1INN.CONF(5) InterNetNews Documentation INN.CONF(5)
2
6 inn.conf - Configuration data for InterNetNews programs
7
9 inn.conf in pathetc is the primary general configuration file for all
10 InterNetNews programs. Settings which control the general operation of
11 various programs, as well as the paths to all portions of the news
12 installation, are found here. The INNCONF environment variable, if
13 set, specifies an alternate path to inn.conf.
14 This file is intended to be fairly static. Any changes made to it will
16 generally not affect any running programs until they restart. Unlike
17 nearly every other configuration file, inn.conf cannot be reloaded
18 dynamically using ctlinnd(8); innd(8) must be stopped and restarted for
19 relevant changes to inn.conf to take effect ("ctlinnd xexec innd" is
20 the fastest way to do this.)
21 Blank lines and lines starting with a number sign ("#") are ignored.
23 All other lines specify parameters, and should be of the following
24 form:
25 <name>: <value>
27 (Any amount of whitespace can be put after the colon and is optional.)
29 If the value contains embedded whitespace or any of the characters
30 "[]<>{}"\:;", it must be enclosed in double quotes (""). A backslash
31 ("\") can be used to escape quotes and backslashes inside double
32 quotes. <name> is case-sensitive; "server" is not the same as "Server"
33 or "SERVER". (inn.conf parameters are generally all in lowercase.)
34 If <name> occurs more than once in the file, the first value is used.
36 Some parameters specified in the file may be overridden by environment
37 variables. Most parameters have default values if not specified in
38 inn.conf; those defaults are noted in the description of each
39 parameter.
40 Many parameters take a boolean value. For all such parameters, the
42 value may be specified as "true", "yes", or "on" to turn it on and may
43 be any of "false", "no", or "off" to turn it off. The case of these
44 values is significant.
45 This documentation is extremely long and organized as a reference
47 manual rather than as a tutorial. If this is your first exposure to
48 INN and these parameters, it would be better to start by reading other
49 man pages and referring to this one only when an inn.conf parameter is
50 explicitly mentioned. Those parameters which need to be changed when
51 setting up a new server are discussed in INSTALL.
52
54 General Settings
55 These parameters are used by a wide variety of different components of
56 INN.
57 domain
59 This should be the domain name of the local host. It should not
60 have a leading period, and it should not be a full host address.
61 It is used only if the inn_getfqdn() routine in libinn(3) cannot
62 get the fully qualified domain name by using either the
63 gethostname(3) or getaddrinfo(3) calls. The check is very simple;
64 if either routine returns a name with a period in it, then it is
65 assumed to have the full domain name. As this parameter is rarely
66 used, do not use it to affect the righthand side of autogenerated
67 Message-IDs; see instead virtualhost and domain in readers.conf(5).
68 The default value is unset.
69 innflags
71 The flags to pass to innd on startup. See innd(8) for details on
72 the possible flags. The default value is unset.
73 Note that these flags are only used when innd is started from
75 rc.news or nntpsend.
76 mailcmd
78 The path to the program to be used for mailing reports and control
79 messages. The default is pathbin/innmail. This should not
80 normally need to be changed.
81 mta The command to use when mailing postings to moderators and for the
83 use of innmail(1). The message, with headers and an added To:
84 header, will be piped into this program. The string %s, if
85 present, will be replaced by the e-mail address of the moderator.
86 It's strongly recommended for this command to include %s on the
87 command line rather than use the addresses in the To: and Cc:
88 headers of the message, since the latter approach allows the news
89 server to be abused as a mechanism to send mail to arbitrary
90 addresses and will result in unexpected behavior. There is no
91 default value for this parameter; it must be set in inn.conf or a
92 fatal error message will be logged via syslog.
93 For most systems, "/usr/lib/sendmail -oi -oem %s" (adjusted for the
95 correct path to sendmail, and between double quotes) is a good
96 choice.
97 pathhost
99 What to put into the Path: header to represent the local site.
100 This is added to the Path: header of all articles that pass through
101 the system, including locally posted articles, and is also used
102 when processing some control messages and when naming the server in
103 status reports. There is no default value; this parameter must be
104 set in inn.conf or INN will not start. A good value to use is the
105 fully qualified hostname of the system.
106 runasgroup
108 The group under which the news server will run. The default is
109 "news" (or the group specified at configure time) and should not
110 normally need to be changed.
111 runasuser
113 The user under which the news server will run. The default is
114 "news" (or the user specified at configure time) and should not
115 normally need to be changed.
116 server
118 The name of the default NNTP server. If nnrpdposthost is not set
119 and UNIX domain sockets are not supported, nnrpd(8) tries to hand
120 off locally-posted articles through an INET domain socket to this
121 server. actsync(8), nntpget(8), and getlist(8) also use this value
122 as the default server to connect to. In the latter cases, the
123 value of the NNTPSERVER environment variable, if it exists,
124 overrides this. The default value is unset.
125 syntaxchecks
127 A list of values controlling the level of checks performed by innd
128 and nnrpd. For instance:
129 syntaxchecks: [ no-laxmid ]
131 The last occurrence of a given value takes precedence, that is to
133 say if "no-laxmid laxmid" is listed, laxmid takes precedence.
134 Only one check can currently be enabled/disabled:
136 laxmid / no-laxmid
138 When laxmid is set, Message-IDs containing ".." in the left
139 part are accepted, as well as Message-IDs with two "@". Some
140 non-compliant news posters generate such syntactically invalid
141 Message-IDs, especially in binary newsgroups. The default is
142 no-laxmid, that is to say INN strictly follows the standard
143 regarding syntax checks.
144 Feed Configuration
146 These parameters govern incoming and outgoing feeds: what size of
147 articles are accepted, what filtering and verification is performed on
148 them, whether articles in groups not carried by the server are still
149 stored and propagated, and other similar settings.
150 artcutoff
152 Articles older than this number of days are dropped. The default
153 value is 10, which means that an incoming article will be rejected
154 if its posting date is farther in the past than ten days.
155 In order to disable that check on date, you can set this parameter
157 to 0.
158 The number on the "/remember/" line in expire.ctl should probably
160 be one more than that number in order to take into account articles
161 whose posting date is one day into the future.
162 bindaddress
164 Which IP address innd(8) should bind itself to. This must be in
165 dotted-quad format (nnn.nnn.nnn.nnn). If set to "all" or not set,
166 innd defaults to listening on all interfaces. The value of the
167 INND_BIND_ADDRESS environment variable, if set, overrides this
168 setting. The default value is unset.
169 This parameter has no effect when systemd socket activation is
171 used.
172 bindaddress6
174 Like bindaddress but for IPv6 sockets. If only one of the
175 bindaddress and bindaddress6 parameters is used, then only the
176 socket for the corresponding address family is created. If both
177 parameters are used then two sockets are created. If neither of
178 them is used, the list of sockets to listen on will be determined
179 by the system library getaddrinfo(3) function. The value of the
180 INND_BIND_ADDRESS6, if set, overrides this setting. The default
181 value is unset.
182 Note that you will generally need to put double quotes ("") around
184 this value if you set it, since IPv6 addresses contain colons.
185 This parameter has no effect when systemd socket activation is
187 used.
188 dontrejectfiltered
190 Normally innd(8) rejects incoming articles when directed to do so
191 by any enabled article filters (Perl or Python). However, this
192 parameter causes such articles not to be rejected; instead
193 filtering can be applied on outbound articles. If this parameter
194 is set, all articles will be accepted on the local machine, but
195 articles rejected by the filter will not be fed to any peers
196 specified in newsfeeds with the "Af" flag. The default value is
197 false.
