1INND(8) InterNetNews Documentation INND(8)
2
6 innd - InterNetNews daemon
7
9 innd [-aCdfNrsu] [-4 address] [-6 address] [-c days] [-H count] [-i
10 count] [-l size] [-m mode] [-n flag] [-o count] [-P port] [-t timeout]
11 [-T count] [-X seconds]
12
14 innd, the InterNetNews daemon, handles all incoming NNTP feeds,
15 coordinates the storage, retransmission, and overview generation for
16 all accepted articles, and manages the active(5) and history(5)
17 databases. It handles incoming connections on the NNTP port, and also
18 creates and listens to a local Unix-domain stream socket in order to
19 receive articles from local processes such as nnrpd(8) and rnews(1).
20 As the master daemon, innd should generally be started at boot and be
22 always running. It listens to a Unix-domain datagram socket for
23 commands to control its activities, commands that can be sent using
24 ctlinnd(8). The current status of innd can be obtained by running
25 "ctlinnd mode", or for more detailed output, innstat(8).
26 innd can be in one of three operating modes: running, paused, or
28 throttled. Running is the normal mode; when the server is throttled,
29 it closes connections and rejects new ones. Paused is like a temporary
30 throttle, suspending innd's activities but not causing the server to
31 shut down existing connections. The mode is normally changed via
32 ctlinnd(8), either by various automated processes (such as nightly
33 article expiration) or manually by the news administrator, but innd
34 will also throttle itself if it encounters ENOSPC errors in writing
35 data or an excessive number of I/O errors (among other problems).
36 innd normally takes care of spawning nnrpd(8) to handle connections
38 from news reading clients, but it can be run on a separate port from
39 nnrpd(8) so that feed connections and news reading connections are
40 handled separately (this can often be faster). Normally, innd listens
41 on port 119, the assigned port for NNTP; if it is desirable to run innd
42 and nnrpd(8) on separate ports, it's recommended that nnrpd(8) be given
43 port 119 (since many news reading clients connect only to that port)
44 and that port 433 be used for innd.
45 The primary configuration files that control innd's activities are
47 incoming.conf, which specifies what remote sites innd will accept
48 connections from, newsfeeds, which specifies what is to be done with
49 incoming articles besides storing them, and inn.conf, which sets a wide
50 variety of configuration parameters. Some parameters in inn.conf(5)
51 can also be set with command-line flags; for these, the command-line
52 flags take precedence if used.
53 innd must be run as the news user and news group. It will check for
55 this at startup and fail to start if not run properly. Normally it
56 should be started via rc.news(8) as part of the system boot up process.
57 It relies on the setuid root helper program innbind(8) to listen on a
58 privileged port (119, 433 or 563).
59
61 For the options below that override inn.conf settings, see inn.conf(5)
62 for the default values if neither the inn.conf setting nor the command-
63 line option is given.
64 -4 address
66 Normally, innd binds to all local IP addresses (unless bindaddress
67 is set in inn.conf). If this option is given, it specifies the IP
68 address that INN should bind as. This is only relevant for servers
69 with multiple local IP addresses. The IP address must be in
70 dotted-quad ("nnn.nnn.nnn.nnn") format.
71 If this option is specified, it's the same as setting bindaddress
73 in inn.conf and may cause changes in whether INN binds to an IPv6
74 address as well. See inn.conf(5) for more details and also the -6
75 flag for innd.
76 -6 address
78 Only applies when INN has been built with IPv6 support. Normally
79 innd binds to all local IP addresses (unless bindaddress6 is set in
80 inn.conf). If this option is given, it specifies the IPv6 address
81 that INN should bind to. The IPv6 address must be in colon-
82 separated RFC 4291 format ("n:n:n:n:n:n:n:n").
83 If this option is specified, it's the same as setting bindaddress6
85 in inn.conf and may cause changes in whether INN binds to an IPv4
86 address as well. See inn.conf(5) for more details and also the -4
87 flag for innd.
