INN with SSL encryption

David Hláčik david at hlacik.eu
Sat Jun 21 20:28:22 UTC 2008


Hello,

i am using xinet.d to start nnrpd with SSL on port 563, each time client
will connect i will get this message :

Jun 21 22:26:01 sx1 nnrpd[31698]: localhost.localdomain times user 0.000
system 0.004 idle 0.000 elapsed 0.016
Jun 21 22:26:23 sx1 nnrpd[31764]: starttls: TLSv1 with cipher AES128-SHA
(128/128 bits) no authentication
Jun 21 22:26:24 sx1 nnrpd[31764]: ? reverse lookup for
213.194.242.198failed: reverse lookup validation failed -- using IP
address for access

213.194.242.198 actually is my net interface IP address and host works

[root at sx1 pdg-1.2]# host 213.194.242.198
198.242.194.213.in-addr.arpa domain name pointer gw.cz.polarion.com.

So , why i am getting this message, and how can i solve it?

Thanks!

David


On Wed, Jun 11, 2008 at 11:25 PM, Julien ÉLIE <julien at trigofacile.com>
wrote:

> Hi David,
>
>  speaking about SSL, how can turn on nnrpd with -S and -p 563 when using a
>> distribution rpm (CentOS5.1) with /etc/init.d/innd script (which seems to
>> calls rc.news script).
>>
>
>   http://www.eyrie.org/~eagle/software/inn/docs/install.html#S14<http://www.eyrie.org/%7Eeagle/software/inn/docs/install.html#S14>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> If you wish to use TLS/SSL for your readers, you need to start a second
> nnrpd to
> listen to these connections to NNTPS port 563 and put something like that
> in your
> init scripts:
>
>   su news -c '/usr/local/news/bin/nnrpd -D -c
> /usr/local/news/etc/readers-ssl.conf -p 563 -S'
>
> where readers-ssl.conf is the file which indicates whether a given
> connection
> is allowed to read and post news (you can also use the previously created
> readers.conf
> file to handle TLS/SSL connections).  Note that a news client which
> supports the STARTTLS
> command can also use the conventional NNTP port 119 to initiate a TLS
> connection.
> However, such clients are not widespread yet.
>
> In the shutdown section of the init script, you can put:
>
>   start-stop-daemon --stop --name nnrpd --quiet --oknodo
>
> or if you do not have a start-stop-daemon utility:
>
>   su news -c 'killall nnrpd'
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>
>
>  Is there a way to configure it through config files in /etc , or need to
>> change something for nnrpd, i have check init.d scripts and they do not
>> contain any mentioning about nnrpd.
>>
>
> I think it answers your question.
>
> --
> Julien ÉLIE
>
> « -- Ils transportent une arme secrète dans un tonneau !
>  -- La cervoise tiède !!!
>  -- Non, ça c'est une arme connue. » (Astérix)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20080621/a6724710/attachment.html>


More information about the inn-workers mailing list