198 hiscachesize
200 If set to a value other than 0, a hash of recently received
201 Message-IDs is kept in memory to speed history lookups. The value
202 is the amount of memory to devote to the cache in kilobytes. The
203 cache is only used for incoming feeds and a small cache can hold
204 quite a few Message-IDs, so large values aren't necessarily useful
205 unless you have incoming feeds that are badly delayed. innreport
206 can provide useful statistics regarding the use of the history
207 cache, especially when it misses. A good value for a system with
208 more than one incoming feed is 256; systems with only one incoming
209 feed should probably set this to 0. The default value is 256.
210 ignorenewsgroups
212 Whether newsgroup creation control messages (newgroup and rmgroup)
213 should be fed as if they were posted to the newsgroup they are
214 creating or deleting rather than to the newsgroups listed in the
215 Newsgroups: header. If this parameter is set, the newsgroup
216 affected by the control message will be extracted from the Control:
217 header and the article will be fed as if its Newsgroups: header
218 contained solely that newsgroup. This is useful for routing
219 control messages to peers when they are posted to irrelevant
220 newsgroups that shouldn't be matched against the peer's desired
221 newsgroups in newsfeeds. This is a boolean value and the default
222 is false.
223 immediatecancel
225 When using the timecaf storage method, article cancels are normally
226 just cached to be cancelled, not cancelled immediately. If this is
227 set to true, they will instead by cancelled as soon as the cancel
228 is processed. This is a boolean value and the default is false.
229 This setting is ignored unless the timecaf storage method is used.
231 linecountfuzz
233 If set to something other than 0, the line count of the article is
234 checked against the Lines: header of the article (if present) and
235 the article is rejected if the values differ by more than this
236 amount. A reasonable setting is 5, which is the standard maximum
237 signature length plus one (some injection software calculates the
238 Lines: header before adding the signature). The default value is
239 0, which tells INN not to check the Lines: header of incoming
240 articles.
241 maxartsize
243 The maximum size of article (headers and body) that will be
244 accepted by the server, in bytes. A value of 0 allows any size of
245 article, but note that innd will crash if system memory is
246 exceeded. The default value is 1000000 (approximately 1 MB). This
247 is checked against the article in wire format (CRLF at the end of
248 each line, leading periods protected, and with the trailing
249 "\r\n.\r\n" at the end). See also localmaxartsize.
250 maxconnections
252 The maximum number of incoming NNTP connections innd(8) will
253 accept. The default value is 50.
254 pathalias
256 If set, this value is prepended to the Path: header of accepted
257 posts (before pathhost) if it doesn't already appear in the Path:
258 header. The main purpose of this parameter is to configure all
259 news servers within a particular organization to add a common
260 identity string to the Path: header. The default value is unset.
261 pathcluster
263 If set, this value is appended to the Path: header of accepted
264 posts (after pathhost) if it isn't already present as the last
265 element of the Path: header. The main purpose of this parameter is
266 to make several news servers appear as one server. The default
267 value is unset.
268 Note that the Path: header reads right to left, so appended means
270 inserted at the leftmost side of the Path: header.
271 pgpverify
273 Whether to enable PGP verification of control messages other than
274 cancel. This is a boolean value and the default in the inn.conf
275 sample file is based on whether configure found pgp, pgpv, pgpgpg,
276 gpgv, gpgv1, gpgv2, gpg, gpg1 or gpg2. Note that if the parameter
277 is not present in the configuration file, it defaults to false.
278 port
280 What TCP port innd(8) should listen on. The default value is 119,
281 the standard NNTP port.
282 refusecybercancels
284 Whether to refuse all articles whose message IDs start with
285 "<cancel.". This message ID convention is widely followed by spam
286 cancellers, so the vast majority of such articles will be cancels
287 of spam. This check, if enabled, is done before the history check
288 and the message ID is not written to the history file. This is a
289 boolean value and the default is false.
290 This is a somewhat messy, inefficient, and inexact way of refusing
292 spam cancels. A much better way is to ask all of your upstream
293 peers to not send to you any articles with "cyberspam" in the Path:
294 header (usually accomplished by having them mark "cyberspam" as an
295 alias for your machine in their feed configuration). The filtering
296 enabled by this parameter is hard-coded; general filtering of
297 message IDs can be done via the embedded filtering support.
298 remembertrash
300 By default, innd(8) records rejected articles in history so that,
301 if offered the same article again, it can be refused before it is
302 sent. If you wish to disable this behavior, set this to false.
303 This can cause a substantial increase in the amount of bandwidth
304 consumed by incoming news if you have several peers and reject a
305 lot of articles, so be careful with it. Even if this is set to
306 true, INN won't log some rejected articles to history if there's
307 reason to believe the article might be accepted if offered by a
308 different peer, so there is usually no reason to set this to false
309 (although doing so can decrease the size of the history file).
310 This is a boolean value and the default is true.
311 sourceaddress
313 Which local IP address to bind to for outgoing NNTP sockets (used
314 by innxmit(8) among other programs, as well as innfeed(8) as long
315 as not overridden by bindaddress in innfeed.conf(5)). This must be
316 in dotted-quad format (nnn.nnn.nnn.nnn). If set to "all", the
317 operating system will choose the source IP address for outgoing
318 connections. The default value is unset.
319 sourceaddress6
321 Like sourceaddress but for IPv6 sockets. Note that you will
322 generally need to put double quotes ("") around this value if you
323 set it, since IPv6 addresses contain colons.
324 verifycancels
326 Set this to true to enable a simplistic check on all cancel
327 messages, attempting to verify (by simple header comparison) that
328 at least one newsgroup in the cancel message can be found in the
329 article to be cancelled. This check can't be done if the cancel
330 arrives before the article does. This is a boolean value, and the
331 default is false.
332 Note that RFC 5537 (USEPRO) mentions that "cancel control messages
334 are not required to contain From: and Sender: header fields
335 matching the target message. This requirement only encouraged
336 cancel issuers to conceal their identity and provided no security".
337 This check is therefore not done as it is extremely easy to spoof.
338 In order not to actually process any cancel or supersedes messages,
340 you can start innd with the -C flag, or add this flag to the
341 innflags parameter.
342 verifygroups
344 Set this to true to reject incoming articles which contain an
345 unknown newsgroup in the whole list of newsgroups to which they are
346 posted. In case wanttrash is set to true, such articles will still
347 be rejected. This is a boolean value, and the default is false.
348 wanttrash
350 Set this to true if you want to file articles posted to unknown
351 newsgroups (newsgroups not in the active file) into the "junk"
352 newsgroup rather than rejecting them. This is sometimes useful for
353 a transit news server that needs to propagate articles (according
354 to the setting of "Aj" in the newsfeeds feed pattern) in all
355 newsgroups regardless if they're carried locally. This is a
356 boolean value and the default is false.
357 The logtrash parameter specifies whether such articles should be
359 logged as posted to unwanted newsgroups in the news log file.
360 wipcheck
362 If INN is offered an article by a peer on one channel, it will
363 return deferral responses (code 436) to all other offers of that
364 article for this many seconds. (After this long, if the peer that
365 offered the article still hasn't sent it, it will be accepted from
366 other channels.) The default value is 5 and probably doesn't need
367 to be changed.
368 wipexpire
370 How long, in seconds, to keep track of message IDs offered on a
371 channel before expiring articles that still haven't been sent. The
372 default value is 10 and probably doesn't need to be changed.
373 History Settings
375 The following parameter affect the history database.
376 hismethod
378 Which history storage method to use. The only currently supported
379 value is "hisv6". There is no default value; this parameter must
380 be set.
