Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Do not meddle in the affairs of troff, for it is subtle and quick to anger.


computers / news.admin.hierarchies / Proposal: Stop honoring unsigned control messages (*)

SubjectAuthor
* Proposal: Stop honoring unsigned control messages (*)Russ Allbery
+* Re: Proposal: Stop honoring unsigned control messages (*)Adam H. Kerman
|`* Re: Proposal: Stop honoring unsigned control messages (*)Russ Allbery
| +- Re: Proposal: Stop honoring unsigned control messages (*)Thomas Hochstein
| `* Re: Proposal: Stop honoring unsigned control messages (*)Adam H. Kerman
|  `* Re: Proposal: Stop honoring unsigned control messages (*)Russ Allbery
|   `* Re: Proposal: Stop honoring unsigned control messages (*)Thomas Hochstein
|    `* Re: Proposal: Stop honoring unsigned control messages (*)Russ Allbery
|     `- Re: Proposal: Stop honoring unsigned control messages (*)Richard Kettlewell
+* Re: Proposal: Stop honoring unsigned control messages (*)Julien_ÉLIE
|+- Re: Proposal: Stop honoring unsigned control messages (*)Russ Allbery
|`- Re: Proposal: Stop honoring unsigned control messages (*)Adam H. Kerman
+- Re: Proposal: Stop honoring unsigned control messages (*)Thomas Hochstein
`* Invalid from mailbox in control messages - was Re: Proposal: Stop honoD. Stussy
 `* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoRuss Allbery
  `* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoD. Stussy
   `* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoRuss Allbery
    +* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoAdam H. Kerman
    |+* Re: Invalid from mailbox in control messages - was Re: Proposal: StopJulien_ÉLIE
    ||`- Re: Proposal: Stop honoring unsigned control messagesAdam H. Kerman
    |`* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoRuss Allbery
    | `* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoAdam H. Kerman
    |  `* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoRuss Allbery
    |   `- Re: Proposal: Stop honoring unsigned control messagesAdam H. Kerman
    `* Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoD. Stussy
     `- Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoRuss Allbery

Pages:12
Subject: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Wed, 30 Jun 2021 16:27 UTC
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.killfile.org!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 09:27:20 -0700
Organization: The Eyrie
Message-ID: <878s2rxqqf.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="1367"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:NU7ukjnYypHdd7GS1Smn6B2qX24=
View all headers
(*) Except for alt.* and free.*, to the extent that anyone honors them.

Hi all,

I'm considering a policy change for the newsgroup lists maintained at
ftp.isc.org to only honor PGP-signed control messages except for alt.* and
free.* and wanted to run them by everyone.

Historically, control.ctl has included entries for large numbers of local,
regional, and language hierarchies that predate control message signing or
that didn't go to the trouble of creating PGP keys and setting up signing.
Since we didn't want to break anything when control message signing was
introduced, those entries were only changed if there was an abuse problem.
Many of those hierarchies are too small and obscure for anyone to have
bothered to forge control messages for them, even back in the heyday of
control message vandalism.

This has been bothering me for a while, though, since I have a rather
strong interest in making this system as automated as possible since I
have very little time to fix things manually.  Vandalism would be easy to
manually repair, but it would require I go do something about it, which is
unappealing.

Possibly more relevantly, I have not seen anyone who in theory is
maintaining any of those non-PGP hierarchies issue a valid control message
in years (probably more than ten years).  In practice, I don't believe
anyone is sending unsigned control messages except for alt.* and free.*
(which are intended to be a free-for-all left to each individual site to
manage), and I believe all of those legacy entries are effectively
defunct.

I am therefore proposing removing all non-PGP entries from control.ctl or,
alternately, leaving them there but commented out.  I'm kind of leaning
towards the former since if anyone cares about the history for some reason
they can get it from old versions of control.ctl in the INN repository or
from https://github.com/rra/control-archive/ (and I have no reason to
believe that the people identified with those email addresses still exist
or feel in any way responsible for those hierarchies), but I could be
convinced to leave them there commented out.

Thoughts?

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Wed, 30 Jun 2021 20:10 UTC
References: 1
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 20:10:01 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 93
Message-ID: <sbij2o$mc8$1@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org>
Injection-Date: Wed, 30 Jun 2021 20:10:01 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="114f4ac1fda4551f498a5698de62c8b3";
logging-data="22920"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+5D3ysD2oA16p3EuFSpRf3JH/lzd2cplk="
Cancel-Lock: sha1:b5Ru1UztOCQ9krH6Vd5cgCAB/18=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Russ Allbery <eagle@eyrie.org> wrote:

(*) Except for alt.* and free.*, to the extent that anyone honors them.

Hi all,

I'm considering a policy change for the newsgroup lists maintained at
ftp.isc.org to only honor PGP-signed control messages except for alt.* and
free.* and wanted to run them by everyone.

Well, I would prefer that you not do that.

chi.*, for instance, hasn't had a hierarchy administrator since Gerry
Swetsky moved away. He never sent a newgroup message to start a new
group that I recall, all groups were started before he was the
administrator. But if a group were proposed, we were supposed to
get together for an in-person meeting, probably called as Uniforum
Chicago or a successor if it's still meeting. It was pretty informal and
mostly an excuse to drink beer, if it ever happened. If people wanted a
new group, Gerry would have sent a newgroup message.

If anyone wanted to propose a newsgroup in a formerly administered regional
hierarchy and there are rules of any kind to follow, he'd have to declare
himself hierarchy administrator, or the act of sending the newgroup message
would be a default declaration of being hierarchy administrator with
respect to that one proposed newsgroup. Under such informal circumstances,
I recommend AGAINST a policy in which the hierarchy is delisted from
control.ctl without having implemented authenticated control messages.

In such a scenario, no, we don't need authenticated control messages.

Historically, control.ctl has included entries for large numbers of local,
regional, and language hierarchies that predate control message signing or
that didn't go to the trouble of creating PGP keys and setting up signing.

Unless any of the massive attacks included bogus newgroup messages in
any of these hierarchies, why would they have bothered to have
implemented authenticated control messages in the past?

Regional and language hierarchies were often run on an ad hoc basis.
Please leave them that way.

I haven't reviewed the documents in years, but rone's unified
control.ctl used to list a dozen local hierarchies with a note as to
which institution or News server provider they were for. I thought once
you took over the document, you purged them as they aren't Usenet, or
you moved the list to hierarchy-notes.

Since we didn't want to break anything when control message signing was
introduced, those entries were only changed if there was an abuse problem.
Many of those hierarchies are too small and obscure for anyone to have
bothered to forge control messages for them, even back in the heyday of
control message vandalism.

Well, yeah. And I would request that you continue to treat them as
"There is no problem to fix."

This has been bothering me for a while, though, since I have a rather
strong interest in making this system as automated as possible since I
have very little time to fix things manually.  Vandalism would be easy to
manually repair, but it would require I go do something about it, which is
unappealing.

Possibly more relevantly, I have not seen anyone who in theory is
maintaining any of those non-PGP hierarchies issue a valid control message
in years (probably more than ten years).  In practice, I don't believe
anyone is sending unsigned control messages except for alt.* and free.*
(which are intended to be a free-for-all left to each individual site to
manage), and I believe all of those legacy entries are effectively
defunct.

A lot of nearly dead hierarchies may still have a bit of discussion in
the *.general or equivalent newsgroup. Let's leave the option that if
there's an actual need to propose and create a new group, that there is
no requirement to implement authenticated control messages without a
need for it.

In fact, we probably don't want to implement authenticated control
messages in such ad hoc hierarchies as no one would remember where the
key went to. Wasn't the key to ba.* misplaced for close to a decade?

