Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

To iterate is human, to recurse, divine. -- Robert Heller


computers / news.software.readers / Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

SubjectAuthor
* (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
+* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|+- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
| `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    +* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    |`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    | +* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)david
|    | |`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)D
|    | | `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)david
|    | |  +- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)D
|    | |  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    | |   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    | |    `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    | `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    |  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    |   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    |    `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    |     `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    |      `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    |       `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    |        `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    |         `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|     `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|      `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|       +* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|       |`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|       | `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|       |  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|       |   `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|       `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|        `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|         `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
+* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
| `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
`- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)immibis

Pages:12
Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<ppvibfcrqxq9$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1778&group=news.software.readers#1778

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 17:29:57 +0100
Message-ID: <ppvibfcrqxq9$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team> <uneagl$uk7s$1@paganini.bofh.team> <1oeuwghky110e.dlg@v.nguard.lh>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="204666"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (aea1f30f.89.408)
Cancel-Lock: sha1:raJnF01MKTx1MI6lItufGm/wcTY=
X-User-ID: eJwNyMEBwCAIA8CVNJCg4wjK/iO09zyapipclLPZXjCFDvb+e10buLvXfWuMw7r7RXZVhRUwLYiXjlPKY44GnwSakklB8wPF3Blk
 by: Bernd Rose - Sun, 7 Jan 2024 16:29 UTC

On Sun, 7th Jan 2024 10:16:29 -0600, VanguardLH wrote:

> I figured sTunnel was superflous since Dialong can use SSL to make
> connections. The point of sTunnel is to use it with programs that don't
> support secured connnections, like really old NNTP, email, or other
> clients too old to have added SSL, or they are only supporting SSL3
> which got deprecated, or encryption algorithms that got dropped.

*All* encryption methods supported by Dialog are depreciated. The most
current version supported is TLS_1.0. Even the (unsupported) TLS_1.1
is already depreciated.

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<e7b9eafb07e410850c9729392f7738f6@dizum.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1779&group=news.software.readers#1779

 copy link   Newsgroups: news.software.readers
From: J...@M (D)
References: <und7gj$srbd$1@paganini.bofh.team>
<und84c$ssl1$1@paganini.bofh.team> <ng3o9ylbddtr$.dlg@v.nguard.lh>
<1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <une1gv$2f589$1@i2pn2.org>
<879f4360c37366ed1912e3a3261b1150@dizum.com> <unef61$2fqac$1@i2pn2.org>
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket
error?)
Content-Transfer-Encoding: 7bit
Message-ID: <e7b9eafb07e410850c9729392f7738f6@dizum.com>
Date: Sun, 7 Jan 2024 17:51:14 +0100 (CET)
Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.mixmin.net!news2.arglkargh.de!alphared!sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
X-Abuse: abuse@dizum.com
Injection-Info: sewer.dizum.com - 2001::1/128
 by: D - Sun, 7 Jan 2024 16:51 UTC

On Sun, 7 Jan 2024 08:15:14 -0700, david <this@is.invalid> wrote:
>Using <news:879f4360c37366ed1912e3a3261b1150@dizum.com>, D wrote:
>On Sun, 7 Jan 2024 04:22:08 -0700, david <this@is.invalid> wrote:
>>>A lot of news servers are that way (for example, news.dizum.net:119).
>>>But you need an account and port 563 to post to them most of the time.
>>
>> using remailers for posting works most of the time ... no account needed
>
>I don't get it.
>Every time I mention dizum or mixmin someone mentions remailers.
>Yet you can READ from both of them using your news reader alone.
>No email is ever involved.
>It used to be you could POST to both of them also, before the spammers
>drove them nuts and their news admins had to turn off posting.
>But even then, you could POST to both of them using Dialog & Stunnel.
>Email is NEVER involved.
>So why do people always bring up "remailers" when I mention mixmin/dizum?
>Call me confused.

there are dozens of free nntp news servers, and about twenty-five public
remailers (11 mix w/ 5 exits, 14 yamn w/6 exits) which usually work well
and are very popular with innumerable users, often for posting to usenet
newsgroups such as this one; used judiciously with tor connections makes
for the safest and easiest way to use any newsreader clients, free agent,
40tude dialog, mesnews etc. i've been using remailers exclusively since
1998; currently using omnimix, tor browser, 40tude dialog and free agent

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<157xbin18xett$.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1780&group=news.software.readers#1780

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!news-2.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 12:38:09 -0600
Organization: Usenet Elder
Lines: 44
Sender: V@nguard.LH
Message-ID: <157xbin18xett$.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 1xPgi+zRWorlvYMjek7IGgA9aLKcsoUvO9eWGlpy+/kM0lKJrt
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:Z5y9y3o7TNLWITWCh/2aX9DZ5bI= sha256:dZdvjWLV6mAUsp1tT3Jt+t2haNH2D5JomTIp2vH2OEU=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 18:38 UTC

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

> On Sun, 7th Jan 2024 10:09:11 -0600, VanguardLH wrote:
>
>> Bernd Rose <b.rose.tmpbox@arcor.de> wrote:
>>
>>> VanguardLH wrote:
>>>
>>>> Is a login even required for news.neodome.net?
>>>
>>> AFAICT, for posting: yes, for reading: no.
>>
>> Would think it was the other way around: no login needed for reading,
>> login perhaps required for posting.
>
> That's what I wrote. ;-)

I had not yet had my morning coffee.

However, from their archived web page, looks like one of their servers
(the most used one since the others look for Onion/Tor access) requires
no login for read/write access.

news.neodome.net:
119 - read/write
119 (STARTTLS) - read/write
563 (SSL) - read/write

For the /other/ servers, a login was specified:

test login: test
test password: test

When I added Neodome to Dialog and tested access (read), I needed no
login credentials to read. I wasn't interested in using Neodome, so I
didn't try submitting an article (write).

