Audit of INN against draft-ietf-nntpext-base-13.txt complete
inn-workers at cis.fu-berlin.de
Mon Jul 9 10:49:06 UTC 2001
Russ Allbery <rra at stanford.edu> writes:
> Alex Kiernan <alexk at demon.net> writes:
>> This is an interesting one... I actually need nnrpd to accept IHAVE (an
>> historical artifact from way back when, when Demon customers really did
>> peer with the news server)
> Heh! I didn't think anyone would need that.
That's wrong. Some months ago I implemented IHAVE into our nnrpd due to
strong demand by our users. We (=News.CIS.DFN.DE) have about 95,000 users
with a large variety of reading agents.
One reading agent getting more popular in the recent past is Microsoft
Exchange 2000 which requires IHAVE for a "Peer" type of connection which
is the only one acceptable as "Master" and "Slave" are not. "Peer" is in
Microsoft speech a sucking server but it uses IHAVE and not POST to send
articles back. This is a change to Exchange 5.5 which uses POST and works
well with nnrpd; Exchange 2000 can't be used in combination with nnrpd.
I implemented IHAVE into our nnrpd in a special way to handle our needs:
- it checks for duplicates first (difference to POST which does not know
- it checks for correct headers like POST in nnrpd (difference to IHAVE
implementation in innd)
- If X-Trace, NNTP-Posting-Host etc. headers exists, they are renamed
to Orig-X-Trace, Orig-NNTP-Posting-Host etc. (special)
- X-Trace, NNTP-Posting-Host etc. are handled like POST in nnrpd, which
means the server generates them.
Statistics for News.CIS.DFN.DE for yesterday:
17201 successful POST commands
217 POST commands trying to inject an article which is a DUPLICATE
90 successful IHAVE commands
5635 IHAVE commands trying to inject an article which is a DUPLICATE
So, most articles send this way are duplicates but some are not. I can see
82 of our 95,000 accounts using IHAVE.
We inserted a warning in our documentation of client software that we use a
modified version of INN on our end. This documentation exists only in German
at this time as we have some delay in translating all our documents:
I can't decide if nnrpd really needs an implementation of IHAVE. I have
done it for our server and it fits our needs which may be very special. For
a release to the public it might be more difficult to implement IHAVE in
nnrpd as regeneration of X-Trace and NNTP-Posting-Host is not the normal
behavior for IHAVE and leaving these headers untouched is not acceptable for
an injecting agent because of abuse handling. But everyone should aware
that without IHAVE nnrpd will not work together with Microsoft Exchange 2000
which can be seen as a problem or a feature depending of the point of view.
Heiko Schlichting | Freie Universität Berlin
heiko at FU-Berlin.DE | Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Telefon +49 30 838-54327 | Fabeckstraße 32
Telefax +49 30 838-56721 | 14195 Berlin
More information about the inn-workers