Hi,

There is a french newsmaster (jdd and the server is dodin.fr.nf ) which
have an open nntp server like aioe.

He is trying to filter abuse but it is and hard stuff so he may have
interest to install PostFilter.

Could you help him?

PostFilter is only used by aioe and paganini?

References of two French posts :
Message-ID: <tf9pd4$pao$[email protected]>
References: <tf4f7d$a71$[email protected]>

Best regards,

--
Stéphane

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 07/09/2022 à 11:57, yamo' a écrit :

Hi,

There is a french newsmaster (jdd and the server is dodin.fr.nf ) which
have an open nntp server like aioe.

yes, here I am :-)

He is trying to filter abuse but it is and hard stuff so he may have
interest to install PostFilter.

as I understand the doc, postfilter is the answer at many problems, but
my perl code reading knowledge is a bit short :-(

thanks for help
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: [email protected] (Paolo Amoroso)

On 07/09/2022 12:31, jdanield wrote:

Le 07/09/2022 à 11:57, yamo' a écrit :

[cut]

thanks for help
jdd

Hi jdd,

I'm the newsmaster of paganini. Paolo Amoroso (Aioe) helped me to setup initially the Postfilter.

Ask any question you have, I'm happy to help you.

Sincerely

Ivo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

jdanield a écrit le Wed, 07 Sep 2022 14:26:12 dans news.software.nntp :

essentially one people (:-) used my server to do cancels, but my server refuses cancels (I yet have to implement cancel-lock), and I had to add
some scripts to prevent propagating cancels to other servers. done.

but then the same people used forged identities to post as someone else.

I don't think it is the same person that did both, the fact is
that a totally open server attracts abusers, first you have only
one but then other bad people see abuses can be made through your
server.

With some help, I could make a cleanfeed filter to tie an identity and
an IP, but it's pretty tedious to maintain.

Legit users can change their IP, and abusers will only change one letter
to the mail or the name (for example an "l" can be changed to an "I" and
few people will see the difference. So it will take a very long time for
very few results.

I do this mostly for the pleasure of solving problems, but like a lot
usenet and try to promote it.

Giving a server to abusers is not the right way.
But good luck with postfilter :)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 07/09/2022 à 13:11, Ivo Gandolfo a écrit :

Hi jdd,

I'm the newsmaster of paganini. Paolo Amoroso (Aioe) helped me to setup initially the Postfilter.

Ask any question you have, I'm happy to help you.

thanks

my goal is to have a free usenet server for french language (only fr.*,
for the moment), that is with minimal barrier for newcomers (it's
dodin.fr.nf, running INN).

So I try to avoid authentication.

For the essential part it works pretty well. But, of course, some people
try to test server limits.

essentially one people (:-) used my server to do cancels, but my server
refuses cancels (I yet have to implement cancel-lock), and I had to add
some scripts to prevent propagating cancels to other servers. done.

but then the same people used forged identities to post as someone else.

With some help, I could make a cleanfeed filter to tie an identity and
an IP, but it's pretty tedious to maintain.

During all this I read ans reread the doc and found postfilter that may
be a much better answer. But I'm not that sure of what postfilter do and
I want to understand at least the basics of what I use. I also document
my work here:

http://www.dodin.org/wiki/pmwiki.php?n=Doc.ConfigurerINN-2021

(still doc in progress).

I do this mostly for the pleasure of solving problems, but like a lot
usenet and try to promote it.

so yes, any link to postfilter (or other similar product) documentation
is welcome. My perl knowledge is minimal :-(

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 07/09/2022 14:26, jdanield wrote:

so yes, any link to postfilter (or other similar product) documentation
is welcome. My perl knowledge is minimal :-(

thanks
jdd

https://news.aioe.org/software/postfilter/

https://github.com/Aioe/postfilter

man banlist.conf (https://github.com/Aioe/postfilter/blob/master/man/man5/banlist.conf.5)
That's all you need to configure them properly :)


The group aioe.news.helpdesk (if you don't have this peered on your
server you can use mine to use, or I giving u a peering), Paolo can
reply to all your question :) or write and email to them ([email protected])


Sincerely

Ivo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 07/09/2022 à 15:45, Ivo Gandolfo a écrit :

On 07/09/2022 14:26, jdanield wrote:

so yes, any link to postfilter (or other similar product) documentation
is welcome. My perl knowledge is minimal :-(

thanks
jdd

https://news.aioe.org/software/postfilter/

https://github.com/Aioe/postfilter

man banlist.conf (https://github.com/Aioe/postfilter/blob/master/man/man5/banlist.conf.5) That's all you need to configure them properly :)

ok, I save your post for later accurate reading :-)

The group aioe.news.helpdesk (if you don't have this peered on your
server you can use mine to use, or I giving u a peering), Paolo can
reply to all your question :) or write and email to them ([email protected])

I have an aioe account and subscribed to this group.

if you follow it, you know what the problems are on french groups :-(.
For the record, I'm a (one year old) member of the fr.* desk.

many thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

jdanield <[email protected]> wrote:

Le 07/09/2022 � 13:11, Ivo Gandolfo a �crit�:

Hi jdd,

I'm the newsmaster of paganini. Paolo Amoroso (Aioe) helped me to setup initially the Postfilter.