I actually have a filter to ignore-flag any posts originating at Neodome
(and also ignore any subthreads to an ignore-flagged article), and use a
default view of Hide Ignored. I don't keep messages very long in the
client (purged after 60 days). A search on "neodome" in headers didn't
find any still left in my Dialog. Not sure anyone still uses Neodome.
Not what they peer, but what gets submitted to them as the injection
node.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<7pxdprr8owfo.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1781&group=news.software.readers#1781

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 12:46:42 -0600
Organization: Usenet Elder
Lines: 29
Sender: V@nguard.LH
Message-ID: <7pxdprr8owfo.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team> <uneagl$uk7s$1@paganini.bofh.team> <1oeuwghky110e.dlg@v.nguard.lh> <ppvibfcrqxq9$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net Qh0BAMl6742XG/DCY24fBg9zyb73UvXWtF2zIG7KT6ooRzgWUf
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:lROf3qvUF4hSwgvCvX7GzBNg7RI= sha256:lBkJIzsFP1BI05PmRWxAo9OQSFQzZ3RbvpCWCBA7Tvc=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 18:46 UTC

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

> VanguardLH wrote:
>
>> I figured sTunnel was superflous since Dialong can use SSL to make
>> connections. The point of sTunnel is to use it with programs that don't
>> support secured connnections, like really old NNTP, email, or other
>> clients too old to have added SSL, or they are only supporting SSL3
>> which got deprecated, or encryption algorithms that got dropped.
>
> *All* encryption methods supported by Dialog are depreciated. The most
> current version supported is TLS_1.0. Even the (unsupported) TLS_1.1
> is already depreciated.

Hmm, guess the encryption schemes (cipher suites) used by Neodome are
also deprecated. Old matching on old.

SSL3 and TLS1.0 are the same, but made non-compatible by different
handshaking schemes. When SSL3 got deprecated, so did TLS1.0.

While I can use ssllabs.com to analyze certs for a web site (HTTP[S]), I
can't use them to analyze the cert at an NNTP site. I'd rather use the
properties of a cert to analyze it instead of trying to decipher
Dialog's logs.

Since news.neodome.net does not require a login, and since everything
posted to Usenet is public, don't see why SSL/TLS is even needed to use
Neodome, or any other Usenet provider that does not require a login
(e.g., BOFH paganini, AIOE until they died).

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<c0kfv3hovkwg.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1782&group=news.software.readers#1782

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!news-2.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 13:15:09 -0600
Organization: Usenet Elder
Lines: 17
Sender: V@nguard.LH
Message-ID: <c0kfv3hovkwg.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <une1gv$2f589$1@i2pn2.org> <879f4360c37366ed1912e3a3261b1150@dizum.com> <unef61$2fqac$1@i2pn2.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net ReTehtQ1hevR7lLbQam3vgJwRP5CiuATM1lpAeV7YkNUZxE3uG
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:EiaqEdtKyJwFiati4WvbOyFOoXo= sha256:644rdlf/6WWER7EUPMN+adupj32Z5ExK7m8X2GFQYhk=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 19:15 UTC

david <this@is.invalid> wrote:

> Using <news:879f4360c37366ed1912e3a3261b1150@dizum.com>, D wrote:
>
>>>A lot of news servers are that way (for example, news.dizum.net:119).
>>>But you need an account and port 563 to post to them most of the time.
>>
>> using remailers for posting works most of the time ... no account needed
>
> I don't get it.
> Every time I mention dizum or mixmin someone mentions remailers.

For mixmin: http://news.mixmin.net/banana/m2n.html

They *do* operate a mail-to-news gateway. As you mention, the
news.mixmin.net server is read-only, so only good for lurking, not for
participating in Usenet, leaving only their M2N gateway to participate.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<unfijh$15921$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1783&group=news.software.readers#1783

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 20:19:45 -0500
Organization: To protect and to server
Message-ID: <unfijh$15921$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <une1gv$2f589$1@i2pn2.org> <879f4360c37366ed1912e3a3261b1150@dizum.com> <unef61$2fqac$1@i2pn2.org> <c0kfv3hovkwg.dlg@v.nguard.lh>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 8 Jan 2024 01:19:46 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1221697"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:ONl7ta/msrxtsqfTSBTYlbHuOVgXopavpkW0E6R7/Sg=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Mon, 8 Jan 2024 01:19 UTC

On Sun, 7 Jan 2024 13:15:09 -0600, VanguardLH wrote:

>> I don't get it.
>> Every time I mention dizum or mixmin someone mentions remailers.
>
> For mixmin: http://news.mixmin.net/banana/m2n.html
>
> They *do* operate a mail-to-news gateway. As you mention, the
> news.mixmin.net server is read-only, so only good for lurking, not for
> participating in Usenet, leaving only their M2N gateway to participate.

I think "david" missed the point of the post from "D <J@M>" which,
I think, was that all these problems with encrypted servers can be
worked around by using anonymous remailer software instead of nntp.

At least I think that based on what he said, and on his headers.
Can you please look at the headers from "D <J@M>" for me please?

Subject: Re: (Dialog) How do I debug a 40tude "socket error" ...
Injection-Info: neodome.net; posting-account="mail2news"; key="###";
mail-complaints-to="abuse@neodome.net"
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the remailer
administrator at <abuse@dizum.com>.
Comments: This message was transferred to Usenet via mail2news gateway at
<mail2news@neodome.net>. Please send questions and concerns to
<admin@neodome.net>. Report inappropriate use to <abuse@neodome.net>.
Injection-Date: Sun, 7 Jan 2024 14:35:01 +0000 (UTC)
From: D <J@M>
Message-ID: <879f4360c37366ed1912e3a3261b1150@dizum.com>
Date: Sun, 7 Jan 2024 15:34:50 +0100 (CET)
Newsgroups: news.software.readers
Sender: Nomen Nescio <nobody@dizum.com>
{blank line}
using remailers for posting works most of the time ... no account needed

Since _both_ dizum & neodome are in that header, I can't tell if
"D <J@M>" mailed his original to dizum or to neodome (maybe dizum?).

Can you tell which is the server that "D <J@M>" remailed this to?
I never used a remailer myself.

I think "D <J@M>" was trying to tell us that all these problems we've
been having with certificates for neodome and also the fact that both
dizum and mixmin recently closed down nntp posting due to spammers
(AFAICT) can be immediately resolved by using anonymous remailers.

I'd like to test out the suggestion from "D <J&M>" to try remailers
as a failsafe whenever the encryption for neodome expires again.

