1INN.CONF(5) InterNetNews Documentation INN.CONF(5)
2
3
4
6 inn.conf - Configuration data for InterNetNews programs
7
9 inn.conf in pathetc is the primary general configuration file for all
10 InterNetNews programs. Settings which control the general operation of
11 various programs, as well as the paths to all portions of the news
12 installation, are found here. The INNCONF environment variable, if
13 set, specifies an alternate path to inn.conf.
14
15 This file is intended to be fairly static. Any changes made to it will
16 generally not affect any running programs until they restart. Unlike
17 nearly every other configuration file, inn.conf cannot be reloaded
18 dynamically using ctlinnd(8); innd(8) must be stopped and restarted for
19 relevant changes to inn.conf to take effect ("ctlinnd xexec innd" is
20 the fastest way to do this.)
21
22 Blank lines and lines starting with a number sign ("#") are ignored.
23 All other lines specify parameters, and should be of the following
24 form:
25
26 <name>: <value>
27
28 (Any amount of whitespace can be put after the colon and is optional.)
29 If the value contains embedded whitespace or any of the characters
30 "[]<>{}"\:;", it must be enclosed in double quotes (""). A backslash
31 ("\") can be used to escape quotes and backslashes inside double
32 quotes. <name> is case-sensitive; "server" is not the same as "Server"
33 or "SERVER". (inn.conf parameters are generally all in lowercase.)
34
35 If <name> occurs more than once in the file, the first value is used.
36 Some parameters specified in the file may be overridden by environment
37 variables. Most parameters have default values if not specified in
38 inn.conf; those defaults are noted in the description of each
39 parameter.
40
41 Many parameters take a boolean value. For all such parameters, the
42 value may be specified as "true", "yes", or "on" to turn it on and may
43 be any of "false", "no", or "off" to turn it off. The case of these
44 values is significant.
45
46 This documentation is extremely long and organized as a reference
47 manual rather than as a tutorial. If this is your first exposure to
48 INN and these parameters, it would be better to start by reading other
49 man pages and referring to this one only when an inn.conf parameter is
50 explicitly mentioned. Those parameters which need to be changed when
51 setting up a new server are discussed in INSTALL.
52
54 General Settings
55 These parameters are used by a wide variety of different components of
56 INN.
57
58 domain
59 This should be the domain name of the local host. It should not
60 have a leading period, and it should not be a full host address.
61 It is used only if the inn_getfqdn() routine in libinn(3) cannot
62 get the fully qualified domain name by using either the
63 gethostname(3) or getaddrinfo(3) calls. The check is very simple;
64 if either routine returns a name with a period in it, then it is
65 assumed to have the full domain name. As this parameter is rarely
66 used, do not use it to affect the righthand side of autogenerated
67 Message-IDs; see instead virtualhost and domain in readers.conf(5).
68 The default value is unset.
69
70 innflags
71 The flags to pass to innd on startup. See innd(8) for details on
72 the possible flags. The default value is unset.
73
74 Note that these flags are only used when innd is started from
75 rc.news or nntpsend.
76
77 mailcmd
78 The path to the program to be used for mailing reports and control
79 messages. The default is pathbin/innmail. This should not
80 normally need to be changed.
81
82 mta The command to use when mailing postings to moderators and for the
83 use of innmail(1). The message, with headers and an added To
84 header field, will be piped into this program. The string %s, if
85 present, will be replaced by the e-mail address of the moderator.
86 It's strongly recommended for this command to include %s on the
87 command line rather than use the addresses in the To and Cc header
88 fields of the message, since the latter approach allows the news
89 server to be abused as a mechanism to send mail to arbitrary
90 addresses and will result in unexpected behavior. There is no
91 default value for this parameter; it must be set in inn.conf or a
92 fatal error message will be logged via syslog.
93
94 For most systems, "/usr/lib/sendmail -oi -oem %s" (adjusted for the
95 correct path to sendmail, and between double quotes) is a good
96 choice.
97
98 pathhost
99 What to put into the Path header field to represent the local site.
100 This is added to the Path header field body of all articles that
101 pass through the system, including locally posted articles, and is
102 also used when processing some control messages and when naming the
103 server in status reports. There is no default value; this
104 parameter must be set in inn.conf or INN will not start. A good
105 value to use is the fully qualified hostname of the system.