I am therefore proposing removing all non-PGP entries from control.ctl or,
alternately, leaving them there but commented out.  I'm kind of leaning
towards the former since if anyone cares about the history for some reason
they can get it from old versions of control.ctl in the INN repository or
from https://github.com/rra/control-archive/ (and I have no reason to
believe that the people identified with those email addresses still exist
or feel in any way responsible for those hierarchies), but I could be
convinced to leave them there commented out.

Thoughts?

Please don't.


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Julien_ÉLIE
Newsgroups: news.admin.hierarchies
Organization: Groupes francophones par TrigoFACILE
Date: Wed, 30 Jun 2021 20:17 UTC
References: 1
Path: i2pn2.org!i2pn.org!news.nntp4.net!news.gegeweb.eu!gegeweb.org!news.trigofacile.com!.POSTED.176.143-2-105.abo.bbox.fr!not-for-mail
From: iul...@nom-de-mon-site.com.invalid (Julien_ÉLIE)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 22:17:57 +0200
Organization: Groupes francophones par TrigoFACILE
Message-ID: <sbijhq$d10$1@news.trigofacile.com>
References: <878s2rxqqf.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 30 Jun 2021 20:18:02 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="176.143-2-105.abo.bbox.fr:176.143.2.105";
logging-data="13344"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <878s2rxqqf.fsf@hope.eyrie.org>
Content-Language: fr
View all headers
Hi Russ,

(*) Except for alt.* and free.*, to the extent that anyone honors them.

I'm considering a policy change for the newsgroup lists maintained at
ftp.isc.org to only honor PGP-signed control messages except for alt.* and
free.* and wanted to run them by everyone.
[...]
Thoughts?
I have no objection.
I reckon it is the right move to do.


I don't believe anyone is sending unsigned control messages except
for alt.* and free.* (which are intended to be a free-for-all left to
each individual site to manage)
Ok, though some newsgroup names are questionable (like free.biden.sucks created today) but that's another debate!
Separate active and newsgroups files containing only alt.* and free.* newsgroups may be provided by control-archive and put in ftp.isc.org (just a thought, to better enhance the difference).


I am therefore proposing removing all non-PGP entries from control.ctl or,
alternately, leaving them there but commented out.

I'm fine with removing non-PGP entries, including private, local, historic and defunct hierarchies.
The main argument would be that the control.ctl file is used as a configuration file, not as the memory of Usenet history.

Private hierarchies like bofh.* or szaf.*, and historic hierarchies like net.* or eug.*, which have a PGP key, will remain if I understand well.

As well as reserved hierarchies (control.*, example.*, to.* ...) for technical reasons.

--
Julien ÉLIE

« Ex nihilo nihil. » (Perse)


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Wed, 30 Jun 2021 20:43 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!news.nntp4.net!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 13:43:24 -0700
Organization: The Eyrie
Message-ID: <87pmw3w0b7.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="1367"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:5a60GnHb0s6MckDqcAJj4gERvvs=
View all headers
"Adam H. Kerman" <ahk@chinet.com> writes:

chi.*, for instance, hasn't had a hierarchy administrator since Gerry
Swetsky moved away. He never sent a newgroup message to start a new
group that I recall, all groups were started before he was the
administrator. But if a group were proposed, we were supposed to get
together for an in-person meeting, probably called as Uniforum Chicago
or a successor if it's still meeting. It was pretty informal and mostly
an excuse to drink beer, if it ever happened. If people wanted a new
group, Gerry would have sent a newgroup message.

The thing is, though is that none of this has happened.  Even ten years
ago, legitimate unsigned control messages basically don't exist.  So far
as I can tell, the last change to chi.* was Hipcrime sabotage that we had
to manually reverse because we still had this unauthenticated control
message policy.  In fact, nearly all chi.* control messages that are
archived are abusive sabotage.  Thankfully that hasn't happened since
2002, but if it happened again, it would be a giant mess and a huge pain
for me to clean up.

Historically, control.ctl has included entries for large numbers of
local, regional, and language hierarchies that predate control message
signing or that didn't go to the trouble of creating PGP keys and
setting up signing.

It turns out that I was probably wrong about this and David Lawrence
instead did tons of manual cleanup.  There are a bunch of forged control
messages for chi.*, for example, from back when this was common.

Unless any of the massive attacks included bogus newgroup messages in
any of these hierarchies, why would they have bothered to have
implemented authenticated control messages in the past?

With the above correction, I can note that this did happen, and yet they
still didn't implement authenticated control messages, unfortunately.  I
suspect in most cases that's because these folks are no longer using
Usenet, and in most cases (such as with Gary Swetsky) no longer have the
email addresses that they were using to send these messages (and in some
cases may no longer be alive; it's been 30 years in many cases).

I haven't reviewed the documents in years, but rone's unified
control.ctl used to list a dozen local hierarchies with a note as to
which institution or News server provider they were for. I thought once
you took over the document, you purged them as they aren't Usenet, or
you moved the list to hierarchy-notes.

I don't *think* I removed anything unless I could confirm that it was
defunct.  But lots of these hierarchies are just unmaintained and in use
but not changing the newsgroup list.

I see that what I did for wpg.* was replace the entry with:

## WPG (Winnipeg, Manitoba, Canada)
#
# This hierarchy is still in use, but it has no active maintainer.
# Control messages for this hierarchy should not be honored without
# confirming that the sender is the new hierarchy maintainer.

I could do something similar for the others, which would avoid losing the
URL if it still works.

Well, yeah. And I would request that you continue to treat them as
"There is no problem to fix."

The problem with doing this from my perspective is that at any point it
could turn into a giant problem for me to fix, and should that happen, the
amount of time I'd have to spend on it would be way higher than the amount
of time it would take for me to prevent this proactively now.

A lot of nearly dead hierarchies may still have a bit of discussion in
the *.general or equivalent newsgroup. Let's leave the option that if
there's an actual need to propose and create a new group, that there is
no requirement to implement authenticated control messages without a
need for it.

I think that's what my proposal does?

Removing them from control.ctl doesn't remove the newsgroups.  It just
means no changes will be honored, and the existing newsgroup list will be
kept as-is.  That seems fine?  If someone wants to change it, they would
have to create a PGP key and set up some software to issue the control
messages, which is a bit higher of a bar, but in practice this seems to
happen rarely and I'm sure a bunch of people here would be happy to help
if it came up.

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Wed, 30 Jun 2021 20:44 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.killfile.org!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 13:44:57 -0700
Organization: The Eyrie
Message-ID: <87lf6rw08m.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org>
<sbijhq$d10$1@news.trigofacile.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: hope.eyrie.org;
logging-data="1367"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:zTqxZawSNz0T472sEYjDYZulLoc=
View all headers
Julien ÉLIE <iulius@nom-de-mon-site.com.invalid> writes:

Ok, though some newsgroup names are questionable (like free.biden.sucks
created today) but that's another debate!

Oh, yeah, there's all sorts of nonsense in those hierarchies.

Separate active and newsgroups files containing only alt.* and free.*
newsgroups may be provided by control-archive and put in ftp.isc.org
(just a thought, to better enhance the difference).

If I did that, I would probably generate a new list without alt.* and
free.* and leave the existing one as-is so as not to break any of the
assumptions people are making about the current list.

I personally don't think the list of all alt.* and free.* groups anyone
has ever issued a control message for has very little value, but meh, I
inherited this and I don't feel strongly enough about it to change it.

Private hierarchies like bofh.* or szaf.*, and historic hierarchies like
net.* or eug.*, which have a PGP key, will remain if I understand well.

As well as reserved hierarchies (control.*, example.*, to.* ...) for
technical reasons.

Yes.