Ask any question you have, I'm happy to help you.

thanks

my goal is to have a free usenet server for french language (only fr.*,
for the moment), that is with minimal barrier for newcomers (it's dodin.fr.nf, running INN).

So I try to avoid authentication.

What's so hard about authentication?

The very people who want to use your server, most likely already have
umpteen accounts on all kinds of other - web and other - servers where
they need to authenticate, so what's so special about NetNews/Usenet?

Also realize that many people will filter posts from open servers,
because they entice to be abused and hence will be and are abused.

[...]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 07/09/2022 à 16:57, Frank Slootweg a écrit :

What's so hard about authentication?

there are too many of them... I just read today a post of somebody who
don't want to register yet another account.

I know I can do this and it's not so hard, but some other server don't
ask for it, and I can try.

Also realize that many people will filter posts from open servers,
because they entice to be abused and hence will be and are abused.

that's why I restrict this at the beginning to fr.* french groups I know
pretty well

right now, abuses are most probably only to test my server (messages
sent are mostly void, only the fact they are sent is abuse).

problem is probably that the mood on french speaking meta groups, is
very aggressive, small groups of people battling against other small
groups and it makes live there pretty hard, but usual groups can be very friendly and deserve reading

fact is I try, and document what I do (http://www.dodin.org/wiki/pmwiki.php?n=Doc.ConfigurerINN-2021). If I
reach the goal, so good. If I can't, I will ask for authentication...

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Il 07/09/22 11:57, yamo' ha scritto:

Could you help him?

If you want to set up a news server that doesn't require user
authentication, you need to use postfilter. If you don't, your server
will quickly be flooded with abuse.
Postfilter is a complicated and quite old-fashioned script that requires
some work to be properly configured but then it works fine and prevents
a lot of abuse. Obviously, administering a public news server takes some
time every day to handle complaints but overall it's a simple and
undemanding job. Aioe.org has been working in this way for twenty years
without any particular problems.

Inside the package there is a lot of documentation, the first step is to
study what is there. To begin with, you can read the contents of these directories:

https://github.com/Aioe/postfilter/tree/master/man https://github.com/Aioe/postfilter/tree/master/doc


PostFilter should be installed through an installation script included
in the package (postfilter-installer); the defaults inside the
configuration files are fine to start with. Please, do not use MYSQL
support before some beta testing because that code is unused since 20 years.

if you need any other help, feel free to ask and I will gladly help you.
In any case, a new version of postfilter will be released in the next
few days.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Aioe a écrit le Thu, 08 Sep 2022 15:32:14 dans news.software.nntp :

Aioe.org has been running without authentication for about 22 years and
has never caused major abuse problems.

Well, I don't agree with that, in the beginning there has been flood
and various abuses, it's been better for a few years but I wouldn't
advise somebody to do the same thing, especially someone who doesn't
want to spend too much time on his server.

Authentication has two problems: it must be managed and it requires the retention of personal data.

A login and a password don't have to be directly connected to a person.
You need a mail adress most of the time but even this is not mandatory.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Il 07/09/22 16:57, Frank Slootweg ha scritto:

What's so hard about authentication?

Aioe.org has been running without authentication for about 22 years and
has never caused major abuse problems.
Authentication has two problems: it must be managed and it requires the retention of personal data.
A system without authentication is much easier to manage because the administrative part consists only in keeping the part of the logs that indicates who posted each message. You have no other obligations.
When creating an authentication-protected system, you must allow users
to register in a way that makes hard to create fake identities. Nowadays
this takes time, a lot of system resources and in any case it doesn't
guarantee you won't have problems. Doing without authentication means
you don't have to worry about CAPTCHAs, users who use 1234 as passwords,
people asking you what 'username' means.
In recent years, managing users' personal data has become complicated
for small projects. Since name, surname, email and date of birth are
considered personal data, if you collect this data to identify your
users when they register then the processing of this data requires
cautions. You have to keep this data safe and this is expensive; you
have to equip yourself with procedures to manage this data and this is complicated and requires writing several documents; you must have
systems that allow you to identify who is accessing the data and which
data is being read. If you don't do these things you risk a hefty fine.
Then you have to manage the crazy guys: if someone writes you an email
and asks you what personal data you have on file, you have to answer
quickly and correctly even if he registered three years ago and logged
in twice in total. If someone asks you to delete his personal data you
must obey and you must also delete them from the backups. For long-lived servers this can become a serious problem. If you give up
authentication, you solve all these problems at once: you simply do not collect, process and store personal data of users.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 08/09/2022 à 14:40, Aioe a écrit :

PostFilter should be installed through an installation script included
in the package (postfilter-installer); the defaults inside the
configuration files are fine to start with. Please, do not use MYSQL
support before some beta testing because that code is unused since 20 years.

if I can avoid mysql, the better

if you need any other help, feel free to ask and I will gladly help you.
In any case, a new version of postfilter will be released in the next
few days.

ok, thanks

some doc to read, good :-)

jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Aioe <[email protected]> wrote:

Il 07/09/22 16:57, Frank Slootweg ha scritto:

What's so hard about authentication?