381 "hisv6"
383 Stores history data in the INN history v6 format: history(5)
384 text file and a number of dbz database files; this may be in
385 true history v6 format, or tagged hash format, depending on the
386 build options. Separation of these two is a project which has
387 not yet been undertaken.
388 Article Storage
390 These parameters affect how articles are stored on disk.
391 cnfscheckfudgesize
393 If set to a value other than 0, the claimed size of articles in
394 CNFS cycbuffs is checked against maxartsize plus this value, and if
395 larger, the CNFS cycbuff is considered corrupt. This can be useful
396 as a sanity check after a system crash, but be careful using this
397 parameter if you have changed maxartsize recently. The default
398 value is 0.
399 enableoverview
401 Whether to write out overview data for articles. If set to false,
402 INN will run much faster, but reading news from the system will be
403 impossible (the server will be for news transit only). If this
404 option is set to true, ovmethod must also be set. This is a
405 boolean value and the default is true.
406 extraoverviewadvertised
408 Besides the seven standard overview fields (which are in order
409 "Subject:", "From:", "Date:", "Message-ID:", "References:",
410 ":bytes" and ":lines") and the eighth "Xref:full" field required by
411 INN in order to handle crossposts, it is possible to add other
412 fields in the overview database. This parameter expects a list of
413 such header names. Overview data for these additional headers will
414 be generated for each new article at the time of arrival. For
415 instance, if you specify:
416 extraoverviewadvertised: [ Path Injection-Info ]
418 it implies that nnrpd will advertise "Path:full" and
420 "Injection-Info:full" as the ninth and tenth fields in response to
421 LIST OVERVIEW.FMT and that these two headers will be stored in the
422 overview database for each new article.
423 The default value is an empty list (no additional fields are
425 stored). Owing to optimizations when innd parses the articles it
426 receives, it is possible that all the values in the list are not
427 recognized by innd as standard headers. In such cases, innd will
428 log an error in news.err at startup and the unrecognized fields
429 will be discarded.
430 You should advertise only fields for which the overview database is
432 consistent, that is to say it records the content or absence of
433 these fields for all articles, including those already existing in
434 the news spool. Consequently, if you decide to add or remove a
435 field from your overview database, you should either modify
436 extraoverviewadvertised and rebuild your overview database with
437 makehistory(8) after removing all existing overview files, or
438 implement a transition period by first using extraoverviewhidden as
439 described below.
440 Use of a transition period can accommodate most overview
442 reconfigurations, but certain drastic changes may still require a
443 complete overview rebuild.
444 If for instance you want to store the content of the To: header in
446 addition to the fields already stored above, you should use:
447 extraoverviewadvertised: [ Path Injection-Info ]
449 extraoverviewhidden: [ To ]
450 This way, "To:full" will not be advertised by nnrpd but will be
452 stored for each new article. Once you know that all articles in
453 your overview database record the content or absence of that new
454 field (if expire.ctl(5) is parametered so that all your articles
455 expire within 30 days, you can assume the database is in such a
456 state after 30 days -- however, note that time to expiration can be
457 unpredictable with CNFS and you then have to use "cnfsstat -a" for
458 checking on when buffers have rolled over), you should put:
459 extraoverviewadvertised: [ Path Injection-Info To ]
461 extraoverviewhidden: [ ]
462 The "To" value must be added at the end of the list because order
464 matters and fields mentioned in extraoverviewhidden are generated
465 after those mentioned in extraoverviewadvertised. nnrpd will now
466 advertise "To:full" in response to the LIST OVERVIEW.FMT command
467 ("full" indicates that the header appears followed by its value).
468 Now suppose you want to remove the content of the Injection-Info:
470 header from the overview. As order matters, the overview database
471 will no longer be consistent for the To: header. Therefore, you
472 need to specify:
473 extraoverviewadvertised: [ Path ]
475 extraoverviewhidden: [ To ]
476 And once overview data is accurate for all articles, you should
478 use:
479 extraoverviewadvertised: [ Path To ]
481 extraoverviewhidden: [ ]
482 Note that you have to restart nnrpd if it runs as a daemon whenever
484 you change the value of extraoverviewadvertised; a mere "ctlinnd
485 xexec innd" is not enough.
486 extraoverviewhidden
488 This parameter should be used in conjunction with
489 extraoverviewadvertised (see above for more details). It expects a
490 list of headers names. Overview data for these headers will be
491 generated for each new article at the time of arrival but, contrary
492 to the fields mentioned in extraoverviewadvertised, nnrpd will not
493 advertise them in response to the LIST OVERVIEW.FMT command. It
494 also implies that nnrpd will not look in the overview database for
495 fields mentioned in extraoverviewhidden when it handles HDR, XHDR
496 and XPAT requests; nnrpd will have to parse the headers of the
497 requested articles in the news spool, which is slower than directly
498 querying the overview database.
499 The default value is an empty list (no additional fields are
501 stored). Owing to optimizations when innd parses the articles it
502 receives, it is possible that all the values in the list are not
503 recognized by innd as standard headers. In such cases, innd will
504 log an error in news.err at startup and the unrecognized fields
505 will be discarded.
506 groupbaseexpiry
508 Whether to enable newsgroup-based expiry. If set to false, article
509 expiry is done based on storage class of storing method. If set to
510 true (and overview information is available), expiry is done by
511 newsgroup name. This affects the format of expire.ctl. This is a
512 boolean value and the default is true.
513 mergetogroups
515 Whether to file all postings to "to.*" groups in the
516 pseudonewsgroup "to". If this is set to true, the newsgroup "to"
517 must exist in the active file or INN will not start. (See the
518 discussion of "to." groups in innd(8) under CONTROL MESSAGES.)
519 This is a boolean value and the default is false.
520 nfswriter
522 For servers writing articles, determine whether the article spool
523 is on NFS storage. If set, INN attempts to flush articles to the
524 spool in a more timely manner, rather than relying on the operating
525 system to flush things such as the CNFS article bitmaps. You
526 should only set this parameter if you are attempting to use a
527 shared NFS spool on a machine acting as a single writer within a
528 cluster. This is a boolean value and the default is false.
529 overcachesize
531 How many cache slots to reserve for open overview files. If INN is
532 writing overview files (see enableoverview), ovmethod is set to
533 "tradindexed", and this is set to a value other than 0, INN will
534 keep around and open that many recently written-to overview files
535 in case more articles come in for those newsgroups. Every overview
536 cache slot consumes two file descriptors, so be careful not to set
537 this value too high. You may be able to use the "limit" command to
538 see how many open file descriptors your operating system allows.
539 innd(8) also uses an open file descriptor for each incoming feed
540 and outgoing channel or batch file, and if it runs out of open file
541 descriptors, it may throttle and stop accepting new news. The
542 default value is 128 (which is probably still too low if you have a
543 large number of file descriptors available).
544 This setting is ignored unless ovmethod is set to "tradindexed".
546 ovgrouppat
548 If set, restricts the overview data stored by INN to only the
549 newsgroups matching this comma-separated list of uwildmat
550 expressions. Newsgroups not matching this setting may not be
551 readable, and if groupbaseexpiry is set to true and the storage
552 method for these newsgroups does not have self-expire
553 functionality, storing overview data will fail. The default is
554 unset.
555 ovmethod
557 Which overview storage method to use. Currently supported values
558 are "buffindexed", "ovdb" and "tradindexed". There is no default
559 value; this parameter must be set if enableoverview is true (the
560 default).