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Thomas Hochstein
Newsgroups: news.admin.hierarchies
Date: Wed, 30 Jun 2021 23:23 UTC
References: 1
Path: i2pn2.org!i2pn.org!aioe.org!news.mixmin.net!news2.arglkargh.de!news.karotte.org!news.szaf.org!thangorodrim.ancalagon.de!.POSTED.scatha.ancalagon.de!not-for-mail
From: thh...@thh.name (Thomas Hochstein)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Thu, 01 Jul 2021 01:23:01 +0200
Message-ID: <nah.20210701012258.1569@scatha.ancalagon.de>
References: <878s2rxqqf.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: thangorodrim.ancalagon.de; posting-host="scatha.ancalagon.de:10.0.1.1";
logging-data="32239"; mail-complaints-to="abuse@th-h.de"
User-Agent: ForteAgent/8.00.32.1272
Cancel-Lock: sha1:+t6p/tipv6/Wng9X0iQD6LoDwCk=
X-NNTP-Posting-Date: Thu, 01 Jul 2021 01:22:58 +0200
X-Face: *OX>R5kq$7DjZ`^-[<HL?'n9%\ZDfCz/_FfV0_tpx7w{Vv1*byr`TC\[hV:!SJosK'1gA>1t8&@'PZ-tSFT*=<}JJ0nXs{WP<@(=U!'bOMMOH&Q0}/(W_d(FTA62<r"l)J\)9ERQ9?6|_7T~ZV2Op*UH"2+1f9[va
X-Clacks-Overhead: GNU Terry Pratchett
View all headers
Russ Allbery schrieb:

I'm considering a policy change for the newsgroup lists maintained at
ftp.isc.org to only honor PGP-signed control messages except for alt.* and
free.* and wanted to run them by everyone.

No objections. control.ctl entries honoring unsigned control messages
are accidents waiting to happen.

I am therefore proposing removing all non-PGP entries from control.ctl or,
alternately, leaving them there but commented out.  I'm kind of leaning
towards the former since if anyone cares about the history for some reason
they can get it from old versions of control.ctl in the INN repository or
from https://github.com/rra/control-archive/ [...]

I would prefer to keep the entries commented out (or move them to
another file ..., just to keep them around for reference), as that
makes it easier to dive down in history or check for the existence of
a (former) hierarchy, compared to checking old git commits.

But if that's more work than just dropping them, that's okay, too.

-thh


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Thomas Hochstein
Newsgroups: news.admin.hierarchies
Date: Wed, 30 Jun 2021 23:28 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!news.mixmin.net!news2.arglkargh.de!news.karotte.org!news.szaf.org!thangorodrim.ancalagon.de!.POSTED.scatha.ancalagon.de!not-for-mail
From: thh...@thh.name (Thomas Hochstein)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Thu, 01 Jul 2021 01:28:09 +0200
Message-ID: <nah.20210701012805.1570@scatha.ancalagon.de>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me> <87pmw3w0b7.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: thangorodrim.ancalagon.de; posting-host="scatha.ancalagon.de:10.0.1.1";
logging-data="32239"; mail-complaints-to="abuse@th-h.de"
User-Agent: ForteAgent/8.00.32.1272
X-NNTP-Posting-Date: Thu, 01 Jul 2021 01:28:05 +0200
Cancel-Lock: sha1:6DkPSXlqY93/HMQZzmwUT+Lfuvc=
X-Face: *OX>R5kq$7DjZ`^-[<HL?'n9%\ZDfCz/_FfV0_tpx7w{Vv1*byr`TC\[hV:!SJosK'1gA>1t8&@'PZ-tSFT*=<}JJ0nXs{WP<@(=U!'bOMMOH&Q0}/(W_d(FTA62<r"l)J\)9ERQ9?6|_7T~ZV2Op*UH"2+1f9[va
X-Clacks-Overhead: GNU Terry Pratchett
View all headers
Russ Allbery schrieb:

Removing them from control.ctl doesn't remove the newsgroups.  It just
means no changes will be honored, and the existing newsgroup list will be
kept as-is.  That seems fine?  If someone wants to change it, they would
have to create a PGP key and set up some software to issue the control
messages, which is a bit higher of a bar, but in practice this seems to
happen rarely and I'm sure a bunch of people here would be happy to help
if it came up.

+1

I don't think the problem would be to set up signed control messages -
the problem would be to find someone who cares enough to send any
controls.


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Thu, 1 Jul 2021 04:21 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Thu, 1 Jul 2021 04:21:03 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 110
Message-ID: <sbjfre$6pv$1@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me> <87pmw3w0b7.fsf@hope.eyrie.org>
Injection-Date: Thu, 1 Jul 2021 04:21:03 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="8c3b2f5b48fcf2ac42899b9a05da688e";
logging-data="6975"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/UvUSWqxO3ape1BeR00vSBpK7anBjfsqQ="
Cancel-Lock: sha1:gHttr/qxjhOK+DntOR1XHDEfB1Y=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Russ Allbery <eagle@eyrie.org> wrote:
"Adam H. Kerman" <ahk@chinet.com> writes:

chi.*, for instance, hasn't had a hierarchy administrator since Gerry
Swetsky moved away. He never sent a newgroup message to start a new
group that I recall, all groups were started before he was the
administrator. But if a group were proposed, we were supposed to get
together for an in-person meeting, probably called as Uniforum Chicago
or a successor if it's still meeting. It was pretty informal and mostly
an excuse to drink beer, if it ever happened. If people wanted a new
group, Gerry would have sent a newgroup message.

The thing is, though is that none of this has happened.  Even ten years
ago, legitimate unsigned control messages basically don't exist.  So far
as I can tell, the last change to chi.* was Hipcrime sabotage that we had
to manually reverse because we still had this unauthenticated control
message policy.  In fact, nearly all chi.* control messages that are
archived are abusive sabotage.  Thankfully that hasn't happened since
2002, but if it happened again, it would be a giant mess and a huge pain
for me to clean up.

But weren't these sent as a massive denial-of-service attack and not
individually? Doesn't that allow you to thwart the attack?

Historically, control.ctl has included entries for large numbers of
local, regional, and language hierarchies that predate control message
signing or that didn't go to the trouble of creating PGP keys and
setting up signing.

It turns out that I was probably wrong about this and David Lawrence
instead did tons of manual cleanup.  There are a bunch of forged control
messages for chi.*, for example, from back when this was common.

Unless any of the massive attacks included bogus newgroup messages in
any of these hierarchies, why would they have bothered to have
implemented authenticated control messages in the past?

With the above correction, I can note that this did happen, and yet they
still didn't implement authenticated control messages, unfortunately.  I
suspect in most cases that's because these folks are no longer using
Usenet, and in most cases (such as with Gary Swetsky) no longer have the
email addresses that they were using to send these messages (and in some
cases may no longer be alive; it's been 30 years in many cases).

Swetsky's email address would have been recreated. CLOUT Project still
exists.

I haven't reviewed the documents in years, but rone's unified
control.ctl used to list a dozen local hierarchies with a note as to
which institution or News server provider they were for. I thought once
you took over the document, you purged them as they aren't Usenet, or
you moved the list to hierarchy-notes.

I don't *think* I removed anything unless I could confirm that it was
defunct.  But lots of these hierarchies are just unmaintained and in use
but not changing the newsgroup list.

I see that what I did for wpg.* was replace the entry with:

## WPG (Winnipeg, Manitoba, Canada)
#
# This hierarchy is still in use, but it has no active maintainer.
# Control messages for this hierarchy should not be honored without
# confirming that the sender is the new hierarchy maintainer.

I could do something similar for the others, which would avoid losing the
URL if it still works.

Well, yeah. And I would request that you continue to treat them as
"There is no problem to fix."

The problem with doing this from my perspective is that at any point it
could turn into a giant problem for me to fix, and should that happen, the
amount of time I'd have to spend on it would be way higher than the amount
of time it would take for me to prevent this proactively now.

This would end archiving of control messages, then.

A lot of nearly dead hierarchies may still have a bit of discussion in
the *.general or equivalent newsgroup. Let's leave the option that if
there's an actual need to propose and create a new group, that there is
no requirement to implement authenticated control messages without a
need for it.

