INN with SSL encryption

David Hláčik david at hlacik.eu
Sun Jun 22 12:14:06 UTC 2008


Please ignore this, it was just config error for our internal DNS server.

Regards,

D.

On Sat, Jun 21, 2008 at 10:28 PM, David Hláčik <david at hlacik.eu> wrote:

> Hello,
>
> i am using xinet.d to start nnrpd with SSL on port 563, each time client
> will connect i will get this message :
>
> Jun 21 22:26:01 sx1 nnrpd[31698]: localhost.localdomain times user 0.000
> system 0.004 idle 0.000 elapsed 0.016
> Jun 21 22:26:23 sx1 nnrpd[31764]: starttls: TLSv1 with cipher AES128-SHA
> (128/128 bits) no authentication
> Jun 21 22:26:24 sx1 nnrpd[31764]: ? reverse lookup for 213.194.242.198failed: reverse lookup validation failed -- using IP address for access
>
> 213.194.242.198 actually is my net interface IP address and host works
>
> [root at sx1 pdg-1.2]# host 213.194.242.198
> 198.242.194.213.in-addr.arpa domain name pointer gw.cz.polarion.com.
>
> So , why i am getting this message, and how can i solve it?
>
> Thanks!
>
> David
>
>
>
> On Wed, Jun 11, 2008 at 11:25 PM, Julien ÉLIE <julien at trigofacile.com>
> wrote:
>
>> Hi David,
>>
>>  speaking about SSL, how can turn on nnrpd with -S and -p 563 when using a
>>> distribution rpm (CentOS5.1) with /etc/init.d/innd script (which seems to
>>> calls rc.news script).
>>>
>>
>>   http://www.eyrie.org/~eagle/software/inn/docs/install.html#S14<http://www.eyrie.org/%7Eeagle/software/inn/docs/install.html#S14>
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> If you wish to use TLS/SSL for your readers, you need to start a second
>> nnrpd to
>> listen to these connections to NNTPS port 563 and put something like that
>> in your
>> init scripts:
>>
>>   su news -c '/usr/local/news/bin/nnrpd -D -c
>> /usr/local/news/etc/readers-ssl.conf -p 563 -S'
>>
>> where readers-ssl.conf is the file which indicates whether a given
>> connection
>> is allowed to read and post news (you can also use the previously created
>> readers.conf
>> file to handle TLS/SSL connections).  Note that a news client which
>> supports the STARTTLS
>> command can also use the conventional NNTP port 119 to initiate a TLS
>> connection.
>> However, such clients are not widespread yet.
>>
>> In the shutdown section of the init script, you can put:
>>
>>   start-stop-daemon --stop --name nnrpd --quiet --oknodo
>>
>> or if you do not have a start-stop-daemon utility:
>>
>>   su news -c 'killall nnrpd'
>>
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>>
>>
>>
>>  Is there a way to configure it through config files in /etc , or need to
>>> change something for nnrpd, i have check init.d scripts and they do not
>>> contain any mentioning about nnrpd.
>>>
>>
>> I think it answers your question.
>>
>> --
>> Julien ÉLIE
>>
>> « -- Ils transportent une arme secrète dans un tonneau !
>>  -- La cervoise tiède !!!
>>  -- Non, ça c'est une arme connue. » (Astérix)
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20080622/693cf713/attachment.html>


More information about the inn-workers mailing list