106
107 runasgroup
108 The group under which the news server will run. The default is
109 "news" (or the group specified at configure time) and should not
110 normally need to be changed.
111
112 runasuser
113 The user under which the news server will run. The default is
114 "news" (or the user specified at configure time) and should not
115 normally need to be changed.
116
117 server
118 The name of the default NNTP server. If nnrpdposthost is not set
119 and UNIX domain sockets are not supported, nnrpd(8) tries to hand
120 off locally-posted articles through an INET domain socket to this
121 server. actsync(8), nntpget(1), and getlist(1) also use this value
122 as the default server to connect to. In the latter cases, the
123 value of the NNTPSERVER environment variable, if it exists,
124 overrides this. The default value is unset.
125
126 syntaxchecks
127 A list of values controlling the level of checks performed by innd
128 and nnrpd. For instance:
129
130 syntaxchecks: [ no-laxmid ]
131
132 The last occurrence of a given value takes precedence, that is to
133 say if "no-laxmid laxmid" is listed, laxmid takes precedence.
134
135 Only one check can currently be enabled/disabled:
136
137 laxmid / no-laxmid
138 When laxmid is set, Message-IDs containing ".." in the left
139 part are accepted, as well as Message-IDs with two "@". Some
140 non-compliant news posters generate such syntactically invalid
141 Message-IDs, especially in binary newsgroups. The default is
142 no-laxmid, that is to say INN strictly follows the standard
143 regarding syntax checks (it will neither accept these articles
144 nor propagate them to remote peers).
145
146 Feed Configuration
147 These parameters govern incoming and outgoing feeds: what size of
148 articles are accepted, what filtering and verification is performed on
149 them, whether articles in groups not carried by the server are still
150 stored and propagated, and other similar settings.
151
152 artcutoff
153 Articles older than this number of days are dropped. The default
154 value is 10, which means that an incoming article will be rejected
155 if its posting date is farther in the past than ten days.
156
157 In order to disable that check on date, you can set this parameter
158 to 0.
159
160 The number on the "/remember/" line in expire.ctl should probably
161 be one more than that number in order to take into account articles
162 whose posting date is one day into the future.
163
164 bindaddress
165 Which IP address innd(8) should bind itself to. This must be in
166 dotted-quad format (nnn.nnn.nnn.nnn). If set to "all" or not set,
167 innd defaults to listening on all interfaces. The value of the
168 INND_BIND_ADDRESS environment variable, if set, overrides this
169 setting. The default value is unset.
170
171 This parameter has no effect when systemd socket activation is
172 used.
173
174 bindaddress6
175 Like bindaddress but for IPv6 sockets. If only one of the
176 bindaddress and bindaddress6 parameters is used, then only the
177 socket for the corresponding address family is created. If both
178 parameters are used then two sockets are created. If neither of
179 them is used, the list of sockets to listen on will be determined
180 by the system library getaddrinfo(3) function. The value of the
181 INND_BIND_ADDRESS6, if set, overrides this setting. The default
182 value is unset.
183
184 Note that you will generally need to put double quotes ("") around
185 this value if you set it, since IPv6 addresses contain colons.
186
187 This parameter has no effect when systemd socket activation is
188 used.
189
190 docancels
191 This parameter is intended for sites concerned about abuse of
192 cancels, or that wish to enforce a mechanism to authenticate
193 cancels. This parameter does not change how NoCeM notices are
194 processed by perl-nocem(8), and only applies to cancel articles
195 (with a Control header field) and supersede requests (with a
196 Supersedes header field).
197
198 Unless rejected by the use of a filter hook, innd always accepts
199 and propagates cancel articles and supersede requests. However,
200 actually processing such articles on the local news server depends
201 on this parameter which can take the following values:
202
203 "require-auth"
204 Only articles originally protected by the Cancel-Lock
205 authentication mechanism can be withdrawn by a valid
206 authenticated cancel article or a valid authenticated supersede
207 request. Withdrawals of articles not originally protected by
208 Cancel-Lock will not be executed.
209
210 This is the default value if innd knows how to authenticate
211 cancels (that is to say if INN was built with Cancel-Lock
212 support). Otherwise, the behaviour will be the same as "none".