I think that's what my proposal does?

Removing them from control.ctl doesn't remove the newsgroups.  It just
means no changes will be honored, and the existing newsgroup list will be
kept as-is.  That seems fine?

I'm saying if there is a need to send a newgroup message, you would
rather complicate matters.

If someone wants to change it, they would
have to create a PGP key and set up some software to issue the control
messages, which is a bit higher of a bar, but in practice this seems to
happen rarely and I'm sure a bunch of people here would be happy to help
if it came up.

How would you know it's not a troll? That's the trouble with taking
responsibiity for an unfamiliar hierarchy. I'm guessing what would
happen is you'd just end up creating a key yourself.

I don't have a good suggestion that doesn't require manual intervention
either way. If no one is maintaining a hierarchy, not even an
occassional checkgroups, maybe an exchange of emails is necessary should
someone issue a newgroup message before you archive it.

What if you delayed processing the messages for archiving to prevent a
denial of service attack?


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Thu, 1 Jul 2021 04:45 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!news.nntp4.net!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 21:45:42 -0700
Organization: The Eyrie
Message-ID: <87k0maabgp.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me>
<87pmw3w0b7.fsf@hope.eyrie.org> <sbjfre$6pv$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="11037"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:KuklV+haCY1yjPYhn4CErZrI2Ow=
View all headers
"Adam H. Kerman" <ahk@chinet.com> writes:
Russ Allbery <eagle@eyrie.org> wrote:

The thing is, though is that none of this has happened.  Even ten years
ago, legitimate unsigned control messages basically don't exist.  So
far as I can tell, the last change to chi.* was Hipcrime sabotage that
we had to manually reverse because we still had this unauthenticated
control message policy.  In fact, nearly all chi.* control messages
that are archived are abusive sabotage.  Thankfully that hasn't
happened since 2002, but if it happened again, it would be a giant mess
and a huge pain for me to clean up.

But weren't these sent as a massive denial-of-service attack and not
individually? Doesn't that allow you to thwart the attack?

No.  I mean, maybe there's some theoretical filter that could be written
that would do this, but I don't have anything like that (and malicious
people evade filters like that so it would need to be adaptive).  And the
whole point for me is that I have about an hour a month to spend on this
stuff, which is definitely not enough time to write an anti-abuse filter.

Removing them from control.ctl doesn't remove the newsgroups.  It just
means no changes will be honored, and the existing newsgroup list will
be kept as-is.  That seems fine?

I'm saying if there is a need to send a newgroup message, you would
rather complicate matters.

This is true in that right now anyone in the world can just send a
newgroup message.  So yes, the whole point of my proposal is to complicate
things, because alas I can't complicate things for the bad guys without
also complicating things for the good guys.

Both the bad guys and the good guys are nonexistent at the moment, which
is what makes this a tricky decision.  My opinion is that the bad guys are
more likely to appear in the future than the good guys.  (Sadly, I've
probably skewed things in that direction by even bringing this topic up.)

If someone wants to change it, they would have to create a PGP key and
set up some software to issue the control messages, which is a bit
higher of a bar, but in practice this seems to happen rarely and I'm
sure a bunch of people here would be happy to help if it came up.

How would you know it's not a troll?

It seems quite likely that other people who use the hierarchy would object
if a troll went to all the rather noisy and public work of setting up a
key and discussing it in news.admin.hierarchies and the approrpriate group
within the hierarchy (which is something we could enforce).

I don't have a good suggestion that doesn't require manual intervention
either way. If no one is maintaining a hierarchy, not even an
occassional checkgroups, maybe an exchange of emails is necessary should
someone issue a newgroup message before you archive it.

Yes, exactly.  (Well, honor it; currently everything gets archived that
isn't obviously malformed.)  Requiring PGP will guarantee that exchange of
emails happens.  :)

What if you delayed processing the messages for archiving to prevent a
denial of service attack?

This still requires I go manually do something to stop an attack in
process, though.  (Plus write all the code to do that.)  Also, in the
past, these started with a few forged messages and then only escalated
into a denial of service attack later, plus there were other cases where
people sent one-off messages to screw with people.  The Hipcrime-style
attack obviously makes the biggest mess, but the whole thing is an
attractive nuisance right now.

BTW, for full information, I did just see an unsigned but apparently valid
checkgroups message today, so apparently at least one hierarchy is sending
them (greenend.*).  It is possible that they're out there and I'm not
seeing them, too, since I may not have a full control feed and definitely
don't accept all newsgroups.

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Thomas Hochstein
Newsgroups: news.admin.hierarchies
Date: Thu, 1 Jul 2021 05:40 UTC
References: 1 2 3 4 5
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.szaf.org!thangorodrim.ancalagon.de!.POSTED.scatha.ancalagon.de!not-for-mail
From: thh...@thh.name (Thomas Hochstein)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Thu, 01 Jul 2021 07:40:33 +0200
Message-ID: <nah.20210701074033.1571@scatha.ancalagon.de>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me> <87pmw3w0b7.fsf@hope.eyrie.org> <sbjfre$6pv$1@dont-email.me> <87k0maabgp.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: thangorodrim.ancalagon.de; posting-host="scatha.ancalagon.de:10.0.1.1";
logging-data="22937"; mail-complaints-to="abuse@th-h.de"
User-Agent: ForteAgent/8.00.32.1272
X-NNTP-Posting-Date: Thu, 01 Jul 2021 07:40:33 +0200
X-Face: *OX>R5kq$7DjZ`^-[<HL?'n9%\ZDfCz/_FfV0_tpx7w{Vv1*byr`TC\[hV:!SJosK'1gA>1t8&@'PZ-tSFT*=<}JJ0nXs{WP<@(=U!'bOMMOH&Q0}/(W_d(FTA62<r"l)J\)9ERQ9?6|_7T~ZV2Op*UH"2+1f9[va
X-Clacks-Overhead: GNU Terry Pratchett
Cancel-Lock: sha1:OL7CiGx282w7XXO3jABIs692J3o=
View all headers
Russ Allbery schrieb:

BTW, for full information, I did just see an unsigned but apparently valid
checkgroups message today, so apparently at least one hierarchy is sending
them (greenend.*).

A private hierachy that was not part of the last Master List I could
find - and I don't doubt that the people of
http://www.greenend.org.uk/ would be able to sign control messages
if they cared. :)


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Thu, 1 Jul 2021 06:29 UTC
References: 1 2 3 4 5 6
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.killfile.org!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 30 Jun 2021 23:29:39 -0700
Organization: The Eyrie
Message-ID: <87eecia6ng.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me>
<87pmw3w0b7.fsf@hope.eyrie.org> <sbjfre$6pv$1@dont-email.me>
<87k0maabgp.fsf@hope.eyrie.org>
<nah.20210701074033.1571@scatha.ancalagon.de>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="11037"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:BEBKKN8cS2Jt5rYXbOuWfbnIcsc=
View all headers
Thomas Hochstein <thh@thh.name> writes:
Russ Allbery schrieb:

BTW, for full information, I did just see an unsigned but apparently
valid checkgroups message today, so apparently at least one hierarchy
is sending them (greenend.*).

A private hierachy that was not part of the last Master List I could
find - and I don't doubt that the people of
http://www.greenend.org.uk/ would be able to sign control messages
if they cared. :)

Yeah, I'm pretty sure this is just unintentional leakage from some private
peering and not all that relevant to this discussion.