561 "buffindexed"
563 It stores overview data and index information into
564 preconfigured large files like CNFS. Fast at writing, the
565 "buffindexed" overview storage method can keep up with a large
566 feed more easily and never consumes additional disk space
567 beyond that allocated to these buffers. The downside is that
568 these buffers are hard to recover in case of corruption and
569 somewhat slower for readers and the expiry process. See the
570 buffindexed.conf(5) man page for more details, and notably how
571 to create the buffers.
572 "ovdb"
574 It stores overview information into a Berkeley DB database,
575 whose development pace has stalled these last years. This
576 method is fast and very robust, but may require more disk
577 space, unless compression is enabled. See the ovdb(5) man page
578 for more details.
579 "tradindexed"
581 It uses two files per newsgroup, one containing the overview
582 data and one containing the index. Fast for readers, but slow
583 to write to because it has to update two files for each
584 incoming article. Its main advantage is to be the best tested,
585 the most reliable and the method with the best recovery tools.
586 storeonxref
588 If set to true, articles will be stored based on the newsgroup
589 names in the Xref: header rather than in the Newsgroups: header.
590 This affects what the patterns in storage.conf apply to. The
591 primary interesting effect of setting this to true is to enable
592 filing of all control messages according to what storage class the
593 control pseudogroups are filed in rather than according to the
594 newsgroups the control messages are posted to. This is a boolean
595 value and the default is true.
596 If the tradspool article storage method is used, storeonxref must
598 be true.
599 useoverchan
601 Whether to innd(8) should create overview data internally through
602 libstorage(3). If set to false, innd creates overview data by
603 itself. If set to true, innd does not create; instead overview
604 data must be created by overchan(8) from an appropriate entry in
605 newsfeeds. Setting to true may be useful, if innd cannot keep up
606 with incoming feed and the bottleneck is creation of overview data
607 within innd. This is a boolean value and the default is false.
608 wireformat
610 Only used with the tradspool storage method, this says whether to
611 write articles in wire format. Wire format means storing articles
612 with "\r\n" at the end of each line and with periods at the
613 beginning of lines doubled, the article format required by the NNTP
614 protocol. Articles stored in this format are suitable for sending
615 directly to a network connection without requiring conversion, and
616 therefore setting this to true can make the server more efficient.
617 The primary reason not to set this is if you have old existing
618 software that looks around in the spool and doesn't understand how
619 to read wire format. Storage methods other than tradspool always
620 store articles in wire format. This is a boolean value and the
621 default is true.
622 xrefslave
624 Whether to act as the slave of another server. If set, INN
625 attempts to duplicate exactly the article numbering of the server
626 feeding it by looking at the Xref: header of incoming articles and
627 assigning the same article numbers to articles as was noted in the
628 Xref: header from the upstream server. The result is that clients
629 should be able to point at either server interchangeably (using
630 some load balancing scheme, for example) and see the same internal
631 article numbering. Servers with this parameter set should
632 generally only have one upstream feed, and should always have
633 nnrpdposthost set to hand locally posted articles off to the master
634 server. The upstream should be careful to always feed articles in
635 order (innfeed(8) can have problems with this in the event of a
636 backlog). This is a boolean value and the default is false.
637 Reading
639 These parameters affect the behavior of INN for readers. Most of them
640 are used by nnrpd(8). There are some special sets of settings that are
641 broken out separately after the initial alphabetized list.
642 Note that the two parameters nnrpperlauth and nnrppythonauth are now
644 obsolete; see "Changes to Perl Authentication Support for nnrpd" in
645 doc/hook-perl and "Changes to Python Authentication and Access Control
646 Support for nnrpd" in doc/hook-python for more information.
647 allownewnews
649 Whether to allow use of the NEWNEWS command by clients. This
650 command used to put a heavy load on the server in older versions of
651 INN, but is now reasonably efficient, at least if only one
652 newsgroup is specified by the client. This is a boolean value and
653 the default is true. If you use the access parameter in
654 readers.conf, be sure to read about the way it overrides
655 allownewnews.
656 articlemmap
658 Whether to attempt to mmap() articles. Setting this to true will
659 give better performance on most systems, but some systems have
660 problems with mmap(). If this is set to false, articles will be
661 read into memory before being sent to readers. This is a boolean
662 value and the default is true.
663 clienttimeout
665 How long (in seconds) a client connection can be idle before it
666 exits. When setting this parameter, be aware that some newsreaders
667 use the same connection for reading and posting and don't deal well
668 with the connection timing out while a post is being composed. If
669 the system isn't having a problem with too many long-lived
670 connections, it may be a good idea to increase this value to 3600
671 (an hour). The default value is 1800 (thirty minutes).
672 initialtimeout
674 How long (in seconds) nnrpd will wait for the first command from a
675 reader connection before dropping the connection. This is a
676 defensive timeout intended to protect the news server from badly
677 behaved reader clients that open and abandon a multitude of
678 connections without every closing them. The default value is 10
679 (ten seconds), which may need to be increased if many clients
680 connect via slow network links.
681 msgidcachesize
683 How many cache slots to reserve for message-IDs to storage token
684 translations. When serving overview data to clients (NEWNEWS,
685 OVER, etc.), nnrpd(8) can cache the storage token associated with a
686 message-ID and save the cost of looking it up in the history file;
687 for some configurations, setting this parameter can save more than
688 90% of the wall clock time for a session. The default value is
689 64000.
690 nfsreader
692 For servers reading articles, determine whether the article spool
693 is on NFS storage. If set, INN will attempt to force articles and
694 overviews to be read directly from the NFS spool rather than from
695 cached copies. You should only set this parameter if you are
696 attempting to use a shared NFS spool on a machine acting as a
697 reader within a cluster. This is a boolean value and the default
698 is false.
699 nfsreaderdelay
701 If nfsreader is set, INN will use the value of nfsreaderdelay to
702 delay the apparent arrival time of articles to clients by this
703 amount. Note that only answers to GROUP and NEWNEWS commands are
704 affected. This value should be tuned based on the NFS cache
705 timeouts locally. The default is 60, that is to say one minute.
706 nnrpdcheckart
708 Whether nnrpd should check the existence of an article before
709 listing it as present in response to an NNTP command. The primary
710 use of this setting is to prevent nnrpd from returning information
711 about articles which are no longer present on the server but which
712 still have overview data available. Checking the existence of
713 articles before returning overview information slows down the
714 overview commands, but reduces the number of "article is missing"
715 errors seen by the client. This is a boolean value and the default
716 is true.
717 nnrpdflags
719 When nnrpd(8) is spawned from innd(8), these flags are passed as
720 arguments to the nnrpd process. This setting does not affect
721 instances of nnrpd that are started in daemon mode, or instances
722 that are started via another listener process such as inetd(8) or
723 xinetd(8). Shell quoting and metacharacters are not supported.
724 This is a string value and the default is unset.
725 nnrpdloadlimit
727 If set to a value other than 0, connections to nnrpd will be
728 refused if the system load average is higher than this value. The
729 default value is 16.
730 noreader
732 Normally, innd(8) will fork a copy of nnrpd(8) for all incoming
733 connections from hosts not listed in incoming.conf. If this
734 parameter is set to true, those connections will instead be
735 rejected with a 502 error code. This should be set to true for a
736 transit-only server that doesn't support readers, or if nnrpd is
737 running in daemon mode or being started out of inetd. This is a
738 boolean value and the default is false.
739 readerswhenstopped
741 Whether to allow readers to connect even if the server is paused or
742 throttled. This is only applicable if nnrpd(8) is spawned from
743 innd(8) rather than run out of inetd or in daemon mode. This is a
744 boolean value and the default is false.