213
214 "auth"
215 Withdrawals of articles not originally protected by the Cancel-
216 Lock authentication mechanism will always be executed.
217 However, if the original article is protected, only a valid
218 authenticated cancel article or a valid authenticated supersede
219 request will permit withdrawing it. (If INN was not built with
220 Cancel-Lock support, such protected articles won't be
221 withdrawn.)
222
223 "none"
224 Neither cancel articles nor supersede requests will be
225 processed; no articles will be withdrawn.
226
227 This is the default value if innd does not know how to
228 authenticate cancels (that is to say if INN was not built with
229 Cancel-Lock support) as it has no means to ensure that these
230 withdrawal requests are legitimate.
231
232 "all"
233 innd will process all cancel articles and supersede requests,
234 even if unauthenticated, forged or with bad authentication.
235 You should be sure of what you are doing if you choose that
236 value as any article can be withdrawn (even by someone who is
237 not the author of the article).
238
239 dontrejectfiltered
240 Normally innd(8) rejects incoming articles when directed to do so
241 by any enabled article filters (Perl or Python). However, this
242 parameter causes such articles not to be rejected; instead
243 filtering can be applied on outbound articles. If this parameter
244 is set, all articles will be accepted on the local machine, but
245 articles rejected by the filter will not be fed to any peers
246 specified in newsfeeds with the "Af" flag. The default value is
247 false.
248
249 hiscachesize
250 If set to a value other than 0, a hash of recently received
251 Message-IDs is kept in memory to speed history lookups. The value
252 is the amount of memory to devote to the cache in kilobytes. The
253 cache is only used for incoming feeds and a small cache can hold
254 quite a few Message-IDs, so large values aren't necessarily useful
255 unless you have incoming feeds that are badly delayed. innreport
256 can provide useful statistics regarding the use of the history
257 cache, especially when it misses. A good value for a system with
258 more than one incoming feed is 256; systems with only one incoming
259 feed should probably set this to 0. The default value is 256.
260
261 ignorenewsgroups
262 Whether newsgroup creation control messages (newgroup and rmgroup)
263 should be fed as if they were posted to the newsgroup they are
264 creating or deleting rather than to the newsgroups listed in the
265 Newsgroups header field. If this parameter is set, the newsgroup
266 affected by the control message will be extracted from the Control
267 header field and the article will be fed as if its Newsgroups
268 header field contained solely that newsgroup. This is useful for
269 routing control messages to peers when they are posted to
270 irrelevant newsgroups that shouldn't be matched against the peer's
271 desired newsgroups in newsfeeds. This is a boolean value and the
272 default is false.
273
274 immediatecancel
275 When using the timecaf storage method, article cancels are normally
276 just cached to be cancelled, not cancelled immediately. If this is
277 set to true, they will instead by cancelled as soon as the cancel
278 is processed. This is a boolean value and the default is false.
279
280 This setting is ignored unless the timecaf storage method is used.
281
282 linecountfuzz
283 If set to something other than 0, the line count of the article is
284 checked against the Lines header field body of the article (if
285 present) and the article is rejected if the values differ by more
286 than this amount. A reasonable setting is 5, which is the standard
287 maximum signature length plus one (some injection software
288 calculates the Lines header field before adding the signature).
289 The default value is 0, which tells INN not to check the Lines
290 header field of incoming articles.
291
292 maxartsize
293 The maximum size of article (headers and body) that will be
294 accepted by the server, in bytes. A value of 0 allows any size of
295 article, but note that innd will crash if system memory is
296 exceeded. The default value is 1000000 (approximately 1 MB). This
297 is checked against the article in wire format (CRLF at the end of
298 each line, leading periods protected, and with the trailing
299 "\r\n.\r\n" at the end). See also localmaxartsize.
300
301 maxconnections
302 The maximum number of incoming NNTP connections innd(8) will
303 accept. The default value is 50.
304
305 pathalias
306 If set, this value is prepended to the Path header field body of
307 accepted posts (before pathhost) if it doesn't already appear in
308 the Path header field. The main purpose of this parameter is to
309 configure all news servers within a particular organization to add
310 a common identity string to the Path header field body. The
311 default value is unset.
312
313 pathcluster
314 If set, this value is appended to the Path header field body of
315 accepted posts (after pathhost) if it isn't already present as the
316 last element of the Path header field body. The main purpose of
317 this parameter is to make several news servers appear as one
318 server. The default value is unset.