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Richard Kettlewell
Newsgroups: news.admin.hierarchies
Organization: terraraq NNTP server
Date: Thu, 1 Jul 2021 07:25 UTC
References: 1 2 3 4 5 6 7
Path: i2pn2.org!i2pn.org!news.nntp4.net!nntp.terraraq.uk!.POSTED.nntp.terraraq.uk!not-for-mail
From: inva...@invalid.invalid (Richard Kettlewell)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Thu, 01 Jul 2021 08:25:12 +0100
Organization: terraraq NNTP server
Message-ID: <87fswyebs7.fsf@LkoBDZeT.terraraq.uk>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbij2o$mc8$1@dont-email.me>
<87pmw3w0b7.fsf@hope.eyrie.org> <sbjfre$6pv$1@dont-email.me>
<87k0maabgp.fsf@hope.eyrie.org>
<nah.20210701074033.1571@scatha.ancalagon.de>
<87eecia6ng.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: mantic.terraraq.uk; posting-host="nntp.terraraq.uk:2a00:1098:0:86:1000:3f:0:2";
logging-data="6425"; mail-complaints-to="usenet@mantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Cancel-Lock: sha1:lIjr9Eerdk7QB+qOZmGz/r6H3ig=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
+r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
View all headers
Russ Allbery <eagle@eyrie.org> writes:
Thomas Hochstein <thh@thh.name> writes:
Russ Allbery schrieb:
BTW, for full information, I did just see an unsigned but apparently
valid checkgroups message today, so apparently at least one hierarchy
is sending them (greenend.*).

A private hierachy that was not part of the last Master List I could
find - and I don't doubt that the people of
http://www.greenend.org.uk/ would be able to sign control messages
if they cared. :)

Yeah, I'm pretty sure this is just unintentional leakage from some private
peering and not all that relevant to this discussion.

That’s correct.

--
https://www.greenend.org.uk/rjk/


Subject: Re: Proposal: Stop honoring unsigned control messages (*)
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Wed, 14 Jul 2021 15:40 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 14 Jul 2021 15:40:38 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 68
Message-ID: <scn0hm$va2$1@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sbijhq$d10$1@news.trigofacile.com>
Injection-Date: Wed, 14 Jul 2021 15:40:38 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="7d435aaead611cebf600b3ebb851218a";
logging-data="32066"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+JItUaihtVujzh4NcpVBW34xcyws60XuM="
Cancel-Lock: sha1:7YhMr89tcezFvot+2njmpigMM9k=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Julien <iulius@nom-de-mon-site.com.invalid> wrote:

Hi Russ,

(*) Except for alt.* and free.*, to the extent that anyone honors them.

I'm considering a policy change for the newsgroup lists maintained at
ftp.isc.org to only honor PGP-signed control messages except for alt.* and
free.* and wanted to run them by everyone.

[...]

Thoughts?

I have no objection.
I reckon it is the right move to do.

I don't believe anyone is sending unsigned control messages except
for alt.* and free.* (which are intended to be a free-for-all left to
each individual site to manage)

Ok, though some newsgroup names are questionable (like free.biden.sucks
created today) but that's another debate!
Separate active and newsgroups files containing only alt.* and free.*
newsgroups may be provided by control-archive and put in ftp.isc.org
(just a thought, to better enhance the difference).

I've been thinking about this.

The issue isn't just whether Russ would allow the sample active and
newsgroups files to be updated. The more important issue is whether the
control messages would get archived. If for some reason the sample
active and newsgroups files weren't updated, it's necessary to check the
archive for bad syntax on the Newsgroups file line.

The only question might be if Russ were willing to run a second INN
server for this purpose. Leave the existing server as is. On the new
server, just process and archived signed control messages, which means
not including alt.* and free.*.

Russ's concern about a technical troll attacking the archiving INN
server but continuing to process alt.* and free.* control messages
doesn't sound like Russ could actually allow the thing to run
automatically without ever cleaning up after an attack.

I am therefore proposing removing all non-PGP entries from control.ctl or,
alternately, leaving them there but commented out.

I'm fine with removing non-PGP entries, including private, local,
historic and defunct hierarchies.
The main argument would be that the control.ctl file is used as a
configuration file, not as the memory of Usenet history.

It has less to do with nostalgia but checking to see if anyone is
attempting to revive communication in long unused newsgroups. That's why
they remained. The other purpose is to let a News administrator know the
most basic information about a hierarchy so he doesn't have to wonder
about having received a control message in a hierarchy he's unfamiliar
with.

I need to finish my list. The only hierarchies that shouldn't appear in
control.ctl are local. Again, "local" means "not Usenet" as it's local
within a network and its articles aren't intended to be distributed
beyond the network. "Regional" means the hierarchy is meant to contain
newsgroups in which topics are discussed in relation to a specific
geographical area.

. . .


Subject: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: D. Stussy
Newsgroups: news.admin.hierarchies
Date: Sat, 17 Jul 2021 05:13 UTC
References: 1
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.snarked.org!not-for-mail
From: spa...@spam.org (D. Stussy)
Newsgroups: news.admin.hierarchies
Subject: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Fri, 16 Jul 2021 22:13:03 -0700
Lines: 6
Message-ID: <sctot0$445$1@server.snarked.org>
References: <878s2rxqqf.fsf@hope.eyrie.org>
Reply-To: "D. Stussy" <newsgroups+replies@kd6lvw.ampr.org>
Mime-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 17 Jul 2021 05:13:04 -0000 (UTC)
Injection-Info: server.snarked.org; posting-host="71-38-231-91.lsv2.qwest.net:71.38.231.91";
logging-data="4229"; mail-complaints-to="newsmaster+complaints@snarked.org"
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
Importance: Normal
X-No-Archive: Yes
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Live Mail 15.4.3538.513
In-Reply-To: <878s2rxqqf.fsf@hope.eyrie.org>
View all headers
"Russ Allbery"  wrote in message news:878s2rxqqf.fsf@hope.eyrie.org...

(*) Except for alt.* and free.*, to the extent that anyone honors them.

Hi all,

I'm considering a policy change for the newsgroup lists maintained at
ftp.isc.org to only honor PGP-signed control messages except for alt.* and
free.* and wanted to run them by everyone.

Historically, control.ctl has included entries for large numbers of local,
regional, and language hierarchies that predate control message signing or
that didn't go to the trouble of creating PGP keys and setting up signing.
Since we didn't want to break anything when control message signing was
introduced, those entries were only changed if there was an abuse problem.
Many of those hierarchies are too small and obscure for anyone to have
bothered to forge control messages for them, even back in the heyday of
control message vandalism.

This has been bothering me for a while, though, since I have a rather
strong interest in making this system as automated as possible since I
have very little time to fix things manually.  Vandalism would be easy to
manually repair, but it would require I go do something about it, which is
unappealing.

Possibly more relevantly, I have not seen anyone who in theory is
maintaining any of those non-PGP hierarchies issue a valid control message
in years (probably more than ten years).  In practice, I don't believe
anyone is sending unsigned control messages except for alt.* and free.*
(which are intended to be a free-for-all left to each individual site to
manage), and I believe all of those legacy entries are effectively
defunct.

I am therefore proposing removing all non-PGP entries from control.ctl or,
alternately, leaving them there but commented out.  I'm kind of leaning
towards the former since if anyone cares about the history for some reason
they can get it from old versions of control.ctl in the INN repository or
from https://github.com/rra/control-archive/ (and I have no reason to
believe that the people identified with those email addresses still exist
or feel in any way responsible for those hierarchies), but I could be
convinced to leave them there commented out.

Thoughts?
===================
Under the current scheme, invalid mailboxes (and even a NULL string) are accepted for some control messages where they shouldn't be. Only the "drop" action (in file "control.ctl") can have the mailbox match be "*", because that is a "don't care" case.

The 'from' field in control.ctl should be changed from "*" (where that appears) to "?*@?*.??*" to make certain that a legal mailbox is accepted.  "*" by itself will match 0 characters, so the adjacent "?"s make certain that each component has at least one character.  The domain side basically needs two components with an intervening dot.  Although "localhost" is an acceptable domain, it is not useful in this context, so I intentionally suggest a syntactic pattern match that excludes it.  Some patterns with matching text may also need "*" changed to "?*" for positive actions (i.e. not drop).