Do you know how to send a test message using an anonymous remailer
from Windows to any of those news servers "D <J@M>" seems to have used?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<ung18n$161em$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1784&group=news.software.readers#1784

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!news.furie.org.uk!usenet.goja.nl.eu.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Mon, 8 Jan 2024 00:30:00 -0500
Organization: To protect and to server
Message-ID: <ung18n$161em$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de> <157xbin18xett$.dlg@v.nguard.lh>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 8 Jan 2024 05:30:00 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1246678"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:8pyLQr+SKpfZJWc3PnmAlO6N4ZSHmxaru1UlcpLG+pY=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Mon, 8 Jan 2024 05:30 UTC

On Sun, 7 Jan 2024 12:38:09 -0600, VanguardLH <V@nguard.LH> wrote

> I actually have a filter to ignore-flag any posts originating at Neodome

I've been using Neodome with Dialog & sTunnel for years but I think what
you are filtering out are the anonymous remailers that "D <J@M>" tested.

What "D <J@M>" was trying to tell us, I think, was that the next time the
certificate expires, another workaround (to the one Bernd suggested) is to
post to Neodome using its anonymous remailer but I've never done that.

> news.neodome.net:
> 119 - read/write
> 119 (STARTTLS) - read/write
> 563 (SSL) - read/write
>
> For the /other/ servers, a login was specified:
>
> test login: test
> test password: test
>
> When I added Neodome to Dialog and tested access (read), I needed no
> login credentials to read.

Thank you for looking the nntp posting details up as I opened my Neodome
posting account years ago which (I have been using almost daily since).

The strange thing is posting has been working up until about a month ago,
but when I look at the self-signed certificate expiry, it's 3 years ago!

echo q | openssl s_client -connect news.neodome.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
verify error:num=10:certificate has expired
notAfter=Dec 31 21:59:46 2020 GMT

How can that possibly make any sense that I've been posting with Dialog and
sTunnel (using Bernd's casing) to Neodome 563 until less than about a month
ago and yet the Neodome self-signed certificate had expired 3 years ago?

> I wasn't interested in using Neodome, so I didn't try submitting an article (write).

Certainly up until a few weeks ago, with an account, posting worked using
Dialog set up to use sTunnel (which checked certs at news.neodome.net 563).

Only recently did the certificate check fail (even as the certificate seems
to have expired 3 years ago) but using the workarounds provided, it worked.

Workaround #1: (Tell sTunnel to NOT check the certificate!)
[Neodome]
; This skips checking of the certificate expiry date"
client = yes
accept = localhost:55555
connect = news.neodome.net:563

Workaround #2: (Tell Dialog to NOT get sTunnel involved & use 563 SSL!)
Dialog Host: news.neodome.net
Dialog Port: 563
Dialog SSL: checked
Dialog Username: abcdefg
Dialog Password: xxxxxxx
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

> news.neodome.net:
> 119 - read/write
> 119 (STARTTLS) - read/write
> 563 (SSL) - read/write

Oh! I did not know Neodome might _write_ to port 119, so let me try it.
Dialog Host: news.neodome.net
Dialog Port: 119
Dialog SSL: unchecked
Dialog Username: abcdefg
Dialog Password: xxxxxxx
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

0 118434281: KillNNTP left for: neodome uname (Finished) [$00001EA4]
5 118434281: Posting article failed: Encryption required; (neodome uname) (Finished) [$00001EA4]

Just to cover all bases, I also checked the SSL box in the next test.
Dialog Host: news.neodome.net
Dialog Port: 119
Dialog SSL: checked
Dialog Username: abcdefg
Dialog Password: xxxxxxx
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

0 118685015: KillNNTP left for: neodome uname (Finished) [$00002508]
5 118685015: Posting article failed: Error while receiving. Connection closed. (neodome uname) (Finished) [$00002508]

I don't know what "STARTTLS" means though, so I didn't test it.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<ung3e3$164jj$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1785&group=news.software.readers#1785

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Mon, 8 Jan 2024 01:07:00 -0500
Organization: To protect and to server
Message-ID: <ung3e3$164jj$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team> <uneagl$uk7s$1@paganini.bofh.team> <1oeuwghky110e.dlg@v.nguard.lh> <ppvibfcrqxq9$.dlg@b.rose.tmpbox.news.arcor.de> <7pxdprr8owfo.dlg@v.nguard.lh>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 8 Jan 2024 06:07:00 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1249907"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:avz14mA8tWpI8nsYMo6BQIOhCT/7s5B3O8hyR9HILXI=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Mon, 8 Jan 2024 06:07 UTC

On Sun, 7 Jan 2024 12:46:42 -0600, VanguardLH wrote:

> Since news.neodome.net does not require a login, and since everything
> posted to Usenet is public, don't see why SSL/TLS is even needed to use
> Neodome, or any other Usenet provider that does not require a login
> (e.g., BOFH paganini, AIOE until they died).

Bearing in mind this is all about get 40Tude Dialog properly set up....

I'll let Bernd respond to the other technical issues you brought up but I
do want to confirm I tested everthing you suggested since I do have a valid
Neodome posting account.

Assuming you want to post to the typical Usenet text newsgroups....

I think the summary (at the level I know it) is something like this.
a. You can _read_ from Neodome servers using (based on your tests anyway)
Dialog Host: news.neodome.net
Dialog Port: 119
Dialog SSL: unchecked
Dialog Username: leave blank
Dialog Password: leave blank
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

b. You can't _post_ to Neodome without an account (no longer offered)
Dialog Host: news.neodome.net
Dialog Port: 563
Dialog SSL: checked
Dialog Username: your_uname
Dialog Password: your_passwd
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

But that uses the Dialog old encryption standards.

c. You _should_ post to Neodome (with an account) using sTunnel encryption
Dialog Host: 127.0.0.1 [You can use "localhost" if you like]
Dialog Port: 60563 [You can choose any unused port you like]
Dialog SSL: unchecked
Dialog Username: your_uname
Dialog Password: your_passwd
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

[Neodome]
; Use this as it checks the self-signed certificate for validity
client = yes
accept = 127.0.0.1:60563
connect = news.neodome.net:563
verify = 0
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.neodome.net
OCSPaia = yes

d. In the case of an expired certificate, this is the best workaround
Dialog Host: 127.0.0.1 [You can use "localhost" if you like]
Dialog Port: 60563 [You can choose any unused port you like]
Dialog SSL: unchecked
Dialog Username: your_uname
Dialog Password: your_passwd
Dialog Allwd. conn.: 2
Dialog Use pipelining (unchecked)

; Workaround #1: (Tell sTunnel to NOT check the certificate!)
; sTunnel will use the latest encryption standards (Dialog will not)
[Neodome]
; This skips encryption for when the certificate has expired
client = yes
accept = localhost:65555
connect = news.neodome.net:563

e. If all else fails, apparently you can post using anonymous remailers
If you know how to post to Neodome that way, please add it here.