745 readertrack
747 Whether to enable the tracking system for client behavior. Tracked
748 information is recorded to pathlog/tracklogs/log-ID, where ID is
749 determined by nnrpd's PID and launch time. Currently the
750 information recorded includes initial connection and posting; only
751 information about clients listed in nnrpd.track is recorded. In
752 addition, every posted article will be saved in
753 pathlog/trackposts/track.message-id, where message-id is the
754 message ID of the post. This is a boolean value and the default is
755 false.
756 tradindexedmmap
758 Whether to attempt to mmap() tradindexed overviews articles.
759 Setting this to true will give better performance on most systems,
760 but some systems have problems with mmap(). If this is set to
761 false, overviews will be read into memory before being sent to
762 readers. This is a boolean value and the default is true.
763 INN has optional support for generating keyword information
765 automatically from article body text and putting that information in
766 overview for the use of clients that know to look for it (HDR, OVER and
767 XPAT commands). The following parameters control that feature.
768 This may be too slow if you're taking a substantial feed, and probably
770 will not be useful for the average news reader; enabling this is not
771 recommended unless you have some specific intention to take advantage
772 of it.
773 keywords
775 Whether the keyword generation support should be enabled. This is
776 a boolean value and the default is false.
777 If an article already contains a Keywords: header, no keyword
779 generation is done and the original Keywords: header is kept
780 untouched.
781 In order to use this feature, the regex library should be available
783 and INN configured with the --enable-keywords flag. Otherwise, no
784 keywords will be generated, even though this boolean value is set
785 to true. You also have to add the integration of the Keywords:
786 header into the overview with extraoverviewadvertised or
787 extraoverviewhidden.
788 keyartlimit
790 Articles larger than this value in bytes will not have keywords
791 generated for them (since it would take too long to do so). The
792 default value is 100000 (approximately 100 KB).
793 keylimit
795 Maximum number of bytes allocated for keyword data. If there are
796 more keywords than will fit into this many bytes when separated by
797 commas, the rest are discarded. The default value is 512.
798 keymaxwords
800 Maximum number of keywords that will be generated for an article.
801 (The keyword generation code will attempt to discard "noise" words,
802 so the number of keywords actually written into the overview will
803 usually be smaller than this even if the maximum number of keywords
804 is found.) The default value is 250.
805 Posting
807 These parameters are only used by nnrpd(8), inews(1), and other
808 programs that accept or generate postings. There are some special sets
809 of settings that are broken out separately after the initial
810 alphabetized list.
811 addinjectiondate
813 Whether to add an Injection-Date: header field to all local posts.
814 This is a boolean value and the default is true.
815 Note that no Injection-Date: header fields will be added to local
817 posts already containing both a Message-ID: header field and a
818 Date: header field. This is done in conformance with standards, to
819 help minimize the possibility of a loop in e-mail gatewaying and
820 ensure that a newly injected article is not treated as a new,
821 separate article in case of multiple injection of the same article
822 to different injecting agents.
823 addinjectionpostingaccount
825 Whether to add a posting-account attribute to the Injection-Info:
826 header to all local posts giving the username assigned to the user
827 at connection time or after authentication. This is a boolean
828 value and the default is false. There is no intrinsic support for
829 obfuscating the value. That has to be done with a user-written
830 Perl filter, if desired.
831 addinjectionpostinghost
833 Whether to add a posting-host attribute to the Injection-Info:
834 header to all local posts giving an FQDN (when known, by reverse
835 lookup of the client IP address) and IP address of the system from
836 which the post was received. This is a boolean value and the
837 default is true. Note that INN either does not add this attribute
838 or adds the name (when known) and IP address of the client. There
839 is no intrinsic support for obfuscating the name of the client.
840 That has to be done with a user-written Perl filter, if desired.
841 When this parameter is set to true, an FQDN (obtained by reverse
843 lookup of the client IP address or, if unknown, the IP address
844 itself) of the client is also added to the Path: header, after the
845 "!.POSTED" diagnostic.
846 checkincludedtext
848 Whether to check local postings for the ratio of new to quoted text
849 and reject them if that ratio is under 50%. Included text is
850 recognized by looking for lines beginning with ">", "|", or ":".
851 This is a boolean value and the default is false.
852 complaints
854 The value of the mail-complaints-to attribute of the Injection-
855 Info: header added to all local posts. The default is the
856 newsmaster's e-mail address. (If the newsmaster, selected at
857 configure time and defaulting to "usenet", doesn't contain "@", the
858 address will consist of the newsmaster, a "@", and the value of
859 fromhost.)
860 fromhost
862 Contains a domain used to construct e-mail addresses. The address
863 of the local news administrator will be given as <user>@fromhost,
864 where <user> is the newsmaster user set at compile time ("usenet"
865 by default). This setting will also be used by mailpost(8) to
866 fully qualify addresses and by inews(1) to generate the Sender:
867 header (and From: header if missing). The value of the FROMHOST
868 environment variable, if set, overrides this setting. The default
869 is the fully qualified domain name of the local host.
870 localmaxartsize
872 The maximum article size (in bytes) for locally posted articles.
873 Articles larger than this will be rejected. A value of 0 allows
874 any size of article, but note that nnrpd and innd will crash if
875 system memory is exceeded. See also maxartsize, which applies to
876 all articles including those posted locally. The default value is
877 1000000 (approximately 1 MB).
878 moderatormailer
880 The address to which to send submissions for moderated groups. It
881 is only used if the moderators file doesn't exist, or if the
882 moderated group to which an article is posted is not matched by any
883 entry in that file, and takes the same form as an entry in the
884 moderators file. In most cases, "%s@moderators.isc.org" is a good
885 value for this parameter (%s is expanded into a form of the
886 newsgroup name). See moderators(5) for more details about the
887 syntax. The default is unset. If this parameter isn't set and an
888 article is posted to a moderated group that does not have a
889 matching entry in the moderators file, the posting will be rejected
890 with an error.
891 nnrpdauthsender
893 Whether to generate a Sender: header based on reader
894 authentication. If this parameter is set, a Sender: header will be
895 added to local posts containing the identity assigned by
896 readers.conf. If the assigned identity does not include an "@",
897 the reader's hostname is used. If this parameter is set but no
898 identity is assigned, the Sender: header will be removed from all
899 posts even if the poster includes one. This is a boolean value and
900 the default is false.
901 nnrpdposthost
903 If set, nnrpd(8) and rnews(1) will pass all locally posted articles
904 to the specified host rather than trying to inject them locally.
905 See also nnrpdpostport. This should always be set if xrefslave is
906 true. The default value is unset.
907 nnrpdpostport
909 The port on the remote server to connect to to post when
910 nnrpdposthost is used. The default value is 119.
911 organization
913 What to put in the Organization: header if it is left blank by the
914 poster. The value of the ORGANIZATION environment variable, if
915 set, overrides this setting. The default is unset, which tells INN
916 not to insert an Organization: header.
917 spoolfirst
919 If true, nnrpd(8) will spool new articles rather than attempting to
920 send them to innd(8). If false, nnrpd will spool articles only if
921 it receives an error trying to send them to innd. Setting this to
922 true can be useful if nnrpd must respond as fast as possible to the
923 client; however, when set, articles will not appear to readers
924 until they are given to innd. nnrpd won't do this; "rnews -U" must
925 be run periodically to take the spooled articles and post them.
926 This is a boolean value and the default is false.
927 strippostcc
929 Whether to strip To:, Cc:, and Bcc: headers out of all local posts
930 via nnrpd(8). The primary purpose of this setting is to prevent
931 abuse of the news server by posting to a moderated group and
932 including To: or Cc: headers in the post so that the news server
933 will send the article to arbitrary addresses. INN now protects
934 against this abuse in other ways provided mta is set to a command
935 that includes %s and honors it, so this is generally no longer
936 needed. This is a boolean value and the default is false.