What this change does:
- No NULL usernames.  Must have at least 1 non-whitespace character.  Although UTF-8 may be allowed in the text comment accompanying a mailbox (usually a quoted name), only the printable ASCII set is permitted for the mailbox.
- TLDs must be at least 2 characters (and not end with a digit or dash).
- There must be at least 2 domain components ('localhost' specifically denied).

This change would then be used in combination with some exclusion rules that go after various bad mailboxes and/or mailbox syntax such as those containing two ".." in a row, ".-", etc.  I use these entries in my file "control.ctl.local":

## INVALID, BOGUS, & RESERVED MAILBOX PATTERNS (AFTER "?*@?*.??*" APPLIED)
## ------------------------------------------------------------------------
all:*@*[^-.0-9a-z]*|*@[-.]*|*@*.[-.]*|*@*-.*|*@*[^a-z.]|*@*[^a-z].:*:drop
all:*[^!-?A-~]*@*|[-.]*@*|*.[-.]*@*|*[-.]@*|*-.*@*|*fuck*@*|poster:*:drop

One could go further to deny the "example", "invalid", and "test" TLDs, and "example" SLDs, but I chose not to do that here.  (I do filter for such in my "cleanfeed.local" file).



Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Sat, 24 Jul 2021 23:08 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Sat, 24 Jul 2021 16:08:27 -0700
Organization: The Eyrie
Message-ID: <87bl6rz4wk.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sctot0$445$1@server.snarked.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="10003"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:ipZcRpBJymO6RWqAxSYAQQUre58=
View all headers
"D. Stussy" <spam@spam.org> writes:

Under the current scheme, invalid mailboxes (and even a NULL string) are
accepted for some control messages where they shouldn't be. Only the
"drop" action (in file "control.ctl") can have the mailbox match be "*",
because that is a "don't care" case.

The 'from' field in control.ctl should be changed from "*" (where that
appears) to "?*@?*.??*" to make certain that a legal mailbox is
accepted.  "*" by itself will match 0 characters, so the adjacent "?"s
make certain that each component has at least one character.  The domain
side basically needs two components with an intervening dot.  Although
"localhost" is an acceptable domain, it is not useful in this context,
so I intentionally suggest a syntactic pattern match that excludes it.
Some patterns with matching text may also need "*" changed to "?*" for
positive actions (i.e. not drop).

I feel like this sort of tweak just makes the file harder to read and
understand without really accomplishing anything.  Those control messages
are only honored for alt.* and free.* anyway, and those hierarchies are a
free-for-all (by design).  I feel like there's a very long history of
people trying to "clean up" alt.* while missing the point that the way you
do that is have a managed hierarchy rather than using alt.*.

I'm also unconvinced that this will have any practical effect.  The folks
issuing control messages will just switch to valid but bogus addresses,
which is more trivial to do than it is for me to constantly tweak wildcard
patterns.  It's an arms race where the available resources are completely
disproportional (and not in my favor).

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: D. Stussy
Newsgroups: news.admin.hierarchies
Date: Tue, 10 Aug 2021 06:13 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.snarked.org!not-for-mail
From: spa...@spam.org (D. Stussy)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Mon, 9 Aug 2021 23:13:19 -0700
Lines: 2
Message-ID: <set5du$7eb$1@server.snarked.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sctot0$445$1@server.snarked.org> <87bl6rz4wk.fsf@hope.eyrie.org>
Reply-To: "D. Stussy" <newsgroups+replies@kd6lvw.ampr.org>
Mime-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 10 Aug 2021 06:13:18 -0000 (UTC)
Injection-Info: server.snarked.org; posting-host="71-38-231-91.lsv2.qwest.net:71.38.231.91";
logging-data="7627"; mail-complaints-to="newsmaster+complaints@snarked.org"
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
Importance: Normal
X-Newsreader: Microsoft Windows Live Mail 15.4.3538.513
X-MSMail-Priority: Normal
In-Reply-To: <87bl6rz4wk.fsf@hope.eyrie.org>
X-No-Archive: Yes
X-Priority: 3
View all headers
"Russ Allbery"  wrote in message news:87bl6rz4wk.fsf@hope.eyrie.org...
"D. Stussy" <spam@spam.org> writes:
Under the current scheme, invalid mailboxes (and even a NULL string) are
accepted for some control messages where they shouldn't be. Only the
"drop" action (in file "control.ctl") can have the mailbox match be "*",
because that is a "don't care" case.

The 'from' field in control.ctl should be changed from "*" (where that
appears) to "?*@?*.??*" to make certain that a legal mailbox is
accepted.  "*" by itself will match 0 characters, so the adjacent "?"s
make certain that each component has at least one character.  The domain
side basically needs two components with an intervening dot.  Although
"localhost" is an acceptable domain, it is not useful in this context,
so I intentionally suggest a syntactic pattern match that excludes it.
Some patterns with matching text may also need "*" changed to "?*" for
positive actions (i.e. not drop).

I feel like this sort of tweak just makes the file harder to read and
understand without really accomplishing anything.  Those control messages
are only honored for alt.* and free.* anyway, and those hierarchies are a
free-for-all (by design).  I feel like there's a very long history of
people trying to "clean up" alt.* while missing the point that the way you
do that is have a managed hierarchy rather than using alt.*.

I'm also unconvinced that this will have any practical effect.  The folks
issuing control messages will just switch to valid but bogus addresses,
which is more trivial to do than it is for me to constantly tweak wildcard
patterns.  It's an arms race where the available resources are completely
disproportional (and not in my favor).
==========
1) I did not limit my suggestion to just alt/free.*.  It applies to ALL hierarchies where the mailbox field has a wildcard and the action is not "drop."
2) It will eliminate many of the poorly formatted fake control messages which do not use syntactically valid mailboxes.

I examined the past control message archive.  Out of about 85,000 groups, only about 35,000 have valid newgroup messages.  The other 50,000 fell into three categories:  Bad newsgroup names, bad from mailboxes, and omitting the "For your newsgroups file:" line followed by the group description on the next line.

What does it save:  It saves e-mailing the usenet site administrator with bogus messages as the default action for newgroup, rmgroup, and checkgroups is "mail."  This way, bad from mailbox messages get dropped (as they should regardless of whether the mail server will reject them or not).

A "free-for-all" design shouldn't accept syntactically incorrect messages.  What good is having standards if they're not enforced?

Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Tue, 10 Aug 2021 16:47 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Tue, 10 Aug 2021 09:47:11 -0700
Organization: The Eyrie
Message-ID: <8735rhz1ps.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sctot0$445$1@server.snarked.org>
<87bl6rz4wk.fsf@hope.eyrie.org> <set5du$7eb$1@server.snarked.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="10925"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:31BJjnhDHG1GykNvkSTAZgdUB3c=
View all headers
"D. Stussy" <spam@spam.org> writes:

1) I did not limit my suggestion to just alt/free.*.  It applies to ALL
hierarchies where the mailbox field has a wildcard and the action is not
"drop."

It's irrelevant to anything other than alt.* and free.* because those are
the only ones that allow wildcard control messages, no?  I think there may
be a few other minor exceptions, but nothing that I've seen in any
significant numbers in many years.

2) It will eliminate many of the poorly formatted fake control messages
which do not use syntactically valid mailboxes.

What fake control messages are you seeing that aren't for alt.* and
free.*?

I examined the past control message archive.

What goes into control.ctl is irrelevant to the control message archive.

Out of about 85,000 groups, only about 35,000 have valid newgroup
messages.  The other 50,000 fell into three categories:  Bad newsgroup
names, bad from mailboxes, and omitting the "For your newsgroups file:"
line followed by the group description on the next line.

Did you look at the dates?  This is almost entirely stuff that was
archived 15 or 20 years ago.