319
320 Note that the Path header field body reads right to left, so
321 appended means inserted at the leftmost side of the Path header
322 field body.
323
324 pgpverify
325 Whether to enable PGP verification of control messages other than
326 cancel. This is a boolean value and the default in the inn.conf
327 sample file is based on whether configure found pgp, pgpv, pgpgpg,
328 gpgv, gpgv1, gpgv2, gpg, gpg1 or gpg2. Note that if the parameter
329 is not present in the configuration file, it defaults to false.
330
331 port
332 What TCP port innd(8) should listen on. The default value is 119,
333 the standard NNTP port.
334
335 remembertrash
336 By default, innd(8) records rejected articles in history so that,
337 if offered the same article again, it can be refused before it is
338 sent. If you wish to disable this behavior, set this to false.
339 This can cause a substantial increase in the amount of bandwidth
340 consumed by incoming news if you have several peers and reject a
341 lot of articles, so be careful with it. Even if this is set to
342 true, INN won't log some rejected articles to history if there's
343 reason to believe the article might be accepted if offered by a
344 different peer, so there is usually no reason to set this to false
345 (although doing so can decrease the size of the history file).
346 This is a boolean value and the default is true.
347
348 sourceaddress
349 Which local IP address to bind to for outgoing NNTP sockets (used
350 by innxmit(8) among other programs, as well as innfeed(8) as long
351 as not overridden by bindaddress in innfeed.conf(5)). This must be
352 in dotted-quad format (nnn.nnn.nnn.nnn). If set to "all", the
353 operating system will choose the source IP address for outgoing
354 connections. The default value is unset.
355
356 sourceaddress6
357 Like sourceaddress but for IPv6 sockets. Note that you will
358 generally need to put double quotes ("") around this value if you
359 set it, since IPv6 addresses contain colons.
360
361 verifygroups
362 Set this to true to reject incoming articles which contain an
363 unknown newsgroup in the whole list of newsgroups to which they are
364 posted. In case wanttrash is set to true, such articles will still
365 be rejected. This is a boolean value, and the default is false.
366
367 wanttrash
368 Set this to true if you want to file articles posted to unknown
369 newsgroups (newsgroups not in the active file) into the "junk"
370 newsgroup rather than rejecting them. This is sometimes useful for
371 a transit news server that needs to propagate articles (according
372 to the setting of "Aj" in the newsfeeds feed pattern) in all
373 newsgroups regardless if they're carried locally. This is a
374 boolean value and the default is false.
375
376 The logtrash parameter specifies whether such articles should be
377 logged as posted to unwanted newsgroups in the news log file.
378
379 wipcheck
380 If INN is offered an article by a peer on one channel, it will
381 return deferral responses (code 436) to all other offers of that
382 article for this many seconds. (After this long, if the peer that
383 offered the article still hasn't sent it, it will be accepted from
384 other channels.) The default value is 5 and probably doesn't need
385 to be changed.
386
387 wipexpire
388 How long, in seconds, to keep track of message IDs offered on a
389 channel before expiring articles that still haven't been sent. The
390 default value is 10 and probably doesn't need to be changed.
391
392 History Settings
393 The following parameter affect the history database.
394
395 hismethod
396 Which history storage method to use. The only currently supported
397 value is "hisv6". There is no default value; this parameter must
398 be set.
399
400 "hisv6"
401 Stores history data in the INN history v6 format: history(5)
402 text file and a number of dbz database files; this may be in
403 true history v6 format, or tagged hash format, depending on the
404 build options. Separation of these two is a project which has
405 not yet been undertaken.
406
407 Article Storage
408 These parameters affect how articles are stored on disk.
409
410 cnfscheckfudgesize
411 If set to a value other than 0, the claimed size of articles in
412 CNFS cycbuffs is checked against maxartsize plus this value, and if
413 larger, the CNFS cycbuff is considered corrupt. This can be useful
414 as a sanity check after a system crash, but be careful using this
415 parameter if you have changed maxartsize recently. The default
416 value is 0.
417
418 enableoverview
419 Whether to write out overview data for articles. If set to false,
420 INN will run much faster, but reading news from the system will be
421 impossible (the server will be for news transit only). If this
422 option is set to true, ovmethod must also be set. This is a
423 boolean value and the default is true.