937 nnrpd(8) has support for controlling high-volume posters via an
939 exponential backoff algorithm, as configured by the following
940 parameters.
941 Exponential posting backoff works as follows: news clients are indexed
943 by IP address (or username, see backoffauth below). Each time a post
944 is received from an IP address, the time of posting is stored (along
945 with the previous sleep time, see below). After a configurable number
946 of posts in a configurable period of time, nnrpd(8) will begin to sleep
947 for increasing periods of time before actually posting anything
948 (posting backoff is therefore activated). Posts will still be
949 accepted, but at an increasingly reduced rate.
950 After backoff has been activated, the length of time to sleep is
952 computed based on the difference in time between the last posting and
953 the current posting. If this difference is less than backoffpostfast,
954 the new sleep time will be 1 + (previous sleep time * backoffk). If
955 this difference is less than backoffpostslow but greater than
956 backoffpostfast, then the new sleep time will equal the previous sleep
957 time. If this difference is greater than backoffpostslow, the new
958 sleep time is zero and posting backoff is deactivated for this poster.
959 (Note that this does not mean posting backoff cannot be reactivated
960 later in the session.)
961 Exponential posting backoff will not be enabled unless backoffdb is set
963 and backoffpostfast and backoffpostslow are set to something other than
964 their default values.
965 Here are the parameters that control exponential posting backoff:
967 backoffauth
969 Whether to index posting backoffs by user rather than by source IP
970 address. You must be using authentication in nnrpd(8) for a value
971 of true to have any meaning. This is a boolean value and the
972 default is false.
973 backoffdb
975 The path to a directory, writeable by the news user, that will
976 contain the backoff database. There is no default for this
977 parameter; you must provide a path to a creatable or writeable
978 directory to enable exponential backoff.
979 backoffk
981 The amount to multiply the previous sleep time by if the user is
982 still posting too quickly. A value of 2 will double the sleep time
983 for each excessive post. The default value is 1.
984 backoffpostfast
986 Postings from the same identity that arrive in less than this
987 amount of time (in seconds) will trigger increasing sleep time in
988 the backoff algorithm. The default value is 0.
989 backoffpostslow
991 Postings from the same identity that arrive in greater than this
992 amount of time (in seconds) will reset the backoff algorithm.
993 Another way to look at this constant is to realize that posters
994 will be allowed to generate at most 86400/backoffpostslow posts per
995 day. The default value is 1.
996 backofftrigger
998 This many postings are allowed before the backoff algorithm is
999 triggered. The default value is 10000.
1000 TLS/SSL Support for Reading and Posting
1002 Here are the parameters used by nnrpd(8) to provide TLS/SSL support.
1003 The parameters related to certificates are:
1005 tlscafile
1007 The path to a file containing certificate authority root
1008 certificates, used to present a trust chain to a TLS client. This
1009 parameter is only used if nnrpd is built with TLS/SSL support. The
1010 default value is an empty string.
1011 tlscapath
1013 The path to a directory containing certificate authority root
1014 certificates. Each file in the directory should contain one CA
1015 certificate, and the name of the file should be the CA subject name
1016 hash value. See the OpenSSL documentation for more information.
1017 This parameter is only used if nnrpd is built with TLS/SSL support.
1018 The default value is pathetc.
1019 tlscertfile
1021 The path to a file containing the server certificate to present to
1022 TLS clients. This parameter is only used if nnrpd is built with
1023 TLS/SSL support. The default value is pathetc/cert.pem.
1024 If you want to use a complete certificate chain, you can directly
1026 put it in tlscertfile (like Apache's SSLCertificateFile directive).
1027 Alternately, you can put a single certificate in tlscertfile and
1028 use tlscafile for additional certificates needed to complete the
1029 chain, like a separate authority root certificate.
1030 More concretly, when using Let's Encrypt certificates, Certbot's
1032 files can be installed as follows:
1033 tlscapath: /etc/letsencrypt/live/news.server.com
1035 tlscertfile: /etc/letsencrypt/live/news.server.com/fullchain.pem
1036 tlskeyfile: /etc/letsencrypt/live/news.server.com/privkey.pem
1037 or:
1039 tlscapath: /etc/letsencrypt/live/news.server.com
1041 tlscafile: /etc/letsencrypt/live/news.server.com/chain.pem
1042 tlscertfile: /etc/letsencrypt/live/news.server.com/cert.pem
1043 tlskeyfile: /etc/letsencrypt/live/news.server.com/privkey.pem
1044 Make sure that the permission rights are properly set so that the
1046 news user or the news group can read these directories and files
1047 (typically, he should access /etc/letsencrypt/live/news.server.com
1048 and /etc/letsencrypt/archive/news.server.com where the real keys
1049 are located, and the private key should not be world-readable).
1050 tlskeyfile
1052 The path to a file containing the encryption key for the server
1053 certificate named in tlscertfile. This may be the same as
1054 tlscertfile if, when you created the certificate, you put the key
1055 in the same file (if, for example, you gave the same file name to
1056 both the -out and -keyout options to "openssl req"). This
1057 parameter is only used if nnrpd is built with TLS/SSL support. The
1058 default value is pathetc/key.pem.
1059 This file must only be readable by the news user or nnrpd will
1061 refuse to use it.
1062 Finally, here are the parameters that can be used to tighten the level
1064 of security provided by TLS/SSL in case new attacks exploitable in NNTP
1065 on the TLS protocol or some supported cipher suite are discovered:
1066 tlsciphers
1068 The string describing the cipher suites OpenSSL will support for
1069 TLS 1.2 and below. See OpenSSL's ciphers(1) command documentation
1070 for details. The default is unset, which uses OpenSSL's default
1071 cipher suite list.
1072 tlsciphers13
1074 The string describing the cipher suites OpenSSL will support for
1075 TLS 1.3. See OpenSSL's ciphers(1) command documentation for
1076 details. The default is unset, which uses OpenSSL's default cipher
1077 suite list.
1078 Note that a separate cipher suite configuration parameter is needed
1080 for TLS 1.3 because TLS 1.3 cipher suites are not compatible with
1081 TLS 1.2, and vice-versa. In order to avoid issues where legacy
1082 TLS 1.2 cipher suite configuration configured in the tlsciphers
1083 parameter would inadvertently disable all TLS 1.3 cipher suites,
1084 the inn.conf configuration has been separated out.
1085 tlscompression
1087 Whether to enable or disable TLS/SSL-level compression support, if
1088 the negotiated protocol supports it (notably, TLS 1.3 no longer
1089 supports it). This is a boolean and the default is false, that is
1090 to say compression is disabled, so as to follow the best current
1091 practices for a secure use of TLS in application protocols (see
1092 RFC 8143 for NNTP).
1093 Note that enabling TLS/SSL-level compression will be possible only
1095 if the OpenSSL library INN has been built with, supports that
1096 feature.
1097 tlseccurve
1099 The name of the elliptic curve to use for ephemeral key exchanges.
1100 To see the list of curves supported by OpenSSL, use "openssl
1101 ecparam -list_curves".
1102 The default is unset, which means an appropriate curve is auto-
1104 selected (if your OpenSSL version is at least 1.0.2) or the NIST
1105 P-256 curve is used.
1106 This option is only effective if your OpenSSL version has ECDH
1108 support.
1109 tlspreferserverciphers
1111 Whether to let the client or the server decide the preferred cipher
1112 suite, signature algorithm or elliptic curve to use for an incoming
1113 connection. This is a boolean and the default is true, that is to
1114 say the server will choose following its own preferences.