Bernd & Vanguard,
Does that look accurate yet as a summary of how to post to Neodome?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<ungjvm$16ujd$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1786&group=news.software.readers#1786

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Mon, 8 Jan 2024 05:49:26 -0500
Organization: To protect and to server
Message-ID: <ungjvm$16ujd$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <v1akekkmcrn9.dlg@v.nguard.lh> <undrv0$trmf$1@paganini.bofh.team> <18gy9f6axliam$.dlg@v.nguard.lh>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 8 Jan 2024 10:49:27 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1276525"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:VM+C8AGeXRP43PO+eJLFFbCctAuZGpZYCUQE7r+JESo=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Mon, 8 Jan 2024 10:49 UTC

On Sun, 7 Jan 2024 05:08:19 -0600, VanguardLH wrote:

> You are connecting to news.neodome.net, not to neodome.net. Their cert
> is flawed. It is a self-signed cert; that is, they created it instead
> of using a CA (Certificate Authority). My guess is they need to
> regenerate their self-signed cert to identify CN = news.neodome.net
> which is the host to which you are connecting. They probably instead
> get a free site cert from LetsEncrypt.
>
> A self-signed cert does not need to be time ranged, so it won't expire.
> However, notice their cert does have an expiration:
>
> notAfter=Dec 31 21:59:46 2020 GMT
>
> Maybe that gets ignored for self-signed certs.
>
> So, it is an expired self-signed certificate

I finally figured out what happened most likely!

[Neodome]
client = yes
accept = 127.0.0.1:62563
connect = news.neodome.net:563
verify = 0
;verifyChain = yes
;CAfile = ca-certs.pem
;checkHost = news.neodome.net
;OCSPaia = yes

I went back to the original email from the Neodome admin about the setup,
and lo and behold the ONLY thing the admin told me to use was the "verify =
0" line (which he said was because it was a self-signed certificate).

He never gave me the rest of those lines.
I must have boilerplated them, and commented them out at that time.

This probably explains what happened.

The certificate probably was expired all along.
I probably had the correct commented out entries for a long time.

At some point, I uncommented those entries (not understanding them).
That's almost certainly when the error occurred without me noticing.
Since then, it has failed.

Just now I set the file back to what it was in that backup.
That "verify = 0" (without the others) worked to post to Neodome!

Of course, sTunnel gives the warning:
Service [Neodome] needs authentication to prevent MITM attacks

But it's working again.
Thank you for reminding me of what happened a few weeks ago.

This one can be chalked up to user error.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1cmaev6wmam1m.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1787&group=news.software.readers#1787

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!news.chmurka.net!news.szaf.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Mon, 8 Jan 2024 08:30:52 -0600
Organization: Usenet Elder
Lines: 96
Sender: V@nguard.LH
Message-ID: <1cmaev6wmam1m.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <une1gv$2f589$1@i2pn2.org> <879f4360c37366ed1912e3a3261b1150@dizum.com> <unef61$2fqac$1@i2pn2.org> <c0kfv3hovkwg.dlg@v.nguard.lh> <unfijh$15921$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net DXLNVesNf7nZZ1kzVBqm1QnQXvxwlSq3r9clAEBWthgtujEoaC
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:Zi4t1xYNdb+k0msKF8MxZv2eJrE= sha256:Of4LeTK4AbXtq1DB7G1Aw9fUZH7XvCMgwRox7IZ+Q1Y=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Mon, 8 Jan 2024 14:30 UTC

Ronald <ronald@nospam.me> wrote:

> On Sun, 7 Jan 2024 13:15:09 -0600, VanguardLH wrote:
>
>>> I don't get it.
>>> Every time I mention dizum or mixmin someone mentions remailers.
>>
>> For mixmin: http://news.mixmin.net/banana/m2n.html
>>
>> They *do* operate a mail-to-news gateway. As you mention, the
>> news.mixmin.net server is read-only, so only good for lurking, not for
>> participating in Usenet, leaving only their M2N gateway to participate.
>
> I think "david" missed the point of the post from "D <J@M>" which,
> I think, was that all these problems with encrypted servers can be
> worked around by using anonymous remailer software instead of nntp.
>
> At least I think that based on what he said, and on his headers.
> Can you please look at the headers from "D <J@M>" for me please?
>
> Subject: Re: (Dialog) How do I debug a 40tude "socket error" ...
> Injection-Info: neodome.net; posting-account="mail2news"; key="###";
> mail-complaints-to="abuse@neodome.net"
> Comments: This message did not originate from the Sender address above.
> It was remailed automatically by anonymizing remailer software.
> Please report problems or inappropriate use to the remailer
> administrator at <abuse@dizum.com>.
> Comments: This message was transferred to Usenet via mail2news gateway at
> <mail2news@neodome.net>. Please send questions and concerns to
> <admin@neodome.net>. Report inappropriate use to <abuse@neodome.net>.
> Injection-Date: Sun, 7 Jan 2024 14:35:01 +0000 (UTC)
> From: D <J@M>
> Message-ID: <879f4360c37366ed1912e3a3261b1150@dizum.com>
> Date: Sun, 7 Jan 2024 15:34:50 +0100 (CET)
> Newsgroups: news.software.readers
> Sender: Nomen Nescio <nobody@dizum.com>
> {blank line}
> using remailers for posting works most of the time ... no account needed
>
> Since _both_ dizum & neodome are in that header, I can't tell if
> "D <J@M>" mailed his original to dizum or to neodome (maybe dizum?).
>
> Can you tell which is the server that "D <J@M>" remailed this to?
> I never used a remailer myself.
>
> I think "D <J@M>" was trying to tell us that all these problems we've
> been having with certificates for neodome and also the fact that both
> dizum and mixmin recently closed down nntp posting due to spammers
> (AFAICT) can be immediately resolved by using anonymous remailers.
>
> I'd like to test out the suggestion from "D <J&M>" to try remailers
> as a failsafe whenever the encryption for neodome expires again.
>
> Do you know how to send a test message using an anonymous remailer
> from Windows to any of those news servers "D <J@M>" seems to have used?