424
425 extraoverviewadvertised
426 Besides the seven standard overview fields (which are in order
427 "Subject", "From", "Date", "Message-ID", "References", ":bytes" and
428 ":lines") and the eighth "Xref:full" field required by INN in order
429 to handle crossposts, it is possible to add other fields in the
430 overview database. This parameter expects a list of such header
431 field names. Overview data for these additional header fields will
432 be generated for each new article at the time of arrival. For
433 instance, if you specify:
434
435 extraoverviewadvertised: [ Path Injection-Info ]
436
437 it implies that nnrpd will advertise "Path:full" and
438 "Injection-Info:full" as the ninth and tenth fields in response to
439 LIST OVERVIEW.FMT and that these two header field bodies will be
440 stored in the overview database for each new article.
441
442 The default value is an empty list (no additional fields are
443 stored). Owing to optimizations when innd parses the articles it
444 receives, it is possible that all the values in the list are not
445 recognized by innd as standard header field names. In such cases,
446 innd will log an error in news.err at startup and the unrecognized
447 fields will be discarded.
448
449 You should advertise only fields for which the overview database is
450 consistent, that is to say it records the content or absence of
451 these fields for all articles, including those already existing in
452 the news spool. Consequently, if you decide to add or remove a
453 field from your overview database, you should either modify
454 extraoverviewadvertised and rebuild your overview database with
455 makehistory(8) after removing all existing overview files, or
456 implement a transition period by first using extraoverviewhidden as
457 described below.
458
459 Use of a transition period can accommodate most overview
460 reconfigurations, but certain drastic changes may still require a
461 complete overview rebuild.
462
463 If for instance you want to store the content of the To header
464 field body in addition to the fields already stored above, you
465 should use:
466
467 extraoverviewadvertised: [ Path Injection-Info ]
468 extraoverviewhidden: [ To ]
469
470 This way, "To:full" will not be advertised by nnrpd but will be
471 stored for each new article. Once you know that all articles in
472 your overview database record the content or absence of that new
473 field (if expire.ctl(5) is parametered so that all your articles
474 expire within 30 days, you can assume the database is in such a
475 state after 30 days -- however, note that time to expiration can be
476 unpredictable with CNFS and you then have to use "cnfsstat -a" for
477 checking on when buffers have rolled over), you should put:
478
479 extraoverviewadvertised: [ Path Injection-Info To ]
480 extraoverviewhidden: [ ]
481
482 The "To" value must be added at the end of the list because order
483 matters and fields mentioned in extraoverviewhidden are generated
484 after those mentioned in extraoverviewadvertised. nnrpd will now
485 advertise "To:full" in response to the LIST OVERVIEW.FMT command
486 ("full" indicates that the header field name appears followed by
487 its value).
488
489 Now suppose you want to remove the content of the Injection-Info
490 header field from the overview. As order matters, the overview
491 database will no longer be consistent for the To header field.
492 Therefore, you need to specify:
493
494 extraoverviewadvertised: [ Path ]
495 extraoverviewhidden: [ To ]
496
497 And once overview data is accurate for all articles, you should
498 use:
499
500 extraoverviewadvertised: [ Path To ]
501 extraoverviewhidden: [ ]
502
503 Note that you have to restart nnrpd if it runs as a daemon whenever
504 you change the value of extraoverviewadvertised; a mere "ctlinnd
505 xexec innd" is not enough.
506
507 extraoverviewhidden
508 This parameter should be used in conjunction with
509 extraoverviewadvertised (see above for more details). It expects a
510 list of header field names. Overview data for these header fields
511 will be generated for each new article at the time of arrival but,
512 contrary to the fields mentioned in extraoverviewadvertised, nnrpd
513 will not advertise them in response to the LIST OVERVIEW.FMT
514 command. It also implies that nnrpd will not look in the overview
515 database for fields mentioned in extraoverviewhidden when it
516 handles HDR, XHDR and XPAT requests; nnrpd will have to parse the
517 headers of the requested articles in the news spool, which is
518 slower than directly querying the overview database.
519
520 The default value is an empty list (no additional fields are
521 stored). Owing to optimizations when innd parses the articles it
522 receives, it is possible that all the values in the list are not
523 recognized by innd as standard header field names. In such cases,
524 innd will log an error in news.err at startup and the unrecognized
525 fields will be discarded.