1115 tlsprotocols
1117 The list of TLS/SSL protocol versions to support. Valid protocols
1118 are SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. The default
1119 value is to only allow secure TLS protocols:
1120 tlsprotocols: [ TLSv1.2 TLSv1.3 ]
1122 Note that the listed protocols will be enabled only if the OpenSSL
1124 library INN has been built with, supports them. In case OpenSSL
1125 supports protocols more recent than TLSv1.3, they will be
1126 automatically enabled (which anyway is fine regarding security, as
1127 newer protocols are supposed to be more secure).
1128 "SSLv2" was formally deprecated by RFC 6176 in 2011, "SSLv3" by
1130 RFC 7568 in 2015, "TLSv1.0" and "TLSv1.1" by RFC 8996 in 2021.
1131 Monitoring
1133 These parameters control the behavior of innwatch(8), the program that
1134 monitors INN and informs the news administrator if anything goes wrong
1135 with it.
1136 doinnwatch
1138 Whether to start innwatch(8) from rc.news. This is a boolean
1139 value, and the default is true.
1140 innwatchbatchspace
1142 Free space in pathoutgoing, in inndf(8) output units (normally
1143 kilobytes), at which innd(8) will be throttled by innwatch(8),
1144 assuming a default innwatch.ctl. The default value is 4000.
1145 innwatchlibspace
1147 Free space in pathdb, in inndf(8) output units (normally
1148 kilobytes), at which innd(8) will be throttled by innwatch(8),
1149 assuming a default innwatch.ctl. The default value is 25000.
1150 innwatchloload
1152 Load average times 100 at which innd(8) will be restarted by
1153 innwatch(8) (undoing a previous pause or throttle), assuming a
1154 default innwatch.ctl. The default value is 1000 (that is, a load
1155 average of 10.00).
1156 innwatchhiload
1158 Load average times 100 at which innd(8) will be throttled by
1159 innwatch(8), assuming a default innwatch.ctl. The default value is
1160 2000 (that is, a load average of 20.00).
1161 innwatchpauseload
1163 Load average times 100 at which innd(8) will be paused by
1164 innwatch(8), assuming a default innwatch.ctl. The default value is
1165 1500 (that is, a load average of 15.00).
1166 innwatchsleeptime
1168 How long (in seconds) innwatch(8) will sleep between each check of
1169 INN. The default value is 600.
1170 innwatchspoolnodes
1172 Free inodes in patharticles at which innd(8) will be throttled by
1173 innwatch(8), assuming a default innwatch.ctl. The default value is
1174 200.
1175 innwatchspoolspace
1177 Free space in patharticles and pathoverview, in inndf(8) output
1178 units (normally kilobytes), at which innd(8) will be throttled by
1179 innwatch(8), assuming a default innwatch.ctl. The default value is
1180 25000.
1181 Logging
1183 These parameters control what information INN logs.
1184 docnfsstat
1186 Whether to start cnfsstat(8) when innd(8) is started. cnfsstat
1187 will log the status of all CNFS cycbuffs to syslog on a periodic
1188 basis (frequency is the default for "cnfsstat -l", currently 600
1189 seconds). This is a boolean value and the default is false.
1190 htmlstatus
1192 Whether innd should write the status report as HTML file or in
1193 plain text. The HTML status file goes to pathhttp/inn_status.html,
1194 while the plain text status file is written to pathlog/inn.status.
1195 This is a boolean value and the default is true (an HTML status
1196 file is written). Also see the status parameter.
1197 incominglogfrequency
1199 How many articles to process on an incoming channel before logging
1200 the activity. The default value is 200.
1201 logartsize
1203 Whether the size of accepted articles (in bytes) should be written
1204 to the article log file. This is useful for flow rate statistics
1205 and is recommended. This is a boolean value and the default is
1206 true.
1207 logcancelcomm
1209 Set this to true to log "ctlinnd cancel" commands to syslog. This
1210 is a boolean value and the default is false.
1211 logcycles
1213 How many old logs scanlogs(8) keeps. scanlogs(8) is generally run
1214 by news.daily(8) and will archive compressed copies of this many
1215 days worth of old logs. The default value is 3.
1216 logipaddr
1218 Whether the verified name of the remote feeding host should be
1219 logged to the article log for incoming articles rather than the
1220 last entry in the Path: header. The only reason to ever set this
1221 to false is due to some interactions with newsfeeds flags; see
1222 newsfeeds(5) for more information. This is a boolean value and the
1223 default is true.
1224 logsitename
1226 Whether the names of the sites to which accepted articles will be
1227 sent should be put into the article log file. This is useful for
1228 debugging and statistics. This is a boolean value and the default
1229 is true.
1230 logstatus
1232 Whether innd should write a shortened version of its status report
1233 to syslog every status seconds. This is a boolean value and the
1234 default is true. If set to true, see the status parameter for more
1235 details on how to enable status reporting.
1236 logtrash
1238 Whether innd should add a line in the news log file to report
1239 unwanted newsgroups (that is to say newsgroups not locally carried
1240 by the news server). This is a boolean value and the default is
1241 true. It may be useful to set it to false when wanttrash is set to
1242 true.
1243 nnrpdoverstats
1245 Whether nnrpd overview statistics should be logged via syslog.
1246 This can be useful for measuring overview performance. This is a
1247 boolean value and the default is true.
1248 nntplinklog
1250 Whether to put the storage API token for accepted articles (used by
1251 nntplink) in the article log. This is a boolean value and the
1252 default is false.
1253 stathist
1255 Where to write history statistics for analysis with
1256 contrib/stathist.pl; this can be modified with ctlinnd(8) while
1257 innd is running. Logging does not occur unless a path is given,
1258 and there is no default value.
1259 status
1261 How frequently (in seconds) innd(8) should write out a status
1262 report. The report is written to pathhttp/inn_status.html or
1263 pathlog/inn.status depending on the value of htmlstatus. If this
1264 is set to 0 or "false", status reporting is disabled. The default
1265 value is 600 (that is to say reports are written every 10 minutes).
1266 timer
1268 How frequently (in seconds) innd(8) should report performance
1269 timings to syslog. If this is set to 0, performance timing is
1270 disabled. Enabling this is highly recommended, and innreport(8)
1271 can produce a nice summary of the timings. If set to 0,
1272 performance timings in nnrpd(8) are also disabled, although nnrpd
1273 always reports statistics on exit and therefore any non-zero value
1274 is equivalent for it. The default value is 600 (that is to say
1275 performance timings are reported every 10 minutes).
1276 System Tuning
1278 The following parameters can be modified to tune the low-level
1279 operation of INN. In general, you shouldn't need to modify any of them
1280 except possibly rlimitnofile unless the server is having difficulty.
1281 badiocount
1283 How many read or write failures until a channel is put to sleep or
1284 closed. The default value is 5.
1285 blockbackoff
1287 Each time an attempted write returns EAGAIN or EWOULDBLOCK, innd(8)
1288 will wait for an increasing number of seconds before trying it
1289 again. This is the multiplier for the sleep time. If you're
1290 having trouble with channel feeds not keeping up, it may be good to
1291 change this value to 2 or 3, since then when the channel fills INN
1292 will try again in a couple of seconds rather than waiting two
1293 minutes. The default value is 120.
1294 chaninacttime
1296 The time (in seconds) to wait between noticing inactive channels.
1297 The default value is 600.
1298 chanretrytime
1300 How many seconds to wait before a channel restarts. The default
1301 value is 300.