88 -a By default, if a host connects to innd but is not listed in
90 incoming.conf, the connection is handed off to nnrpd (or rejected
91 if noreader is set in inn.conf). If -a is given, incoming.conf is
92 ignored and any host can connect and transfer articles. This flag
93 should never be used with an accessible server connected to Usenet;
94 it would open the server up for all sorts of abuse.
95 -c days
97 innd normally rejects any article that is older (in days) than the
98 value of artcutoff in inn.conf. This option, if given, overrides
99 the value of that setting. If days is 0, this check is suppressed
100 and innd will accept articles regardless of how old they are.
101 -C This flag tells innd to accept and propagate but not actually
103 process cancel or supersedes messages. This is intended for sites
104 concerned about abuse of cancels, or that wish to use another
105 cancel mechanism with stronger authentication.
106 -d, -f
108 innd normally puts itself into the background, points its standard
109 output and error to log files, and disassociates itself from the
110 terminal. Using -d prevents all of this, resulting in log messages
111 being written to standard output; this is generally useful only for
112 debugging. Using -f prevents the backgrounding and disassociation
113 but still redirects output; it may be useful if you want to monitor
114 innd with a program that would be confused by forks.
115 -H count, -T count, -X seconds
117 These flags control the number of connections per seconds seconds
118 that are allowed. This code is meant to protect your server from
119 newsreader clients that make too many connections per minute (and
120 therefore these flags are probably only useful when innd is
121 spawning nnrpd). You probably should not use these options unless
122 you're having problems. The table used for this check is fixed at
123 128 entries and is used as a ring; the size was chosen to make
124 calculating the index easy and to be fairly sure that it won't run
125 out of space. In practice, it is unlikely that even half the table
126 will be used at any given moment.
127 The -H flag limits the number of times a host is allowed to connect
129 to the server per the time interval given by -X. The default is 2.
130 The -T flag limits the total number of incoming connections per the
132 time interval given by -X. The maximum value is 128, and the
133 default is 60.
134 Note that the time interval given by -X is set to 0 by default,
136 that is to say no control is done on the number of connections.
137 -i count
139 innd normally allows a maximum number of concurrent NNTP
140 connections given by the value of maxconnections in inn.conf. This
141 option, if given, overrides the value of that setting. If count is
142 0, this check is suppressed.
143 -l size
145 innd normally rejects any article larger than the value of
146 maxartsize in inn.conf. This option, if given, overrides the value
147 of that setting and specifies a maximum article size of size. If
148 size is 0, this check is suppressed.
149 -m mode
151 Normally, innd starts in the "running" mode. If this option is
152 given, it specifies what mode innd should start in. mode should
153 begin with one of "g", "p", or "t", and the starting mode will be
154 set to "running", "paused", or "throttled", respectively, based on
155 that initial letter. ("g" is short for "go".)
156 -N If this option is given, any filters (Perl or Python) are disabled
158 before innd starts (normally, filters default to being enabled).
159 The filters can be enabled after innd has started with ctlinnd(8).
160 -n flag
162 Whether innd allows (and hands off to nnrpd) reader connections
163 while paused or throttled is normally determined by the value of
164 readerswhenstopped in inn.conf. This option, if given, overrides
165 that value. If flag is "n", innd will not allow readers if it is
166 paused or throttled. If flag is "y", readers will be allowed
167 regardless of innd's operating mode.
168 -o count
170 This flag limits the number of file descriptors that are available
171 for outgoing file feeds. The default is the number of available
172 file descriptors minus some reserved for internal use (which could
173 potentially starve innd of descriptors to use for accepting new
174 connections). If innd has more file feeds than count, some of them
175 will be buffered and only written out periodically.
176 Normally you never need to use this option, since the number of
178 outgoing feeds is fixed, being the number of file feeds configured
179 in newsfeeds, and is generally small (particularly given that
180 innfeed(8) is now used for most outgoing feeds at large sites).