526
527 groupbaseexpiry
528 Whether to enable newsgroup-based expiry. If set to false, article
529 expiry is done based on storage class of storing method. If set to
530 true (and overview information is available), expiry is done by
531 newsgroup name. This affects the format of expire.ctl. This is a
532 boolean value and the default is true.
533
534 mergetogroups
535 Whether to file all postings to "to.*" groups in the
536 pseudonewsgroup "to". If this is set to true, the newsgroup "to"
537 must exist in the active file or INN will not start. (See the
538 discussion of "to." groups in innd(8) under CONTROL MESSAGES.)
539 This is a boolean value and the default is false.
540
541 nfswriter
542 For servers writing articles, determine whether the article spool
543 is on NFS storage. If set, INN attempts to flush articles to the
544 spool in a more timely manner, rather than relying on the operating
545 system to flush things such as the CNFS article bitmaps. You
546 should only set this parameter if you are attempting to use a
547 shared NFS spool on a machine acting as a single writer within a
548 cluster. This is a boolean value and the default is false.
549
550 overcachesize
551 How many cache slots to reserve for open overview files. If INN is
552 writing overview files (see enableoverview), ovmethod is set to
553 "tradindexed", and this is set to a value other than 0, INN will
554 keep around and open that many recently written-to overview files
555 in case more articles come in for those newsgroups. Every overview
556 cache slot consumes two file descriptors, so be careful not to set
557 this value too high. You may be able to use the "limit" command to
558 see how many open file descriptors your operating system allows.
559 innd(8) also uses an open file descriptor for each incoming feed
560 and outgoing channel or batch file, and if it runs out of open file
561 descriptors, it may throttle and stop accepting new news. The
562 default value is 128 (which is probably still too low if you have a
563 large number of file descriptors available).
564
565 This setting is ignored unless ovmethod is set to "tradindexed".
566
567 ovgrouppat
568 If set, restricts the overview data stored by INN to only the
569 newsgroups matching this comma-separated list of uwildmat
570 expressions. Newsgroups not matching this setting may not be
571 readable, and if groupbaseexpiry is set to true and the storage
572 method for these newsgroups does not have self-expire
573 functionality, storing overview data will fail. The default is
574 unset.
575
576 ovmethod
577 Which overview storage method to use. Currently supported values
578 are "buffindexed", "ovdb", "ovsqlite" and "tradindexed". There is
579 no default value; this parameter must be set if enableoverview is
580 true (the default).
581
582 "buffindexed"
583 It stores overview data and index information into
584 preconfigured large files like CNFS. Fast at writing, the
585 "buffindexed" overview storage method can keep up with a large
586 feed more easily and never consumes additional disk space
587 beyond that allocated to these buffers. The downside is that
588 these buffers are hard to recover in case of corruption and
589 somewhat slower for readers and the expiry process. See the
590 buffindexed.conf(5) man page for more details, and notably how
591 to create the buffers.
592
593 "ovdb"
594 It stores overview information into a Berkeley DB database,
595 whose development pace has stalled these last years. This
596 method is fast and very robust, but may require more disk
597 space, unless compression is enabled. Overview data is fetched
598 one article at a time, which makes this method a bit slower
599 than "ovsqlite" for readers. See the ovdb(5) man page for more
600 details.
601
602 "ovsqlite"
603 It stores overview information into an SQLite database, known
604 for its long-term stability and compatibility. Robust and
605 faster than "ovdb" at reading ranges of overview data (since
606 overview data is transferred in 128-kilobyte chunks between
607 ovsqlite-server and nnrpd) but somewhat slower at writing, this
608 method may require more disk space, unless compression is
609 enabled. See the ovsqlite(5) man page for more details.
610
611 "tradindexed"
612 It uses two files per newsgroup, one containing the overview
613 data and one containing the index. Fast for readers, but slow
614 to write to because it has to update two files for each
615 incoming article. Its main advantage is to be the best tested,
616 the most reliable and the method with the best recovery tools.
617
618 storeonxref
619 If set to true, articles will be stored based on the newsgroup
620 names in the Xref header field body rather than in the Newsgroups
621 header field body. This affects what the patterns in storage.conf
622 apply to. The primary interesting effect of setting this to true
623 is to enable filing of all control messages according to what
624 storage class the control pseudogroups are filed in rather than
625 according to the newsgroups the control messages are posted to.