D posts using dizum/mixmin. I have filters that get rid of all posts
that originate from those sewer sources. Hey, it's not me that titled
them sewer. Often "sewer" is included in the name of the injection node
in the PATH header. I filter out posts that are submitted to mixmin as
the injection node, but I do not filter out when articles have been
peered through mixmin (which means it is not the injection node).
mixmin is a large source of trolls, malcontents, peuriles, and other
untoward posters. mixmin and Google Groups are sources of a lot of
noise in Usenet. On Feb 24, the GG noise will disappear. AIOE (died
earlier this year) and Paganini are *un*registered Usenet providers, and
also were/are large sources of Usenet noise, as well as other
unregistered free Usenet providers that I filter out.

I wouldn't see D's posts since I filter out mixmin-sourced articles.
You did not show the PATH header. The Message-ID header indicates D
submitted to a dizum server, and the other headers indicate he used
e-mail to send his message to the dizum server. Using the MID header:

http://al.howardknight.net/?STYPE=msgid&MSGI=%3C879f4360c37366ed1912e3a3261b1150%40dizum.com%3E

shows a PATH header of:

Path:
....!1.us.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!news.neodome.net!mail2news

The injection node (where D submitted) is neodome.net, but I don't know
if that was using news.neodome.net or using the mail-to-news gateway
with D sending e-mail to neodome. One of the Comments headers (which is
NOT a standard header name, and should've been called X-Comments) also
says the neodome M2N gateway was used.

Despite D using @dizum.com as the domain in his MID, he made that up.
Even your client lets you specify what strings to use in the MID header.
If your client doesn't specify a MID header, the server to where you
submit will add its own. If you specify a MID header, the server is
supposed to step aside to use the one the client specified unless there
is a MID conflict.

I filter out remailers. I filter out neodome. I'm not unique. You
going to remailers will likely mean you get a reduced audience.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1juwka01ksoy.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1788&group=news.software.readers#1788

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Mon, 8 Jan 2024 17:35:18 +0100
Message-ID: <1juwka01ksoy.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de> <157xbin18xett$.dlg@v.nguard.lh> <ung18n$161em$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="250797"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (091c69b2.161.352)
Cancel-Lock: sha1:ORLtju3MpPMdVdViwZnltNw3w80=
X-User-ID: eJwFwQkBwDAIA0BLvCnIaRfwL2F36VB8J5CI3NxDfgFfC9Zw64MKOeFqXcFrWsXVvuNukLEH1bJndElOX22s72ucWor82kkZyg==
 by: Bernd Rose - Mon, 8 Jan 2024 16:35 UTC

On Mon, 8th Jan 2024 00:30:00 -0500, Ronald wrote:

> I don't know what "STARTTLS" means though, so I didn't test it.

It is an (alternative) method to initiate a handshake for encryption. Indy,
the network access library used by Dialog, first introduced support for this
with v10. The latest Dialog version was compiled with Indy v9 and therefore
does /not/ support it.

You should be able to connect to Neodome port 119 with STARTTLS with sTunnel
as an intermediate.

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<wazz56nkrzmc$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1790&group=news.software.readers#1790

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Mon, 8 Jan 2024 18:21:53 +0100
Message-ID: <wazz56nkrzmc$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <v1akekkmcrn9.dlg@v.nguard.lh> <undrv0$trmf$1@paganini.bofh.team> <18gy9f6axliam$.dlg@v.nguard.lh> <ungjvm$16ujd$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="206654"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (c9bc5881.62.511)
Cancel-Lock: sha1:U0jRJZJSh10mftznm+fz90DxtP0=
X-User-ID: eJwNyMkBwCAIBMCWFFiOcpQN/ZcQnzNQ395hDjcMpiNEkTx1pJrrZEAo4tVzuiKTWdaP6fdeJQQG8itf74a1NaJnYCyT+QHOLxoC
 by: Bernd Rose - Mon, 8 Jan 2024 17:21 UTC

On Mon, 8th Jan 2024 05:49:26 -0500, Ronald wrote:

> I finally figured out what happened most likely!
>
> [Neodome]
> client = yes
> accept = 127.0.0.1:62563
> connect = news.neodome.net:563
> verify = 0
> ;verifyChain = yes
> ;CAfile = ca-certs.pem
> ;checkHost = news.neodome.net
> ;OCSPaia = yes
>
> I went back to the original email from the Neodome admin about the setup,
> and lo and behold the ONLY thing the admin told me to use was the "verify =
> 0" line (which he said was because it was a self-signed certificate).

The "verify = X" is an outdated sTunnel option and replaced by a couple
of other options, that are more descriptive (like "verifyChain = yes/no").

Setting "verify = 0" means to request a certificate, but do no checking,
at all. A better way to deal with a self-signed certificate would be, to
download it from a secure location and keep it locally as peer-Neodome.pem
(or any other name). Then use a sTunnel configuration entry like:

[Neodome]
client = yes
accept = 127.0.0.1:62563
connect = news.neodome.net:563
verifyPeer = yes
CAfile = peer-Neodome.pem

As long as the certificate is unchanged on the server, encrypted connection
would be established by sTunnel.

To get the certificate in its current state, you can use the above sTunnel
settings without the last 2 lines. Connect once to Neodome and use the
sTunnel right mouse menu entry "Save Peer certificate -> peer-Neodome.pem"
to retrieve the certificate into the local sTunnel certificate store. (This
is inside the <config> subfolder of the main sTunnel directory or somewhere
in the virtual store for sTunel.) Afterwards, add the last 2 lines to
ensure the verification process. Please note, that in your case this will
fail, because expired certificates are not acceptable for the verification!

Another notice: Saving a certificate will be grayed out, as long as there
was no recent connection to the server.

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<unhj6j$1l9ji$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1792&group=news.software.readers#1792

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: new...@immibis.com (immibis)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket
error?)
Date: Mon, 8 Jan 2024 20:42:11 +0100
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <unhj6j$1l9ji$2@dont-email.me>
References: <und7gj$srbd$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 8 Jan 2024 19:42:12 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="4a77cb3218ca592aba652cff042de4f3";
logging-data="1746546"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+MQNfzzVOwYJT/DhK4qy1O"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.14.0
Cancel-Lock: sha1:TzOExYPFOX7wqjJm+qaD0DcasEM=
In-Reply-To: <und7gj$srbd$1@paganini.bofh.team>
Content-Language: en-US
 by: immibis - Mon, 8 Jan 2024 19:42 UTC

On 1/7/24 04:58, Ronald wrote:
> (What is a Dialog socket error anyway?)