Aioe.org has been running without authentication for about 22 years and
has never caused major abuse problems.

I and many, many others beg to differ. See also Eric M's response and
my comment which you snipped.


Also realize that many people will filter posts from open servers,
because they entice to be abused and hence will be and are abused.
</me>

Aioe.org has been a major source of abuse, many times, with often
several groups being shut down several times or/and for extended
periods.

Authentication has two problems: it must be managed and it requires the retention of personal data.

As Eric explains, you don't have to store/manage any *personal* data,
just authentication/'account' data. (Google might think my name is Santa
Claus, but I can guarantee you it's not.)

Also I don't think the GDPR requirements for a personal/private/
<whatever> server are as strict as you paint. Otherwise all these small/one-'man' businesses could not exist/survive.

But we've had this non-discussion many, many times. You won't change
and neither will reality/the_abuse.

My post was just a question and a warning to jdanield, that's all.

[Mostly non-arguments deleted.]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 8 Sep 2022 15:32:14 +0200, Aioe wrote:

Il 07/09/22 16:57, Frank Slootweg ha scritto:

What's so hard about authentication?

Aioe.org has been running without authentication for about 22 years and
has never caused major abuse problems.
Authentication has two problems: it must be managed and it requires the retention of personal data.
A system without authentication is much easier to manage because the administrative part consists only in keeping the part of the logs that indicates who posted each message. You have no other obligations.
When creating an authentication-protected system, you must allow users
to register in a way that makes hard to create fake identities. Nowadays
this takes time, a lot of system resources and in any case it doesn't guarantee you won't have problems. Doing without authentication means
you don't have to worry about CAPTCHAs, users who use 1234 as passwords, people asking you what 'username' means.
In recent years, managing users' personal data has become complicated
for small projects. Since name, surname, email and date of birth are considered personal data, if you collect this data to identify your
users when they register then the processing of this data requires
cautions. You have to keep this data safe and this is expensive; you
have to equip yourself with procedures to manage this data and this is complicated and requires writing several documents; you must have
systems that allow you to identify who is accessing the data and which
data is being read. If you don't do these things you risk a hefty fine.
Then you have to manage the crazy guys: if someone writes you an email
and asks you what personal data you have on file, you have to answer
quickly and correctly even if he registered three years ago and logged
in twice in total. If someone asks you to delete his personal data you
must obey and you must also delete them from the backups. For long-lived servers this can become a serious problem. If you give up
authentication, you solve all these problems at once: you simply do not collect, process and store personal data of users.

Its why I don.t try to setup auth for that problem.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 07/09/2022 à 15:45, Ivo Gandolfo a écrit :

On 07/09/2022 14:26, jdanield wrote:

so yes, any link to postfilter (or other similar product) documentation
is welcome. My perl knowledge is minimal :-(

thanks
jdd

https://news.aioe.org/software/postfilter/

https://github.com/Aioe/postfilter

hello :-)

I have a question. Is postfilter compatible with cancel-lock?

I ask because postfilter install replaces the filter_nnrpd.pl file (keep
a backup).

in it I had cancel-lock config

Is it possible to have the two config in the same file? I see there is a
common sub filter_post(), with different content!

as a conservative measure, I restored the original filter_nnpd.pl (the postfilter one is jut a link) and didn't restart the server

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/09/2022 12:16, jdd wrote:

I have a question. Is postfilter compatible with cancel-lock?

jdd

See the version I have send you via email. I have send same version to
Paolo (Aioe) and he told me release him soon in github.

My modification redeem the postfilter RFC8315-compliant (see custom.pl file)

Happy setup :)

--
Ivo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 14/09/2022 à 21:36, Ivo Gandolfo a écrit :

On 14/09/2022 12:16, jdd wrote:

I have a question. Is postfilter compatible with cancel-lock?

jdd

See the version I have send you via email. I have send same version to
Paolo (Aioe) and he told me release him soon in github.

My modification redeem the postfilter RFC8315-compliant (see custom.pl file)

Happy setup :)

done, thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 14/09/2022 à 21:36, Ivo Gandolfo a écrit :

Happy setup :)

hello,

In postfilter.conf, there is an option to forbid cancels and supersedes.
Is this compatible with cancel-lock? that is if this option is active,
will cancel-key still working (expected way)?

thanks
jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 18/09/2022 à 12:26, jdd a écrit :

Le 14/09/2022 à 21:36, Ivo Gandolfo a écrit :

Happy setup :)

hello,

In postfilter.conf, there is an option to forbid cancels and supersedes.
Is this compatible with cancel-lock? that is if this option is active,
will cancel-key still working (expected way)?

the answer is probably no accepting cancels allows cancel-lock to work
(cancels are possible for the owner). Even with inn -C.

jdd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)