Why is log file showing starttls when connecting via port 563
ahl456 at gmail.com
ahl456 at gmail.com
Sat Feb 27 15:10:27 UTC 2021
We are running inn2 2.6.3 on Debian buster. We have configured our
server to listen on port 563 using xinetd.
While everything appears to work, when I connect using Thunderbird over
port 563 and authenticate using username and password, I see these
messages in the file /var/log/news/news.notice:
Feb 27 06:57:53 usenet-dev nnrpd[13246]: dnab42128a.example.edu group
leland.alerts.certificates 77
Feb 27 06:57:53 usenet-dev nnrpd[13246]: dnab42128a.example.edu exit
articles 177 groups 3
Feb 27 06:57:53 usenet-dev nnrpd[13246]: dnab42128a.example.edu times
user 0.053 system 0.033 idle 0.115 elapsed 1394.103
Feb 27 06:57:53 usenet-dev nnrpd[13246]: dnab42128a.example.edu artstats
get 177 time 0 size 622115
Feb 27 06:57:53 usenet-dev nnrpd[13246]: dnab42128a.example.edu
overstats count 1 hit 355 miss 4 time 0 size 95566 dbz 0 seek 0 get\
0 artcheck 3
Feb 27 06:57:53 usenet-dev nnrpd[13262]: dnab42128a.example.edu group
leland.alerts.certificates 178
Feb 27 06:57:53 usenet-dev nnrpd[13262]: dnab42128a.example.edu exit
articles 178 groups 1
Feb 27 06:57:53 usenet-dev nnrpd[13262]: dnab42128a.example.edu times
user 0.026 system 0.026 idle 0.074 elapsed 1321.088
Feb 27 06:57:53 usenet-dev nnrpd[13262]: dnab42128a.example.edu artstats
get 178 time 0 size 627953
Feb 27 06:57:53 usenet-dev nnrpd[13262]: dnab42128a.example.edu time
1321089 readart 287(178) nntpwrite 14(728)
Feb 27 06:57:53 usenet-dev nnrpd[13246]: dnab42128a.example.edu time
1394108 readart 272(177) nntpwrite 52(10013)
** Feb 27 06:58:13 usenet-dev nnrpd[13829]: starttls: TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) no authentication
** Feb 27 06:58:13 usenet-dev nnrpd[13829]: dnab42128a.example.edu
(191.66.18.138) connect - port 119
Feb 27 06:58:23 usenet-dev nnrpd[13829]: dnab42128a.example.edu user
adamhl at example.edu
Feb 27 06:58:23 usenet-dev nnrpd[13829]: tradindexed: index inode
mismatch for leland.alerts.certificates
1. Why is starttls happening? I thought that using port 563 gave you a
direct TLS connection.
2. Why is port 119 listed? I am connecting via port 563 not 119. Using
tcpdump I am not seeing any traffic on port 119.
3. There are several log lines listing group access _before_ the
starttls line. Does that mean that there is unencrypted traffic at the
beginning?
---
Here is our xinetd configuration file for nntps:
service nntps
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = news
group = ssl-cert
groups = yes
server = /usr/lib/news/bin/nnrpd
server_args = -c /etc/news/readers-ssl.conf -S
instances = UNLIMITED
}
---
A. Lewenberg
More information about the inn-workers
mailing list