Read it as "connection error", i.e. an incredibly useless message that
doesn't say very much.

"sockets" are the interface that most operating systems have to allow
programs to create network connections. "something went wrong with a
socket" means "something went wrong with a connection".

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<unik1g$1et6o$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1793&group=news.software.readers#1793

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!nntp.comgw.net!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Tue, 9 Jan 2024 00:02:41 -0500
Organization: To protect and to server
Message-ID: <unik1g$1et6o$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de> <157xbin18xett$.dlg@v.nguard.lh> <ung18n$161em$1@paganini.bofh.team> <1juwka01ksoy.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 9 Jan 2024 05:02:42 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1537240"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:sMFS5FOJ4GaHoaFEUF5wL35xjYD5Le+WGOgUPROqYTA=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Tue, 9 Jan 2024 05:02 UTC

On Mon, 8 Jan 2024 17:35:18 +0100, Bernd Rose wrote:

> You should be able to connect to Neodome port 119 with STARTTLS with sTunnel
> as an intermediate.

I'll try that, where sTunnel supports STARTTLS apparently.
https://www.stunnel.org/mailman3/hyperkitty/list/stunnel-users@stunnel.org/thread/ENK5JRYVFGJ4ZO25DHKQ7Y6EE4YA3RPC/

But I can't find any nntp examples for the setup of the stunnel.conf file.
https://www.google.com/search?q=stunnel.conf+example+nntp+starttls

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1a1kt5a462qr6$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1795&group=news.software.readers#1795

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Tue, 9 Jan 2024 18:47:57 +0100
Message-ID: <1a1kt5a462qr6$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de> <157xbin18xett$.dlg@v.nguard.lh> <ung18n$161em$1@paganini.bofh.team> <1juwka01ksoy.dlg@b.rose.tmpbox.news.arcor.de> <unik1g$1et6o$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="258697"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (f67a8552.214.279)
Cancel-Lock: sha1:cic6Jqh4dDOeh3UbNkqzBz/xNjY=
X-User-ID: eJwNykcBwDAMBDBKiecZjkfMH0Krt5TtWruYmujqliOasw18ZEpiEch3xMjd7SJrJnK7JtRmD+bBabwJ6OvxV2ofpnwF4w/Ydxof
 by: Bernd Rose - Tue, 9 Jan 2024 17:47 UTC

On Tue, 9th Jan 2024 00:02:41 -0500, Ronald wrote:

> On Mon, 8 Jan 2024 17:35:18 +0100, Bernd Rose wrote:
>
>> You should be able to connect to Neodome port 119 with STARTTLS with sTunnel
>> as an intermediate.
>
> I'll try that, where sTunnel supports STARTTLS apparently.
> https://www.stunnel.org/mailman3/hyperkitty/list/stunnel-users@stunnel.org/thread/ENK5JRYVFGJ4ZO25DHKQ7Y6EE4YA3RPC/
>
> But I can't find any nntp examples for the setup of the stunnel.conf file.
> https://www.google.com/search?q=stunnel.conf+example+nntp+starttls

[Neodome]
client = yes
accept = 127.0.0.1:55555
connect = news.neodome.net:119
protocol = nntp

should work. Adding any verification (verifyPeer or verifyChain) will fail,
though, because this will (again) trigger the certificate expiration.

Explanation:
If you are able to connect through sTunnel to a server, the connection will
always be encrypted. (Although, with the right setting, it is possible to
use "null encryption" [aka a non-encrypting "encryption" method].) Telling
sTunnel to connect with protocol NNTP on port 119 leads to a handshake with
STARTTLS.

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<unlbea$1o1sv$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1799&group=news.software.readers#1799

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Wed, 10 Jan 2024 00:54:19 -0500
Organization: To protect and to server
Message-ID: <unlbea$1o1sv$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de> <157xbin18xett$.dlg@v.nguard.lh> <ung18n$161em$1@paganini.bofh.team> <1juwka01ksoy.dlg@b.rose.tmpbox.news.arcor.de> <unik1g$1et6o$1@paganini.bofh.team> <1a1kt5a462qr6$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 Jan 2024 05:54:19 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1836959"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:R9GfhNqhKEjgYuVdUsPKHZqKe296zwx5QOVKsol6f+I=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Wed, 10 Jan 2024 05:54 UTC

On Tue, 9 Jan 2024 18:47:57 +0100, Bernd Rose <b.rose.tmpbox@arcor.de> wrote

>> But I can't find any nntp examples for the setup of the stunnel.conf file.
>> https://www.google.com/search?q=stunnel.conf+example+nntp+starttls
>
> [Neodome]
> client = yes
> accept = 127.0.0.1:55555
> connect = news.neodome.net:119
> protocol = nntp
>
> should work. Adding any verification (verifyPeer or verifyChain) will fail,
> though, because this will (again) trigger the certificate expiration.
>
> Explanation:
> If you are able to connect through sTunnel to a server, the connection will
> always be encrypted. (Although, with the right setting, it is possible to
> use "null encryption" [aka a non-encrypting "encryption" method].) Telling
> sTunnel to connect with protocol NNTP on port 119 leads to a handshake with
> STARTTLS.

Thank you for showing me why all the googling in the world didn't find the
"protocol=STARTTLS" command that I had tested & tried & which failed on me.

Your exact port 119 STARTTLS configuration file worked perfectly with Dialog.
; Dialog Host: 127.0.0.1
; Dialog Port: 65535 (pick any unused port between 49152 & 65535)
; Dialog SSL: unchecked
; Dialog Username: (required)
; Dialog Password: (required)
; Dialog Allwd. conn.: 2
; Dialog Use pipelining (unchecked)
[Neodome]
client = yes
accept = 127.0.0.1:65535
connect = news.neodome.net:119
protocol = nntp

I don't understand what comes out of the sTunnel log file though.