If you're saying that I should go through the archive and delete old
invalid control messages from it, that's a whole different argument.  But
nothing about control.ctl has any influence on that.

What does it save:  It saves e-mailing the usenet site administrator
with bogus messages as the default action for newgroup, rmgroup, and
checkgroups is "mail."

How many of these do you get a week?  What actual impact would this have?

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Tue, 10 Aug 2021 17:39 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Tue, 10 Aug 2021 17:39:24 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 43
Message-ID: <seudkc$nu3$1@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org> <87bl6rz4wk.fsf@hope.eyrie.org> <set5du$7eb$1@server.snarked.org> <8735rhz1ps.fsf@hope.eyrie.org>
Injection-Date: Tue, 10 Aug 2021 17:39:24 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="5e2ea855ba8d59902325e82c9dd340a6";
logging-data="24515"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+cb16DIkVoh0E+i4Bpd+t/ALQQQKp1/nk="
Cancel-Lock: sha1:jF324E/3FcUM5cftiz/vanLyV2s=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Russ Allbery <eagle@eyrie.org> wrote:
"D. Stussy" <spam@spam.org> writes:

1) I did not limit my suggestion to just alt/free.*.  It applies to ALL
hierarchies where the mailbox field has a wildcard and the action is not
"drop."

It's irrelevant to anything other than alt.* and free.* because those are
the only ones that allow wildcard control messages, no?  I think there may
be a few other minor exceptions, but nothing that I've seen in any
significant numbers in many years.

2) It will eliminate many of the poorly formatted fake control messages
which do not use syntactically valid mailboxes.

What fake control messages are you seeing that aren't for alt.* and
free.*?

I examined the past control message archive.

What goes into control.ctl is irrelevant to the control message archive.

Waitaminit.

I thought the whole point of this that you were no longer intending to
archive control messages that weren't from hierarchies with PGP signing.

Out of about 85,000 groups, only about 35,000 have valid newgroup
messages.  The other 50,000 fell into three categories:  Bad newsgroup
names, bad from mailboxes, and omitting the "For your newsgroups file:"
line followed by the group description on the next line.

Did you look at the dates?  This is almost entirely stuff that was
archived 15 or 20 years ago.

If you're saying that I should go through the archive and delete old
invalid control messages from it, that's a whole different argument.  But
nothing about control.ctl has any influence on that.

Please don't do that. The point of the archive it to save the invalid
along with the valid.

. . .


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Julien_ÉLIE
Newsgroups: news.admin.hierarchies
Organization: Groupes francophones par TrigoFACILE
Date: Tue, 10 Aug 2021 19:12 UTC
References: 1 2 3 4 5
Path: i2pn2.org!i2pn.org!news.nntp4.net!news.gegeweb.eu!gegeweb.org!news.trigofacile.com!.POSTED.san13-h02-176-143-2-105.dsl.sta.abo.bbox.fr!not-for-mail
From: iul...@nom-de-mon-site.com.invalid (Julien_ÉLIE)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop
honoring unsigned control messages (*)
Date: Tue, 10 Aug 2021 21:12:30 +0200
Organization: Groupes francophones par TrigoFACILE
Message-ID: <seuj34$8u4$1@news.trigofacile.com>
References: <878s2rxqqf.fsf@hope.eyrie.org> <87bl6rz4wk.fsf@hope.eyrie.org>
<set5du$7eb$1@server.snarked.org> <8735rhz1ps.fsf@hope.eyrie.org>
<seudkc$nu3$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 10 Aug 2021 19:12:36 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="san13-h02-176-143-2-105.dsl.sta.abo.bbox.fr:176.143.2.105";
logging-data="9156"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
Gecko/20100101 Thunderbird/78.12.0
In-Reply-To: <seudkc$nu3$1@dont-email.me>
Content-Language: fr
View all headers
Hi Adam,

Waitaminit.

I thought the whole point of this that you were no longer intending to
archive control messages that weren't from hierarchies with PGP signing.

The subject of this thread is "stop honoring" (that is to say actually creating and removing newsgroups in the ftp.isc.org active file), not "stop archiving"...

--
Julien ÉLIE

« – Attention, vous autres ; le chef a dit de le ramener vivant !
   – Finasser ! Toujours finasser ! » (Astérix)


Subject: Re: Proposal: Stop honoring unsigned control messages
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Tue, 10 Aug 2021 20:02 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages
Date: Tue, 10 Aug 2021 20:02:37 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 26
Message-ID: <seum0t$e5m$1@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org> <8735rhz1ps.fsf@hope.eyrie.org> <seudkc$nu3$1@dont-email.me> <seuj34$8u4$1@news.trigofacile.com>
Injection-Date: Tue, 10 Aug 2021 20:02:37 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="5e2ea855ba8d59902325e82c9dd340a6";
logging-data="14518"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19B2FVeSx0JBEjEwP+LGceHwURI1rI3cNo="
Cancel-Lock: sha1:acuJC74w/DS1A77T1vSpc1hzG6k=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Julien <iulius@nom-de-mon-site.com.invalid> wrote:

Hi Adam,

Waitaminit.

I thought the whole point of this that you were no longer intending to
archive control messages that weren't from hierarchies with PGP signing.

The subject of this thread is "stop honoring" (that is to say actually
creating and removing newsgroups in the ftp.isc.org active file), not
"stop archiving"...

All that does is check for a newsgroups file line in proper syntax!

I just don't see how that's going to prevent a denial-of-service attack.
I understand Russ doesn't have time to deal with attacks but I'm not
following this at all.

As long as Russ intends to maintain the archives, I don't care if the
sample active and newsgroups files get updated. I was objecting to the
loss of the archives.

It'll be a loss to anyone setting up a News server that simply wanted to
use the sample active and newsgroups files but I never thought that was
a brilliant idea.


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Tue, 10 Aug 2021 20:12 UTC
References: 1 2 3 4 5
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.killfile.org!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Tue, 10 Aug 2021 13:12:33 -0700
Organization: The Eyrie
Message-ID: <87tujxxdn2.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <87bl6rz4wk.fsf@hope.eyrie.org>
<set5du$7eb$1@server.snarked.org> <8735rhz1ps.fsf@hope.eyrie.org>
<seudkc$nu3$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="21004"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:mbKe+jqOYLZkmV1MxWOogAEvRy8=
View all headers
"Adam H. Kerman" <ahk@chinet.com> writes:

Waitaminit.

I thought the whole point of this that you were no longer intending to
archive control messages that weren't from hierarchies with PGP signing.

No, this whole thread was only about the default control.ctl from INN and
ftp.isc.org and the ftp.isc.org newsgroup list.

ISC hosts the archive and I don't feel any particular need to clean it up.
People have spammed it with all sorts of crap.  I added some basic
anti-binary filtering to keep from dealing with stupid copyright nonsense,
and otherwise it doesn't take up much space and I don't realy care.
(Please no one do anything that makes me have to care.)

At some point I may go clean up the archived control messages for
literally syntactically invalid groups that would never be archived today
(there are archive files for nonsense like group names containing *), but
realistlcally I'm too busy with other things and probably won't get around
to it.

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Wed, 11 Aug 2021 03:01 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Wed, 11 Aug 2021 03:01:34 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <seveid$8ov$1@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org> <8735rhz1ps.fsf@hope.eyrie.org> <seudkc$nu3$1@dont-email.me> <87tujxxdn2.fsf@hope.eyrie.org>
Injection-Date: Wed, 11 Aug 2021 03:01:34 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="75cfcb4566a89f5789e599c83ead3646";
logging-data="8991"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19tuglFXb6y6ziCzGnXQbOZvBmmGGPuE3M="
Cancel-Lock: sha1:0bD20w6RKoNPWTW+Skk2p1mK31U=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Russ Allbery <eagle@eyrie.org> wrote:
"Adam H. Kerman" <ahk@chinet.com> writes:

Waitaminit.