181 -P port
183 The port innd should listen on is normally given by the value of
184 port in inn.conf. This option, if given, overrides that value and
185 specifies the port that innd should bind to.
186 -r Instructs innd to renumber the active file after starting, just as
188 if a "ctlinnd renumber" command were sent.
189 -s Just check the syntax of the newsfeeds file and exit. innd will
191 exit with a non-zero status if any errors are found; the actual
192 errors will be reported via syslog(3).
193 -t seconds
195 Normally, innd will flush any changes to history and the active
196 file after 300 seconds of inactivity. This option changes that
197 timeout to seconds.
198 -u The news log (the trace information for every article accepted by
200 innd) is normally buffered. This option changes the log to be
201 unbuffered.
202
204 Arriving articles that have a Control: header are called "control
205 messages". Except for cancel messages, these messages are handled by
206 controlchan(8) via a feed set up in newsfeeds.
207 (Cancel messages update the history database, so they must be handled
209 internally; the cost of syncing, locking, then unlocking would be too
210 high given the number of cancel messages that are received. Note that
211 if an article is cancelled before it is received by the news server, it
212 will be rejected when it arrives since the history database has been
213 updated; it is useful for rejecting spam before it arrives.)
214 The distribution of control messages is different than that of standard
216 articles. Control messages are normally filed into the pseudo-
217 newsgroup named "control" regardless of which newsgroup they were
218 actually posted to. If, however, a "control."command newsgroup exists
219 that matches the control command, the control message will be filed
220 into that group instead. For example, a newgroup control message will
221 be filed in "control.newgroup" if that group exists; otherwise, it will
222 be filed in "control".
223 If you want to specifically feed all control messages to a given site
225 regardless of whether the control messages would affect the newsgroups
226 you're feeding that site, you can put the appropriate control newsgroup
227 in the subscription list. For example, to feed all cancel messages to
228 a given remote site (normally a bad idea), add "control.cancel" to its
229 subscription list. Normally it's best to exclude the control
230 newsgroups from feeds to keep from sending your peers more control
231 messages than they care about. That's why the newsfeeds pattern
232 "!control,!control.*" is as often as not specified (adding this
233 pattern do not prevent control messages which affect the newsgroups fed
234 to a site from being sent to it).
235 checkgroups, newgroup and rmgroup control messages receive additional
237 special treatment. If one of these control messages is approved and
238 posted to the newsgroup being created or removed (or to the admin group
239 to which the checkgroups is posted), the message will be sent to all
240 sites whose subscription patterns would cause them to receive articles
241 posted to that group. For example, if a newgroup control message for a
242 nonexistent newsgroup "news.admin.meow" is received, it will be sent to
243 any site whose subscription pattern would cause it to receive
244 "news.admin.meow" if that newsgroup existed (such as a pattern of
245 "news.admin.*"). For this reason, it is correct to post newgroup
246 messages to the newsgroup that the control message would create. It is
247 not generally correct to crosspost newgroup messages to some "well-
248 propagated" newsgroup; not only will this not actually improve their
249 propagation to sites that want such control messages, but it will also
250 cause sites that do not want those control messages to receive them.
251 Therefore, assuming that a newgroup control message is sent to the
252 group "news.admin.meow" (specified in the Newsgroups: header) in order
253 to create the group "news.admin.meow", the sites with the following
254 subscription patterns will receive it:
255 *,@news.*
257 news.*
258 news.*,!control,!control.*
259 control,control.*
260 but the sites with the following subscription patterns will not receive
262 it:
263 *,@news.*,!control,!control.*
265 comp.*,@news.*
266 If a control message is posted to a group whose name ends with the four
268 characters ".ctl", this suffix is stripped off and the control message
269 is propagated as if it were posted to the base group. For example, a
270 cancel message posted to "news.admin.ctl" will be sent to all sites
271 that subscribe to "control.cancel" (or "control" if that newsgroup
272 doesn't exist) or "news.admin". This behavior is present for
273 historical compatibility reasons and should be considered obsolete;
274 support for the ".ctl" suffix may be removed in a future version of
275 INN.
276 Finally, articles posted to newsgroups beginning with "to." are treated
278 specially. Provided that either that newsgroup exists in the active
279 file or mergetogroups is set in inn.conf, the remainder of the
280 newsgroup is taken to be a site name, as configured in newsfeeds, and
281 the article is sent to that site. If mergetogroups is set, the article
282 will be filed in the group named "to" (which must exist in the active
283 file). For example, with mergetogroups set, an article posted to
284 "to.uunet" will be filed in "to" and sent to the site "uunet".
285
287 innd implements the NNTP commands defined in RFC 3977 (NNTP), RFC 4643
288 (NNTP authentication) and RFC 4644 (streaming) with the following
289 differences:
290 1. A batch transfer command, XBATCH byte-count, is provided. This
292 command will read byte-count bytes and store them for later
293 processing by rnews(1) (which must be run separately, probably from
294 cron). See innxbatch(8) and sendxbatches for more details on this
295 extension.
296 2. As INN is a mode-switching news server, innd implements a limited
298 subset of the protocol useful for transferring news. The remaining
299 commands are mostly only useful for readers and are implemented by
300 nnrpd(8). Use of the MODE READER command will cause innd to pass
301 the connection to nnrpd.
302 3. innd allows a wider syntax for wildmats.
304 4. Three commands (IHAVE, CHECK and TAKETHIS) will continue, for
306 interoperability reasons, to return a reject code (respectively
307 435, 438 and 439) when the command contains a syntax error (which
308 normally leads to 501).
309
311 innd modifies as few article headers as possible, although it could be
312 better in this area.
313 Empty headers and headers that consist of nothing but whitespace are
315 dropped.
316 The local site's name (as set with the pathhost parameter in inn.conf)
318 and an exclamation point are prepended to the Path: header, provided
319 the first site name in the Path: header is different from the local
320 one. In addition, pathalias and pathcluster may be similarly
321 respectively prepended and appended to the Path: header; see
322 inn.conf(5) for the details.
323 The Xref: header is removed and a new one created.
325 innd does not rewrite incorrect headers. For example, it will not
327 replace an incorrect Lines: header, though it may reject such an
328 article depending on the value of linecountfuzz in inn.conf.
329
331 In order to efficiently apply a large number of local cancels (such as
332 from processing NoCeMs or from some other external source), INN
333 supports a special feed mode available only to connections to the local
334 Unix-domain socket (not to connections to any network sockets).
335 To enter this mode, connect to the Unix-domain socket (pathrun/nntpin)
337 and send the command MODE CANCEL. The response will have code 284.
338 Every subsequent line sent on that connection should consist of a
339 single message-ID. An attempt will be made to cancel that message-ID,
340 and the server will reply 289 for success or 484 for failure. (Failure
341 can occur, for example, if the server is paused or throttled, or the
342 message-ID is corrupt. Failure does not occur if the article to be
343 cancelled does not exist.)
344
346 innd reports all incoming articles in its log file (pathlog/news).
347 This is a text file with a variable number of space-separated fields in
348 one of the following formats:
349 mon dd hh:mm:ss.mmm + feed <message-id> site ...
351 mon dd hh:mm:ss.mmm j feed <message-id> site ...
352 mon dd hh:mm:ss.mmm c feed <message-id> Cancelling <message-id>
353 mon dd hh:mm:ss.mmm - feed <message-id> reason
354 mon dd hh:mm:ss.mmm ? feed <message-id> reason
355 There may also be hostname and/or size fields after the message-ID
357 depending on the settings of nntplinklog and logartsize in inn.conf.
358 The first three fields are the date and time to millisecond resolution.
360 The fifth field is the site that sent the article (based on the Path:
361 header) and the sixth field is the article's message-ID; they will be a
362 question mark if the information is not available.
363 The fourth field indicates whether the article was accepted or not. If
365 it is a plus sign, then the article was accepted. If it is the letter
366 "j", then the article was accepted, providing all of the newsgroups to
367 which the article was posted were set to status "j" in the active file
368 (or not listed in the active file and wanttrash was set in inn.conf),
369 and then the article was filed into the "junk" newsgroup. In both of
370 these cases, the article has been accepted and the "site ..." field
371 contains the space-separated list of sites to which the article is
372 being sent.
373 If the fourth field is the letter "c", then a cancel message was
375 accepted before the original article arrived, and a history entry for
376 the cancelled message was created so that innd will reject that message
377 if it arrives later.
378 If the fourth field is a minus sign, then the article was rejected.
380 The reasons for rejection generated by innd include:
381 "%s" header too long
383 Article exceeds local limit of %s bytes
384 Article posted in the future -- "%s"
385 Bad "%s" header
386 Can't write history
387 Duplicate
388 Duplicate "%s" header
389 EOF in headers
390 Linecount %s != %s +- %s
391 Missing %s header
392 No body
393 No colon-space in "%s" header
394 No matching newsgroups in cancel <%s>
395 No space
396 Space before colon in "%s" header
397 Too old -- "%s"
398 Unapproved for "%s"
399 Unwanted newsgroup "%s"
400 Unwanted distribution "%s"
401 Whitespace in "Newsgroups" header -- "%s"
402 where %s, above, is replaced by more specific information. (The Perl
404 and Python filters, if used, may reject articles with other reasons.)
405 If the fourth field is the letter "?", the article contains strange
407 strings, such as CR without LF or LF without CR. (These characters
408 should never occur in isolation, only together as CRLF to indicate the
409 end of a line.) This log message is just informational, to give an
410 idea of how widespread such articles are; innd does not reject such
411 articles.
412 Note that when wanttrash is set to true in inn.conf and an article is
414 received that isn't posted to any valid newsgroups, it will be accepted
415 and logged with two lines, a "j" line and a minus sign line, unless the
416 logtrash parameter is set to false (in which case only the "j" line is
417 written).
418 innd also makes extensive reports through syslog(3). The first word of
420 the log message will be the name of the site if the entry is site-
421 specific (such as a "connected" message). The first word will be
422 "SERVER" if the message relates to the server itself, such as when a
423 read error occurs.
424 If the second word is the four letters "cant", then an error is being
426 reported. (The absence of an apostrophe is intentional; it makes it
427 easier to grep from the command line and easier to find error messages
428 in FAQs using a search engine. However, "can't" is also used at a few
429 places.) In this case, the next two words generally name the system
430 call or library routine that failed and the object upon which the
431 action was being performed. The rest of the line may contain other
432 information.
433 In other cases, the second word attempts to summarize what change has
435 been made, while the rest of the line gives more specific information.
436 The word "internal" generally indicates an internal logic error.
437
439 innd will catch SIGTERM and SIGHUP and shut down. If -d is used,
440 SIGINT will also be caught and will result in an orderly shutdown.
441 innd will catch the SIGUSR1 signal and recreate the control channel
443 used by ctlinnd(8).
444
446 innd normally attempts to strip IP options from incoming connections,
447 since it uses IP-based authentication and source routing can confuse
448 that. However, this doesn't work on all systems, and it doesn't work
449 at all in the presence of IPv6 support (and is disabled in that case).
450 Hence, if using innd with IPv6 support, make sure that your kernel or
451 router disables source routing.
452
454 Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews.
455 $Id: innd.pod 9000 2010-03-14 21:03:54Z iulius $
457
459 active(5), ctlinnd(8), dbz(3), history(5), incoming.conf(5),
460 inn.conf(5), innbind(8), innfeed(8), innstat(8), newsfeeds(5),
461 nnrpd(8), rnews(1), syslog(3).
462INN 2.5.2 2010-08-11 INND(8)