
> The posting filter is very simple, though: just reject any message with a
> Control or Supersedes header.

ok.

I wonder if the "refusecybercancels" option or Ac flag in peers config
may have a similar result?

thanks
jdd

Re: cancels, innflags: "-C" and propagation

<87k071sh4h.fsf@hope.eyrie.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1118&group=news.software.nntp#1118

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.software.nntp
Subject: Re: cancels, innflags: "-C" and propagation
Date: Sun, 21 Aug 2022 09:20:30 -0700
Organization: The Eyrie
Message-ID: <87k071sh4h.fsf@hope.eyrie.org>
References: <tdsqdj$2a5ul$1@dont-email.me> <87pmgtsjir.fsf@hope.eyrie.org>
<tdtlc5$2cj8o$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="29838"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:v+aekROWrheOKgkYMqearkdJnfs=
 by: Russ Allbery - Sun, 21 Aug 2022 16:20 UTC

jdanield <jdd@dodin.org> writes:

> ok.

> I wonder if the "refusecybercancels" option

refusecybercancels is unrelated. That only blocks cancels in a very
specific format that used to be used for spam cancels.

> or Ac flag in peers config may have a similar result?

That will mean you'll still accept the cancel message but won't propagate
it to any peer with that flag, but unfortunately it won't do anything
about Supersedes (since those aren't control messages).

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

Re: cancels, innflags: "-C" and propagation

<tdtmem$2cm8t$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1119&group=news.software.nntp#1119

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: jdd...@dodin.org (jdanield)
Newsgroups: news.software.nntp
Subject: Re: cancels, innflags: "-C" and propagation
Date: Sun, 21 Aug 2022 18:28:06 +0200
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <tdtmem$2cm8t$1@dont-email.me>
References: <tdsqdj$2a5ul$1@dont-email.me> <87pmgtsjir.fsf@hope.eyrie.org>
<tdtlc5$2cj8o$1@dont-email.me> <87k071sh4h.fsf@hope.eyrie.org>
Reply-To: jdd@dodin.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 21 Aug 2022 16:28:06 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="615ae1e893d89b5d2b3a2bc9c46c3dc9";
logging-data="2513181"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Oqa8JPSY7NrtNUnFHA0MyYDvGnn54cJg="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.12.0
Cancel-Lock: sha1:x9zRL5KG0gLFM4HNmQJpxRdj2Rg=
Content-Language: fr
In-Reply-To: <87k071sh4h.fsf@hope.eyrie.org>
 by: jdanield - Sun, 21 Aug 2022 16:28 UTC

Le 21/08/2022 à 18:20, Russ Allbery a écrit :

>> or Ac flag in peers config may have a similar result?
>
> That will mean you'll still accept the cancel message but won't propagate
> it to any peer with that flag, but unfortunately it won't do anything
> about Supersedes (since those aren't control messages).
>

OK, thanks
jdd

Re: cancels, innflags: "-C" and propagation

<teqso2$14noc$1@news.trigofacile.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1147&group=news.software.nntp#1147

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!news.trigofacile.com!.POSTED.176.143-2-105.abo.bbox.fr!not-for-mail
From: iul...@nom-de-mon-site.com.invalid (Julien ÉLIE)
Newsgroups: news.software.nntp
Subject: Re: cancels, innflags: "-C" and propagation
Date: Thu, 1 Sep 2022 20:13:21 +0200
Organization: Groupes francophones par TrigoFACILE
Message-ID: <teqso2$14noc$1@news.trigofacile.com>
References: <tdsqdj$2a5ul$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 1 Sep 2022 18:13:22 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="176.143-2-105.abo.bbox.fr:176.143.2.105";
logging-data="1203980"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.13.0
Cancel-Lock: sha1:sBWpoydLkP2JlzGBjhHknZ89AaM= sha256:mjUu62YTLYKxkyc52spCJMp9prNPuiHvwESqpli9dnE=
sha1:KkMvzfH6UgidTgEHYFSWcNQ/qpA= sha256:8vNapE3VTDU/azSJwasV9Q1wAXC2FFI4asr+LSWoOn0=
In-Reply-To: <tdsqdj$2a5ul$1@dont-email.me>
 by: Julien ÉLIE - Thu, 1 Sep 2022 18:13 UTC

Hi Jean-Daniel,

> the documentation is not that clear.
>
> https://www.eyrie.org/~eagle/software/inn/docs-2.6/inn.conf.html
>
> say:
>
> "In order not to actually process any cancel or supersedes messages, you
> can start innd with the -C flag, or add this flag to the innflags
> parameter. "
>
> But
>
> https://www.eyrie.org/~eagle/software/inn/docs-2.5/innd.html
>
> say:
>
> "-C
>
>     This flag tells innd to accept and propagate but not actually
> process cancel or supersedes messages. This is intended for sites
> concerned about abuse of cancels, or that wish to use another cancel
> mechanism with stronger authentication. "
>
> the difference here is in the "propagate".

Both of the paragraphs say cancels are not processed (= honoured / treated).
Anyway, the "-C" parameter in innd has been replaced with the docancels
parameter in inn.conf since INN 2.7.0; so only the inn.conf man page now
documents the behaviour. The issue is solved :-)

The wording is:

"""
docancels

Unless rejected by the use of a filter hook, innd always accepts and
propagates cancel articles and supersede requests. However, actually
processing such articles on the local news server depends on this
parameter which can take the following values:

[and then follows the definition of require-auth, auth, none, all]
"""

Is it clear enough? Maybe "honouring" should be used instead of
"processing" if it makes it clearer?

--
Julien ÉLIE

« Nous agissons comme si le confort et le luxe étaient essentiels à
notre existence, alors qu'il suffit pour être réellement heureux de
trouver quelque chose qui nous intéresse passionnément. » (Charles
Kingsley)

Re: cancels, innflags: "-C" and propagation

<teqtov$14odm$1@news.trigofacile.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1148&group=news.software.nntp#1148

 copy link   Newsgroups: news.software.nntp
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!news.trigofacile.com!.POSTED.176.143-2-105.abo.bbox.fr!not-for-mail
From: iul...@nom-de-mon-site.com.invalid (Julien ÉLIE)
Newsgroups: news.software.nntp
Subject: Re: cancels, innflags: "-C" and propagation
Date: Thu, 1 Sep 2022 20:30:55 +0200
Organization: Groupes francophones par TrigoFACILE
Message-ID: <teqtov$14odm$1@news.trigofacile.com>
References: <tdsqdj$2a5ul$1@dont-email.me> <87pmgtsjir.fsf@hope.eyrie.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 1 Sep 2022 18:30:55 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="176.143-2-105.abo.bbox.fr:176.143.2.105";
logging-data="1204662"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.13.0
Cancel-Lock: sha1:x2P2VojPlaCrq5ZRSkre0NrnLV8= sha256:WuSaPdl/SfyOyAH2QdEkUh9gHM7EWc9XYFfme641c4k=
sha1:zlsDfp/IsB+hNB+weTPGFGiX4bs= sha256:li7w6R3lD/GrmsbUu7B2hRSEUUgcqNGnWRN57whFtZM=
In-Reply-To: <87pmgtsjir.fsf@hope.eyrie.org>
 by: Julien ÉLIE - Thu, 1 Sep 2022 18:30 UTC

Hi Russ,

> I'm not sure INN has a good way of doing this other than using a Perl or
> Python posting filter. (I'm a bit surprised that we don't, but I can't
> find one off-hand.)

Indeed, there's no native way in INN to configure whether a user can
post cancels.
One has to add a rule in the nnrpd Perl filter hook (we do not support
Python hooks for nnrpd). Alternately, using Paolo's Postfilter great
script would do the job as a Perl hook.

Just changing in postfilter.conf:

# $config{'allow_control_cancel'} -> [ "true" | "false" ]
# # This key sets whether the control cancel messages are allowed. The
value of "true" authorizes them,
# "false" rejects them. This command has no effect if innd is started
with -C flag.
# 'allow_control_cancel',
"false", # false = disallow ;

# true = allow
# # $config{'allow_supersedes'} -> [ "true" | "false" ]
# # Whether an article can include Supersedes, Replaces, Cancels headers
that replace an article with another
# 'allow_supersedes', "false",

> Feels like there should be an access: letter for
> readers.conf permissions that controls whether users can post cancel
> messages, but it doesn't look like that's something that's already
> implemented.

That could be useful, yes.
I see that we have ticket #117:

readers.conf already has read: and post: parameters.

We should also provide newnews:, ihave:, localpost: and approve: in
order to specify the newsgroups on which the user can use these
facilities.

We could add all these ones, along with a cancel: parameter.

I'm wondering if we should keep 3 different ways to parameter read & co
accesses:

1/ newsgroups: "pattern" (for reading and posting)
2/ read/post and possible other parameters not yet implemented:
"pattern" (for fine-grained configuration)
3/ access: "RPAINL" (used in conjunction with newsgroups or read/post/xxx)

It makes the documentation and the functional rules more complex.

Couldn't we just keep the 2/ way in the next major release? (the most
explicit and understandable)

--
Julien ÉLIE

« Il ne faut jamais gifler un sourd : il perd la moitié du plaisir. Il
sent la gifle mais il ne l'entend pas. » (Georges Courteline)

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor