Audit of INN against draft-ietf-nntpext-base-13.txt complete

Russ Allbery rra at
Sun Jul 8 13:08:05 UTC 2001

[ Note that this message is addressed to inn-workers and ietf-nntp, both
  of which restrict posting to members only, and which cover divergent
  topics.  When replying to this message, please seriously consider
  replying only on the mailing list where you read it unless your reply is
  on-topic for both mailing lists and you're already on both lists. ]

I've finished an audit of INN against draft-ietf-nntpext-base-13.txt, the
current draft of the new NNTP standard.  Due to the nature of this sort of
work, I'm sure that I've missed a few things, but I tried to be fairly
comprehensive.  The results of this audit are available both from my web
site at:


and has also been added to INN as ~/doc/compliance-nntp.  The latter
document will be modified over time to remove issues that have been fixed
in the current source base.

Many of the identified issues are minor; some in fact took longer to
document than they would have to fix.  I haven't fixed any yet, however,
and took the route of pure documentation because I think the full list of
issues will be of interest to the NNTP working group as a reasonable check
of how compliant one of the more widely-deployed servers is.

This audit was only done against the CURRENT tree, but as one can see from
the Versions header in each identified issue, most of these issues are
very long-standing (the majority date from INN 1.0).  Each issue has a
note about impact and a suggested fix.

Here are the one-line summaries of the issues I found:

  Summary: innd doesn't require whitespace between commands and arguments
  Summary: INN doesn't check argument length
  Summary: Initial activity timer is shorter than three minutes
  Summary: Inactivity timer configuration isn't checked
  Summary: nnrpd sends a final message on inactivity timeout
  Summary: Reply codes other than x9x used for private extensions
  Summary: innd may return 480 instead of 500 for unrecognized commands
  Summary: INN rejects invalid LIST and MODE commands with 500, not 501
  Summary: innd rejects reader commands with 500, not 502
  Summary: innd always sends 200 for an accepted connection
  Summary: innd sends 504 or 505 on connection failures sometimes
  Summary: innd doesn't support LIST EXTENSIONS
  Summary: Xref slaving causes problems with article numbers
  Summary: nnrpd can respond with 423 to a NEXT or LAST command
  Summary: nnrpd improperly handles zero-argument ARTICLE w/missing articles
  Summary: nnrpd fails on articles without Message-ID headers
  Summary: innd's response to HEAD isn't correct
  Summary: innd's response to STAT isn't correct
  Summary: nnrpd rejects articles with lines over 998 octets
  Summary: nnrpd responds with 480 to IHAVE
  Summary: nnrpd doesn't handle zero-argument LISTGROUP
  Summary: nnrpd doesn't return 420 errors when there is no overview info
  Summary: innd doesn't generate overview correctly for non-printing chars
  Summary: HDR can return message IDs rather than article numbers
  Summary: NEWGROUPS and NEWNEWS support the UTC keyword
  Summary: NEWGROUPS supports the obsolete distribution argument
  Summary: NEWNEWS supports the obsolete distribution argument
  Summary: innd improperly caches DNS returns

The full text is available from the locations mentioned above.

Russ Allbery (rra at             <>

More information about the inn-workers mailing list