Here's the sTunnel log for test message number 1.
LOG5[4]: Service [Neodome] accepted connection from 127.0.0.1:61463
LOG5[4]: s_connect: connected 95.216.243.224:119
LOG5[4]: Service [Neodome] connected remote server from 10.211.1.25:61464
LOG5[4]: Connection closed: 1538 byte(s) sent to TLS, 246 byte(s) sent to socket

Here's the sTunnel log for test message number 2.
LOG5[0]: Service [Neodome] accepted connection from 127.0.0.1:40720
LOG5[0]: s_connect: connected 95.216.243.224:119
LOG5[0]: Service [Neodome] connected remote server from 10.211.1.145:40721
LOG5[0]: Connection closed: 2213 byte(s) sent to TLS, 246 byte(s) sent to socket

First line in the sTunnel log file (accepted):
I never specified "127.0.0.1:61463" or "127.0.0.1:40720".

Third line in the sTunnel log file (connected):
I don't know what "10.211.1.25:61464" or "10.211.1.145:40721"

But it works!

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<unljtd$1ofg5$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1800&group=news.software.readers#1800

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Wed, 10 Jan 2024 03:18:54 -0500
Organization: To protect and to server
Message-ID: <unljtd$1ofg5$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <v1akekkmcrn9.dlg@v.nguard.lh> <undrv0$trmf$1@paganini.bofh.team> <18gy9f6axliam$.dlg@v.nguard.lh> <ungjvm$16ujd$1@paganini.bofh.team> <wazz56nkrzmc$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 Jan 2024 08:18:54 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1850885"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:VZF4X534QuIZYFzEbaR5C0o41jfeSdMBIsFEryWFeAw=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Wed, 10 Jan 2024 08:18 UTC

On Mon, 8 Jan 2024 18:21:53 +0100, Bernd Rose wrote:

> The "verify = X" is an outdated sTunnel option and replaced by a couple
> of other options, that are more descriptive (like "verifyChain = yes/no").
>
> Setting "verify = 0" means to request a certificate, but do no checking,
> at all. A better way to deal with a self-signed certificate would be, to
> download it from a secure location and keep it locally as peer-Neodome.pem
> (or any other name). Then use a sTunnel configuration entry like:
>
> [Neodome]
> client = yes
> accept = 127.0.0.1:62563
> connect = news.neodome.net:563
> verifyPeer = yes
> CAfile = peer-Neodome.pem
>
> As long as the certificate is unchanged on the server, encrypted connection
> would be established by sTunnel.
>
> To get the certificate in its current state, you can use the above sTunnel
> settings without the last 2 lines. Connect once to Neodome and use the
> sTunnel right mouse menu entry "Save Peer certificate -> peer-Neodome.pem"
> to retrieve the certificate into the local sTunnel certificate store. (This
> is inside the <config> subfolder of the main sTunnel directory or somewhere
> in the virtual store for sTunel.) Afterwards, add the last 2 lines to
> ensure the verification process. Please note, that in your case this will
> fail, because expired certificates are not acceptable for the verification!
>
> Another notice: Saving a certificate will be grayed out, as long as there
> was no recent connection to the server.

Thank you for that advice as the Stunnel "Save Peer Certificate" instance
does not last long (as you said it wouldn't) after you've posted articles.
Stunnel: Save Peer Certificate -> Peer-Neodome2.pem
If you've just posted, for example, it will not be grayed out.
But if you reload the configuration file, it instantly grays out.

When it's not grayed out, up comes a box saying:
Stunnel 5.69 on Win64
Peer certificate change has been saved.
Add the following lines to section [Neodome2]:
CAfile = peer-Neodome2.pem
verifyPeer = yes
to enable cryptographic authentication.
Then reload stunnel configuration file.

I didn't test adding it because, as you noted, it will fail on this
particular situation because the Neodome certificate has long expired.

Anyway, if others are using Neodome with Dialog (probably not likely), here
are the four different test suggestions from Bernd & Vanguard that worked.

