NNTPS via port 563

avon at bbs.geek.nz avon at bbs.geek.nz
Sat Aug 15 10:41:51 UTC 2015

Hi all,


I'm trying to configure this to work on my server but hitting a few snags.

I followed the instructions for TSL support in the nnrpd docs and have
created a self-signed certificate, set the permissions for it correctly,
updated inn.conf with the correct paths to tlscapath, tlscertfile and

I then installed inetd on my debian system and configured it to run 'nntps
stream tcp nowait news <pathbin>/nnrpd nnrpd -S' and confirmed nntps is
stated in etc/services


Now, I have been trying to test localhost connections to port 563 using
Mozilla Thunderbird. I firstly confirmed it was running and open using nmap
of the localhost and it shows port 563 open snews tcp

I then connected using Thunderbird and can see the message 


Timestamp: 15/08/2015 10:16:37 p.m.

Error: xxx.xxx.xxx.xxx:563 uses an invalid security certificate. (I have
removed the local IP)


The certificate does not come from a trusted source.

The certificate is only valid for news.bbs.geek.nz


(Error code: mozilla_pkix_error_ca_cert_used_as_end_entity)


I can also see in syslog news nnrpd say 'startttls TLSv1.2 with cipher XXXXX
(removed the numbers) (256/256 bits) no authentication

Then it look like my client is connecting on port 119

Followed by  a correct match in readers.conf for the secure auth group and
access group


Does anyone have any ideas how to progress this?


I figured I needed to set up port 563 first before I sorted out some kind of
authentication via user name / password for user logins (does anyone use
username/password auth over plain port 119 thesedays?)


Best, Paul.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20150815/e1d24d4b/attachment.html>

More information about the inn-workers mailing list