1302 datamovethreshold
1304 The threshold for deciding whether to move already-read data to the
1305 top of buffer or extend the buffer. The buffer described here is
1306 used for reading NNTP data. Increasing this value may improve
1307 performance, but it should not be increased on Systems with
1308 insufficient memory. Permitted values are between 0 and 1048576
1309 (out of range values are treated as 1048576) and the default value
1310 is 16384.
1311 icdsynccount
1313 How many article writes between updating the active and history
1314 files. The default value is 10.
1315 keepmmappedthreshold
1317 When using buffindexed, retrieving overview data (that is,
1318 responding to OVER or running expireover) causes mmapping of all
1319 overview data blocks which include requested overview data for
1320 newsgroup. But for high volume newsgroups like control.cancel,
1321 this may cause too much mmapping at once leading to system resource
1322 problems. To avoid this, if the amount to be mmapped exceeds
1323 keepmmappedthreshold (in KB), buffindexed mmap's just one overview
1324 block (8 KB). This parameter is specific to buffindexed overview
1325 storage method. The default value is 1024 (1 MB).
1326 maxcmdreadsize
1328 If set to anything other than 0, maximum buffer size (in bytes) for
1329 reading NNTP command will have this value. It should not be large
1330 on systems which are slow to process and store articles, as that
1331 would lead to innd(8) spending a long time on each channel and
1332 keeping other channels waiting. The default value is BUFSIZ
1333 defined in stdio.h (1024 in most environments, see setbuf(3)).
1334 maxforks
1336 How many times to attempt a fork(2) before giving up. The default
1337 value is 10.
1338 maxlisten
1340 How many incoming connections can queue up in the listen backlog
1341 for innd, nnrpd and the "ovdb" overview storage method. The
1342 default value is 128 and should be raised in case you notice that
1343 some connection requests get dropped.
1344 nicekids
1346 If set to anything other than 0, all child processes of innd(8)
1347 will have this nice(2) value. This is usually used to give all
1348 child processes of innd(8) a lower priority (higher nice value) so
1349 that innd(8) can get the lion's share of the CPU when it needs it.
1350 The default value is 4.
1351 nicenewnews
1353 If set to anything greater than 0, all nnrpd(8) processes that
1354 receive and process a NEWNEWS command will nice(2) themselves to
1355 this value (giving other nnrpd processes a higher priority). The
1356 default value is 0. Note that this value will be ignored if set to
1357 a lower value than nicennrpd (or nicekids if nnrpd(8) is spawned
1358 from innd(8)).
1359 nicennrpd
1361 If set to anything greater than 0, all nnrpd(8) processes will
1362 nice(1) themselves to this value. This gives other news processes
1363 a higher priority and can help overchan(8) keep up with incoming
1364 news (if that's the object, be sure overchan(8) isn't also set to a
1365 lower priority via nicekids). The default value is 0, which will
1366 cause nnrpd(8) processes spawned from innd(8) to use the value of
1367 nicekids, while nnrpd(8) run as a daemon will use the system
1368 default priority. Note that for nnrpd(8) processes spawned from
1369 innd(8), this value will be ignored if set to a value lower than
1370 nicekids.
1371 pauseretrytime
1373 Wait for this many seconds before noticing inactive channels. Wait
1374 for this many seconds before innd processes articles when it's
1375 paused or the number of channel write failures exceeds badiocount.
1376 The default value is 300.
1377 peertimeout
1379 How long (in seconds) an innd(8) incoming channel may be inactive
1380 before innd closes it. The default value is 3600 (an hour).
1381 rlimitnofile
1383 The maximum number of file descriptors that innd(8) or innfeed(8)
1384 can have open at once. If innd(8) or innfeed(8) attempts to open
1385 more file descriptors than this value, it is possible the program
1386 may throttle or otherwise suffer reduced functionality. The number
1387 of open file descriptors is roughly the maximum number of incoming
1388 feeds and outgoing batches for innd(8) and the number of outgoing
1389 streams for innfeed(8). If this parameter is set to a negative
1390 value, the default limit of the operating system will be used; this
1391 will normally be adequate on systems other than Solaris. Nearly
1392 all operating systems have some hard maximum limit beyond which
1393 this value cannot be raised, usually either 128, 256, or 1024. The
1394 default value of this parameter is "-1". Setting it to 256 on
1395 Solaris systems is highly recommended.
1396 Paths Names
1398 patharchive
1399 Where to store archived news. The default value is
1400 pathspool/archive.
1401 patharticles
1403 The path to where the news articles are stored (for storage methods
1404 other than CNFS). The default value is pathspool/articles.
1405 pathbin
1407 The path to the news binaries. The default value is pathnews/bin.
1408 pathcontrol
1410 The path to the files that handle control messages. The code for
1411 handling each separate type of control message is located here. Be
1412 very careful what you put in this directory with a name ending in
1413 ".pl", as it can potentially be a severe security risk. The
1414 default value is pathbin/control.
1415 pathdb
1417 The path to the database files used and updated by the server
1418 (currently, active, active.times, history and its indices, and
1419 newsgroups). The default value is pathnews/db.
1420 pathetc
1422 The path to the news configuration files. The default value is
1423 pathnews/etc.
1424 pathfilter
1426 The path to the Perl and Python filters. The default value is
1427 pathbin/filter.
1428 pathhttp
1430 Where any HTML files (such as periodic status reports) are placed.
1431 If the news reports should be available in real-time on the web,
1432 the files in this directory should be served by a web server. The
1433 default value is the value of pathnews/http.
1434 pathincoming
1436 Location where incoming batched news is stored. The default value
1437 is pathspool/incoming.
1438 pathlog
1440 Where the news log files are written. The default value is
1441 pathnews/log.
1442 pathnews
1444 The home directory of the news user and usually the root of the
1445 news hierarchy. There is no default; this parameter must be set in
1446 inn.conf or INN will refuse to start.
1447 pathoutgoing
1449 Default location for outgoing feed files. The default value is
1450 pathspool/outgoing.
1451 pathoverview
1453 The path to news overview files. The default value is
1454 pathspool/overview.
1455 pathrun
1457 The path to files required while the server is running and run-time
1458 state information. This includes lock files and the sockets for
1459 communicating with innd(8). This directory and the control sockets
1460 in it should be protected from unprivileged users other than the
1461 news user. The default value is pathnews/run.
1462 pathspool
1464 The root of the news spool hierarchy. This used mostly to set the
1465 defaults for other parameters, and to determine the path to the
1466 backlog directory for innfeed(8). The default value is
1467 pathnews/spool.
1468 pathtmp
1470 Where INN puts temporary files. For security reasons, this is not
1471 the same as the system temporary files directory (INN creates a lot
1472 of temporary files with predictable names and does not go to
1473 particularly great lengths to protect against symlink attacks and
1474 the like; this is safe provided that normal users can't write into
1475 its temporary directory). The default value is set at configure
1476 time and defaults to pathnews/tmp.
1477
1479 Here is a very minimalist example that only sets those parameters that
1480 are required.
1481 mta: "/usr/lib/sendmail -oi -oem %s"
1483 ovmethod: tradindexed
1484 pathhost: news.example.com
1485 pathnews: /usr/local/news
1486 hismethod: hisv6
1487 For a more comprehensive example, see the sample inn.conf distributed
1489 with INN and installed as a starting point; it contains all of the
1490 default values for reference.
1491
1493 Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews and since
1494 modified, updated, and reorganized by innumerable other people.
1495
1497 inews(1), innd(8), innwatch(8), libinn_dbz(3), libinn_uwildmat(3),
1498 makehistory(8), nnrpd(8), rnews(1).
1499 Nearly every program in INN uses this file to one degree or another.
1501 The above are just the major and most frequently mentioned ones.
1502INN 2.6.5 2022-02-18 INN.CONF(5)