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;{Neodome} stunnel.conf
; Use a different port for each identity between 49152 & 65535
; Stunnel log will always report at least these next four lines:
; Reading configuration from file (path)\stunnel.conf
; UTF-8 byte order mark detected
; FIPS mode disabled
; Configuration successful
; Like it or not, posting to news.neodome.net requires a login/password
; Like it or not, news.neodome.net requires at least a 10-char passwd
; Like it or not, the news.neodome.net certificate is self-signed
; Like it or not, the news.neodome.net certificate expired in 12/2020
; Like it or not, news.neodome.net REQUIRES encryption when posting
; Like it or not, Dialog (circa 2005) uses old encryption standards
; Like it or not, news.neodome.net won't accept Dialog port 119
; Like it or not, news.neodome.net won't accept Dialog port 119 SSL
; Like it or not, news.neodome.net won't accept Dialog port 563
; But news.neodome.net will accept Dialog port 563 with Dialog SSL
; Like it or not, Dialog port 563 SSL uses old encryption standards
; These four tests suggested by Bernd & Vanguard worked in Jan 2024
; 1. news.neodome.net accepts Dialog port 563 SSL posts
; 2. news.neodome.net accepts sTunnel port 119 STARTTLS posts
; 3. news.neodome.net accepts sTunnel port 563 posts (ignoring the cert)
; 4. news.neodome.net accepts sTunnel port 563 posts (acknowledging cert)
; Each solution below is tested workaround thanks to Bernd Rose & Vanguard
; Like it or not, Dialog obfuscates or omits some identify information
; So you may want to save that identify information here in stunnel.conf
; Neodome Identity: (archive your real email address here if you like)
; Dialog Identity: (archive your Dialog email address here if you like)
; Dialog Username = (archive your Dialog username here if you like)
; Dialog Password = (archive your Dialog password here if you like)
; System timezone: (archive your system timezone here if you like)
; Like it or not, SSL often cares about accurate time zone matching
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;{Neodome1}
; This method sets Dialog to use Dialog port 563 SSL encryption
; 40Tude Dialog will NOT use the latest encryption standards.
; sTunnel is not involved so the stunnel.conf should be empty
; Dialog Host: news.neodome.net
; Dialog Port: 563
; Dialog SSL: checked
; Dialog Username: (required)
; Dialog Password: (required)
; Dialog Allwd. conn.: 2
; Dialog Use pipelining (unchecked)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;{Neodome2}
; This method sets Dialog to use sTunnel port 119 STARTTLS.
; You'd think it wouldn't require a password, but it does.
; If you are able to connect through sTunnel to a server,
; that connection will always be encrypted (e.g., as STARTTLS).
; (Although, with the right setting, it is possible to use
; "null encryption" [aka a non-encrypting "encryption" method])
; Setting sTunnel to connect with protocol NNTP on port 119
; leads to a handshake with STARTTLS by default
; Like it or not, you'll see these sTunnel warnings with this entry
; LOG3[main]: No trusted certificates found
; LOG4[main]: Service [Neodome2] needs authentication to prevent MITM attacks
; Dialog Host: 127.0.0.1
; Dialog Port: 65535 (pick any unused port between 49152 & 65535)
; Dialog SSL: unchecked
; Dialog Username: (required)
; Dialog Password: (required)
; Dialog Allwd. conn.: 2
; Dialog Use pipelining (unchecked)
; For self-signed certificates that have not expired, a good way to
; deal with them is to download them & they will be checked against
; the existing non-expired self-signed certificate (which has no chain).
; In Stunnel, if you've recently posted, you can do the following:
; Stunnel: Save Peer Certificate -> Peer-Neodome2.pem
; Up comes a box saying:
; Stunnel 5.69 on Win64
; Peer certificate change has been saved.
; Add the following lines to section [Neodome2]:
; CAfile = peer-Neodome2.pem
; verifyPeer = yes
; to enable cryptographic authentication.
; Then reload stunnel configuration file.
; This approach will fail for neodome but only because it is expired
[Neodome2]
client = yes
accept = 127.0.0.1:65535
connect = news.neodome.net:119
protocol = nntp
; CAfile = peer-Neodome2.pem
; verifyPeer = yes
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;{Neodome3}
; This method sets Dialog to use sTunnel port 563 encryption
; Where this method does not even touch the certificate
; It's probably the best option because it uses current encryption
; Dialog Host: 127.0.0.1
; Dialog Port: 49152 (pick any unused port between 49152 & 65535)
; Dialog SSL: unchecked
; Dialog Username: (required)
; Dialog Password: (required)
; Dialog Allwd. conn.: 2
; Dialog Use pipelining (unchecked)
; Like it or not, you'll see these sTunnel warnings with this entry
; LOG3[main]: No trusted certificates found
; LOG4[main]: Service [Neodome3] needs authentication to prevent MITM attacks
; [Neodome3]
; client = yes
; accept = 127.0.0.1:49152
; connect = news.neodome.net:563
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;{Neodome4}
; This is a very minor variation on the method #3 tested above.
; This method sets Dialog to use sTunnel port 563 encryption
; Where this method requires but does not check the certificate
; The "verify = 0" was initially suggested by the Neodome admin
; The "verify = 0" requests a certificate but does not check it
; Dialog Host: 127.0.0.1
; Dialog Port: 49153 (pick any unused port between 49152 & 65535)
; Dialog SSL: unchecked
; Dialog Username: (required)
; Dialog Password: (required)
; Dialog Allwd. conn.: 2
; Dialog Use pipelining (unchecked)
; Like it or not, you'll see these sTunnel warnings with this entry
; LOG3[main]: No trusted certificates found
; LOG4[main]: Service [Neodome4] needs authentication to prevent MITM attacks
;[Neodome4]
; client = yes
; accept = 127.0.0.1:49153
; connect = news.neodome.net:563
; verify = 0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1msf58ovv7ztj$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1805&group=news.software.readers#1805

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Wed, 10 Jan 2024 19:49:50 +0100
Message-ID: <1msf58ovv7ztj$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh> <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de> <157xbin18xett$.dlg@v.nguard.lh> <ung18n$161em$1@paganini.bofh.team> <1juwka01ksoy.dlg@b.rose.tmpbox.news.arcor.de> <unik1g$1et6o$1@paganini.bofh.team> <1a1kt5a462qr6$.dlg@b.rose.tmpbox.news.arcor.de> <unlbea$1o1sv$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="313217"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (5b5ed9c8.204.269)
Cancel-Lock: sha1:n62xbwnYFyn8Wjv2e/Od1Hol7ss=
X-User-ID: eJwNwocRwDAIBLCVTHvDOJiy/wjJSSYg1FUY1PbnU9hLks71GKeVeNtZ+3r1e3fsDGlxhT5i6Ug4RqQ3JFLSMhA1vL6W9gHW0ho0
 by: Bernd Rose - Wed, 10 Jan 2024 18:49 UTC

On Wed, 10th Jan 2024 00:54:19 -0500, Ronald wrote:

> [Neodome]
> client = yes
> accept = 127.0.0.1:65535
> connect = news.neodome.net:119
> protocol = nntp> I don't understand what comes out of the sTunnel log file though.
>
> Here's the sTunnel log for test message number 1.
> LOG5[4]: Service [Neodome] accepted connection from 127.0.0.1:61463
> LOG5[4]: s_connect: connected 95.216.243.224:119
> LOG5[4]: Service [Neodome] connected remote server from 10.211.1.25:61464
> LOG5[4]: Connection closed: 1538 byte(s) sent to TLS, 246 byte(s) sent to socket
>
> Here's the sTunnel log for test message number 2.
> LOG5[0]: Service [Neodome] accepted connection from 127.0.0.1:40720
> LOG5[0]: s_connect: connected 95.216.243.224:119
> LOG5[0]: Service [Neodome] connected remote server from 10.211.1.145:40721
> LOG5[0]: Connection closed: 2213 byte(s) sent to TLS, 246 byte(s) sent to socket
>
> First line in the sTunnel log file (accepted):
> I never specified "127.0.0.1:61463" or "127.0.0.1:40720".

For a connection from Dialog to sTunnel to Neodome you need 4 sockets
(aka pairs of IP-address and port). For your test_message_1 these are:

127.0.0.1:61463 ... local Dialog port for connection to/from sTunnel
-> randomly chosen by Dialog and the OS
127.0.0.1:65535 ... local sTunnel port for connection to/from Dialog
-> predefined by you (Dialog and sTunnel settings)
10.211.1.145:61464 ... local sTunnel port for connection to/from Neodome
-> IP address is your remotely visible IP
-> next free local port chosen by sTunnel and the OS
95.216.243.224:119 ... remote Neodome port for connection to/from sTunnel
-> IP address is remote Neodome IP
-> fixed setting of Neodome server (standard port)

HTH.
Bernd

Pages:12
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor