1NNRPD(8)                  InterNetNews Documentation                  NNRPD(8)
2
3
4

NAME

6       nnrpd - NNTP server for reader clients
7

SYNOPSIS

9       nnrpd [-DfnoSt] [-4 address] [-6 address] [-b address] [-c configfile]
10       [-i initial] [-I instance] [-p port] [-P prefork] [-r reason] [-s
11       padding]
12

DESCRIPTION

14       nnrpd is an NNTP server for newsreaders.  It accepts commands on its
15       standard input and responds on its standard output.  It is normally
16       invoked by innd(8) with those descriptors attached to a remote client
17       connection.  nnrpd also supports running as a standalone daemon.
18
19       Unlike innd(8), nnrpd supports all NNTP commands for user-oriented
20       reading and posting.  nnrpd uses the readers.conf file to control who
21       is authorized to access the Usenet database.
22
23       On exit, nnrpd will report usage statistics through syslog(3).
24
25       nnrpd only reads config files (both readers.conf and inn.conf) when it
26       is spawned.  You can therefore never change the behavior of a client
27       that's already connected.  If nnrpd is run from innd (the default) or
28       from inetd(8), xinetd(8), or some equivalent, a new nnrpd process is
29       spawned for every connection and therefore any changes to configuration
30       files will be immediately effective for all new connections.  If you
31       are instead running nnrpd with the -D option, any configuration changes
32       won't take effect until nnrpd is restarted.
33
34       The inn.conf setting nnrpdflags can be used to pass any of the options
35       below to instances of nnrpd that are spawned directly from innd.  Many
36       options only make sense when -D is used, so these options should not be
37       used with nnrpdflags.  See also the discussion of nnrpdflags in
38       inn.conf(5).
39
40       When nnrpdloadlimit in inn.conf is not 0, it will also reject
41       connections if the load average is greater than that value (typically
42       16).  nnrpd can also prevent high-volume posters from abusing your
43       resources.  See the discussion of exponential backoff in inn.conf(5).
44

OPTIONS

46       -4 address
47           The -4 parameter instructs nnrpd to bind to the specified IPv4
48           address when started as a standalone daemon using the -D flag.
49           This has to be a valid IPv4 address belonging to an interface of
50           the local host.  It can also be 0.0.0.0, saying to bind to all
51           addresses (this is the default).
52
53       -6 address
54           The -6 parameter instructs nnrpd to bind to the specified IPv6
55           address when started as a standalone daemon using the -D flag.
56           This has to be a valid IPv6 address belonging to an interface of
57           the local host.  It can also be "::0", saying to bind to all IPv6
58           addresses.
59
60           By default, nnrpd in daemon mode listens to both IPv4 and IPv6
61           addresses.  With this option, it will listen only to the specified
62           IPv6 addresses.  On some systems however, a value of "::0" will
63           cause it to listen to all IPv4 addresses as well.
64
65       -b address
66           Similar to the -4 flag.  -b is kept for backwards compatibility.
67
68       -c configfile
69           By default, nnrpd reads the readers.conf to determine how to
70           authenticate connections.  The -c flag specifies an alternate file
71           for this purpose.  If the file name isn't fully qualified, it is
72           taken to be relative to pathetc in inn.conf.  (This is useful to
73           have several instances of nnrpd running on different ports or IP
74           addresses with different settings.)
75
76       -D  If specified, this parameter causes nnrpd to operate as a daemon.
77           That is, it detaches itself and runs in the background, forking a
78           process for every connection.  By default, nnrpd listens on the
79           NNTP port (119), so either innd(8) has to be started on another
80           port or the -p parameter used.  Note that with this parameter,
81           nnrpd continues running until killed.  This means that it reads
82           inn.conf once on startup and never again until restarted.  nnrpd
83           should therefore be restarted if inn.conf is changed.
84
85           When started in daemon mode, nnrpd will write its PID into a file
86           in the pathrun directory.  The file will be named nnrpd.pid if
87           nnrpd listens on port 119 (default), or nnrpd-%d.pid, where %d is
88           replaced with the port that nnrpd is configured to listen on (-p
89           option is given and its argument is not 119).
90
91       -f  If specified, nnrpd does not detach itself and runs in the
92           foreground when started as a standalone daemon using the -D flag.
93
94       -i initial
95           Specify an initial command to nnrpd.  When used, initial is taken
96           as if it were the first command received by nnrpd.  After having
97           responded, nnrpd will close the connection.
98
99       -I instance
100           If specified, instance is used as an additional static portion
101           within message-IDs generated by nnrpd; typically this option would
102           be used where a cluster of machines exist with the same virtual
103           hostname and must be disambiguated during posts.
104
105       -n  The -n flag turns off resolution of IP addresses to names.  If you
106           only use IP-based restrictions in readers.conf and can handle IP
107           addresses in your logs, using this flag may result in some
108           additional speed.
109
110       -o  The -o flag causes all articles to be spooled instead of sending
111           them to innd(8).  rnews with the -U flag should be invoked from
112           cron on a regular basis to take care of these articles.  This flag
113           is useful if innd(8) is accepting articles and nnrpd is started
114           standalone or using inetd(8).
115
116       -p port
117           The -p parameter instructs nnrpd to listen on port when started as
118           a standalone daemon using the -D flag.
119
120       -P prefork
121           The -P parameter instructs nnrpd to prefork prefork children
122           awaiting connections when started as a standalone daemon using the
123           -D flag.
124
125       -r reason
126           If the -r flag is used, then nnrpd will reject the incoming
127           connection giving reason as the text.  This flag is used by innd(8)
128           when it is paused or throttled.  reason should be encoded in UTF-8.
129
130       -s padding
131           As each command is received, nnrpd tries to change its "argv" array
132           so that ps(1) will print out the command being executed.  To get a
133           full display, the -s flag may be used with a long string as its
134           argument, which will be overwritten when the program changes its
135           title.
136
137       -S  If specified, nnrpd will start a negotiation for a TLS session as
138           soon as connected.  To use this flag, --with-openssl must have been
139           specified at configure time.  For more information on running nnrpd
140           with TLS support, see "TLS SUPPORT".
141
142       -t  If the -t flag is used, then all client commands and initial
143           responses will be traced by reporting them in syslog.  This flag is
144           set by innd(8) under the control of the ctlinnd(8) "trace" command,
145           and is toggled upon receipt of a SIGHUP; see signal(2).
146

TLS SUPPORT

148       If INN is built with --with-openssl, nnrpd will support news reading
149       over TLS (also known as SSL).  For clients that use the STARTTLS
150       command, no special configuration is needed beyond creating a TLS/SSL
151       certificate for the server.  You should do this in exactly the same way
152       that you would generate a certificate for a web server.
153
154       If you're happy with a self-signed certificate (which will generate
155       warnings with some news reader clients), you can create and install one
156       in the default path by running "make cert" after "make install" when
157       installing INN, or by running the following commands:
158
159           umask 077
160           openssl req -new -x509 -nodes -out <pathetc>/cert.pem \
161               -days 366 -keyout <pathetc>/key.pem
162           chown news:news <pathetc>/cert.pem
163           chmod 640 <pathetc>/cert.pem
164           chown news:news <pathetc>/key.pem
165           chmod 600 <pathetc>/key.pem
166
167       Replace the paths with something appropriate to your INN installation.
168       This will create a self-signed certificate that will expire in a year.
169       The openssl program will ask you a variety of questions about your
170       organization.  Enter the fully qualified domain name of the server as
171       the name the certificate is for.
172
173       You then have to set these inn.conf parameters with the right paths:
174
175           tlscapath:      <pathetc>
176           tlscertfile:    <pathetc>/cert.pem
177           tlskeyfile:     <pathetc>/key.pem
178
179       In case you have a certificate authority root certificate, you can also
180       set tlscafile to its path.
181
182       Most news clients currently do not use the STARTTLS command, however,
183       and instead expect to connect to a separate port (563) and start a TLS
184       negotiation immediately.  innd does not, however, know how to listen
185       for connections to that port and then spawn nnrpd the way that it does
186       for regular reader connections.  You will therefore need to arrange for
187       nnrpd to listen on that port through some other means.  This can be
188       done with the -D flag along with "-p 563" and put into your init
189       scripts:
190
191           su news -c '<pathbin>/nnrpd -D -p 563 -S'
192
193       but the easiest way is probably to add a line like:
194
195           nntps stream tcp nowait news <pathbin>/nnrpd nnrpd -S
196
197       to /etc/inetd.conf or the equivalent on your system and let inetd run
198       nnrpd.  (Change the path to nnrpd to match your installation.)  You may
199       need to replace "nntps" with 563 if "nntps" isn't defined in
200       /etc/services on your system.
201

PROTOCOL DIFFERENCES

203       nnrpd implements the NNTP commands defined in RFC 3977 (NNTP), RFC 4642
204       (TLS/NNTP) and RFC 4643 (NNTP authentication) with the following
205       differences:
206
207       1.  Besides the keywords defined in RFC 3977 (ACTIVE, ACTIVE.TIMES,
208           DISTRIB.PATS, HEADERS, NEWSGROUPS and OVERVIEW.FMT), the LIST
209           command may be followed by the optional keywords COUNTS,
210           DISTRIBUTIONS, MODERATORS, MOTD and SUBSCRIPTIONS to respectively
211           get an improved version of the ACTIVE variant with the number of
212           articles in every newsgroup, a list of valid distributions, the
213           moderators list, the message of the day information for readers,
214           and a list of recommended group subscriptions.
215
216       2.  The XGTITLE [wildmat] command is provided.  This extension is used
217           by ANU-News and documented in RFC 2980.  It returns a 282 reply
218           code, followed by a one-line description of all newsgroups that
219           match the pattern.  The default is the current group.
220
221           Note that LIST NEWSGROUPS should be used instead of XGTITLE.
222
223       3.  The XHDR header [message-ID|range] command is implemented.  It
224           returns a 221 reply code, followed by specific headers for the
225           specified range; the default is to return the data for the current
226           article.  See RFC 2980.
227
228           Note that HDR should be used instead of XHDR.
229
230       4.  The XOVER [range] command is provided.  It returns a 224 reply
231           code, followed by the overview data for the specified range; the
232           default is to return the data for the current article.  See
233           RFC 2980.
234
235           Note that OVER should be used instead of XOVER.
236
237       5.  A new command, XPAT header message-ID|range pattern [pattern ...],
238           is provided.  The first argument is the case-insensitive name of
239           the header to be searched.  The second argument is either an
240           article range or a single message-ID, as specified in RFC 2980.
241           The third argument is a uwildmat(3)-style pattern; if there are
242           additional arguments, they are joined together separated by a
243           single space to form the complete pattern.  This command is similar
244           to the XHDR command.  It returns a 221 response code, followed by
245           the text response of all article numbers that match the pattern.
246
247       6.  A newsgroup name is case-sensitive for nnrpd.
248
249       7.  If IHAVE has been advertised, it will not necessarily be advertised
250           for the entire session (contrary to section 3.4.1 of RFC 3977).
251           nnrpd only advertises the IHAVE capability when it is really
252           available.
253
254       8.  nnrpd allows a wider syntax for wildmats and ranges (especially "-"
255           and "-article-number").
256

HISTORY

258       Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews.  Overview
259       support added by Rob Robertston <rob@violet.berkeley.edu> and Rich in
260       January, 1993.  Exponential backoff (for posting) added by Dave Hayes
261       in Febuary 1998.
262
263       $Id: nnrpd.pod 8956 2010-02-08 20:50:47Z iulius $
264

SEE ALSO

266       ctlinnd(8), innd(8), inn.conf(5), readers.conf(5), signal(2),
267       uwildmat(3).
268
269
270
271INN 2.5.2                         2010-08-11                          NNRPD(8)
Impressum