I thought the whole point of this that you were no longer intending to
archive control messages that weren't from hierarchies with PGP signing.

No, this whole thread was only about the default control.ctl from INN and
ftp.isc.org and the ftp.isc.org newsgroup list.

ISC hosts the archive and I don't feel any particular need to clean it up.

There is no need to clean it up.

I am confused, though. I thought the archive was also fed by a subset of
INN processes that parse for control messages, and that a control
message is archived in the same process that the sample newsgroup and
active files are updated in.

People have spammed it with all sorts of crap.  I added some basic
anti-binary filtering to keep from dealing with stupid copyright nonsense,
and otherwise it doesn't take up much space and I don't realy care.
(Please no one do anything that makes me have to care.)

At some point I may go clean up the archived control messages for
literally syntactically invalid groups that would never be archived today
(there are archive files for nonsense like group names containing *), but
realistlcally I'm too busy with other things and probably won't get around
to it.

Eh. Leave the old nonsense in place.


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: Russ Allbery
Newsgroups: news.admin.hierarchies
Organization: The Eyrie
Date: Wed, 11 Aug 2021 04:05 UTC
References: 1 2 3 4 5
Path: i2pn2.org!i2pn.org!news.nntp4.net!news.gegeweb.eu!gegeweb.org!news.trigofacile.com!news.eyrie.org!.POSTED!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Tue, 10 Aug 2021 21:05:40 -0700
Organization: The Eyrie
Message-ID: <87o8a44odn.fsf@hope.eyrie.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <8735rhz1ps.fsf@hope.eyrie.org>
<seudkc$nu3$1@dont-email.me> <87tujxxdn2.fsf@hope.eyrie.org>
<seveid$8ov$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: hope.eyrie.org;
logging-data="4189"; mail-complaints-to="news@eyrie.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:EmmFrHEwqxoifFq6EgNhSZHBe0E=
View all headers
"Adam H. Kerman" <ahk@chinet.com> writes:

I am confused, though. I thought the archive was also fed by a subset of
INN processes that parse for control messages, and that a control
message is archived in the same process that the sample newsgroup and
active files are updated in.

The code is unrelated to INN, apart from INN providing an article feed and
the tinyleaf program that I use to process that feed.  Both things are
done by the same process, yes, but the archiving is done separately from
the checks about whether to honor the message and applies only more basic
sanity checks to throw away syntactically-invalid junk and figure out what
newsgroup would supposedly be affected by the message.

The code is all in https://github.com/rra/control-archive

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/


Subject: Re: Proposal: Stop honoring unsigned control messages
From: Adam H. Kerman
Newsgroups: news.admin.hierarchies
Organization: A noiseless patient Spider
Date: Wed, 11 Aug 2021 13:57 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: news.admin.hierarchies
Subject: Re: Proposal: Stop honoring unsigned control messages
Date: Wed, 11 Aug 2021 13:57:29 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <sf0l08$7gp$2@dont-email.me>
References: <878s2rxqqf.fsf@hope.eyrie.org> <87tujxxdn2.fsf@hope.eyrie.org> <seveid$8ov$1@dont-email.me> <87o8a44odn.fsf@hope.eyrie.org>
Injection-Date: Wed, 11 Aug 2021 13:57:29 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="75cfcb4566a89f5789e599c83ead3646";
logging-data="7705"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+AImYSr0vzqNF4DBRdgfCAZaAGLTZbMgc="
Cancel-Lock: sha1:K3y1LQBBZhiv+UZ3CoW8DmLh9kI=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
View all headers
Russ Allbery <eagle@eyrie.org> wrote:
"Adam H. Kerman" <ahk@chinet.com> writes:

I am confused, though. I thought the archive was also fed by a subset of
INN processes that parse for control messages, and that a control
message is archived in the same process that the sample newsgroup and
active files are updated in.

The code is unrelated to INN, apart from INN providing an article feed and
the tinyleaf program that I use to process that feed.  Both things are
done by the same process, yes, but the archiving is done separately from
the checks about whether to honor the message and applies only more basic
sanity checks to throw away syntactically-invalid junk and figure out what
newsgroup would supposedly be affected by the message.

The code is all in https://github.com/rra/control-archive

Ok, thanks.


Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
From: D. Stussy
Newsgroups: news.admin.hierarchies
Date: Tue, 17 Aug 2021 06:26 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.snarked.org!not-for-mail
From: spa...@spam.org (D. Stussy)
Newsgroups: news.admin.hierarchies
Subject: Re: Invalid from mailbox in control messages - was Re: Proposal: Stop honoring unsigned control messages (*)
Date: Mon, 16 Aug 2021 23:26:11 -0700
Lines: 2
Message-ID: <sffkq3$o8u$1@server.snarked.org>
References: <878s2rxqqf.fsf@hope.eyrie.org> <sctot0$445$1@server.snarked.org><87bl6rz4wk.fsf@hope.eyrie.org> <set5du$7eb$1@server.snarked.org> <8735rhz1ps.fsf@hope.eyrie.org>
Reply-To: "D. Stussy" <newsgroups+replies@kd6lvw.ampr.org>
Mime-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 17 Aug 2021 06:26:11 -0000 (UTC)
Injection-Info: server.snarked.org; posting-host="71-38-231-91.lsv2.qwest.net:71.38.231.91";
logging-data="24862"; mail-complaints-to="newsmaster+complaints@snarked.org"
X-Priority: 3
X-No-Archive: Yes
Importance: Normal
In-Reply-To: <8735rhz1ps.fsf@hope.eyrie.org>
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
View all headers
"Russ Allbery"  wrote in message news:8735rhz1ps.fsf@hope.eyrie.org...
"D. Stussy" <spam@spam.org> writes:
1) I did not limit my suggestion to just alt/free.*.  It applies to ALL
hierarchies where the mailbox field has a wildcard and the action is not
"drop."

It's irrelevant to anything other than alt.* and free.* because those are
the only ones that allow wildcard control messages, no?  I think there may
be a few other minor exceptions, but nothing that I've seen in any
significant numbers in many years.

2) It will eliminate many of the poorly formatted fake control messages
which do not use syntactically valid mailboxes.

What fake control messages are you seeing that aren't for alt.* and
free.*?

I examined the past control message archive.

What goes into control.ctl is irrelevant to the control message archive.

Out of about 85,000 groups, only about 35,000 have valid newgroup
messages.  The other 50,000 fell into three categories:  Bad newsgroup
names, bad from mailboxes, and omitting the "For your newsgroups file:"
line followed by the group description on the next line.

Did you look at the dates?  This is almost entirely stuff that was
archived 15 or 20 years ago.
=====
I am quite aware of that.  However, if it's been done before and not blocked now, it can be done again.
=====

If you're saying that I should go through the archive and delete old
invalid control messages from it, that's a whole different argument.  But
nothing about control.ctl has any influence on that.
=====
I did not suggest that.  I simply noted that the majority of what was archived is actually invalid.  Although not stated, I also noted that there are way many more groups that have no newgroup message at all (since the total count, including misspelled groups, is about 300,000).

What does it save:  It saves e-mailing the usenet site administrator
with bogus messages as the default action for newgroup, rmgroup, and
checkgroups is "mail."

How many of these do you get a week?  What actual impact would this have?
=====
Preventing a (malicious) flood of these is the point.  I did receive one e-mailed newgroup message for the "rtfm" hierarchy this month, a hierarchy not in the control.ctl file.  The greenend.* hierarchy checkgroups message was also emailed because there is something wrong with its signature.  I don't think that's in the control file either, but I have seen it before so it's in my control.ctl.local file.

--
Russ Allbery (eagle@eyrie.org)             https://www.eyrie.org/~eagle/




Pages:12
rocksolid light 0.7.2
clearneti2ptor