626 This is a boolean value and the default is true.
627
628 If the tradspool article storage method is used, storeonxref must
629 be true.
630
631 useoverchan
632 Whether to innd(8) should create overview data internally through
633 libinnstorage(3). If set to false, innd creates overview data by
634 itself. If set to true, innd does not create; instead overview
635 data must be created by overchan(8) from an appropriate entry in
636 newsfeeds. Setting to true may be useful, if innd cannot keep up
637 with incoming feed and the bottleneck is creation of overview data
638 within innd. This is a boolean value and the default is false.
639
640 wireformat
641 Only used with the tradspool storage method, this says whether to
642 write articles in wire format. Wire format means storing articles
643 with "\r\n" at the end of each line and with periods at the
644 beginning of lines doubled, the article format required by the NNTP
645 protocol. Articles stored in this format are suitable for sending
646 directly to a network connection without requiring conversion, and
647 therefore setting this to true can make the server more efficient.
648 The primary reason not to set this is if you have old existing
649 software that looks around in the spool and doesn't understand how
650 to read wire format. Storage methods other than tradspool always
651 store articles in wire format. This is a boolean value and the
652 default is true.
653
654 xrefslave
655 Whether to act as the slave of another server. If set, INN
656 attempts to duplicate exactly the article numbering of the server
657 feeding it by looking at the Xref header field body of incoming
658 articles and assigning the same article numbers to articles as was
659 noted in the Xref header field body from the upstream server. The
660 result is that clients should be able to point at either server
661 interchangeably (using some load balancing scheme, for example) and
662 see the same internal article numbering. Servers with this
663 parameter set should generally only have one upstream feed, and
664 should always have nnrpdposthost set to hand locally posted
665 articles off to the master server. The upstream should be careful
666 to always feed articles in order (innfeed(8) can have problems with
667 this in the event of a backlog). This is a boolean value and the
668 default is false.
669
670 Reading
671 These parameters affect the behavior of INN for readers. Most of them
672 are used by nnrpd(8). There are some special sets of settings that are
673 broken out separately after the initial alphabetized list.
674
675 allownewnews
676 Whether to allow use of the NEWNEWS command by clients. This
677 command used to put a heavy load on the server in older versions of
678 INN, but is now reasonably efficient, at least if only one
679 newsgroup is specified by the client. This is a boolean value and
680 the default is true. If you use the access parameter in
681 readers.conf, be sure to read about the way it overrides
682 allownewnews.
683
684 articlemmap
685 Whether to attempt to mmap() articles. Setting this to true will
686 give better performance on most systems, but some systems have
687 problems with mmap(). If this is set to false, articles will be
688 read into memory before being sent to readers. This is a boolean
689 value and the default is true.
690
691 clienttimeout
692 How long (in seconds) a client connection can be idle before it
693 exits. When setting this parameter, be aware that some newsreaders
694 use the same connection for reading and posting and don't deal well
695 with the connection timing out while a post is being composed. If
696 the system isn't having a problem with too many long-lived
697 connections, it may be a good idea to increase this value to 3600
698 (an hour). The default value is 1800 (thirty minutes).
699
700 initialtimeout
701 How long (in seconds) nnrpd will wait for the first command from a
702 reader connection before dropping the connection. This is a
703 defensive timeout intended to protect the news server from badly
704 behaved reader clients that open and abandon a multitude of
705 connections without every closing them. The default value is 10
706 (ten seconds), which may need to be increased if many clients
707 connect via slow network links.
708
709 msgidcachesize
710 How many cache slots to reserve for message-IDs to storage token
711 translations. When serving overview data to clients (NEWNEWS,
712 OVER, etc.), nnrpd(8) can cache the storage token associated with a
713 message-ID and save the cost of looking it up in the history file;
714 for some configurations, setting this parameter can save more than
715 90% of the wall clock time for a session. The default value is
716 64000.
717
718 nfsreader
719 For servers reading articles, determine whether the article spool
720 is on NFS storage. If set, INN will attempt to force articles and
721 overviews to be read directly from the NFS spool rather than from
722 cached copies. You should only set this parameter if you are
723 attempting to use a shared NFS spool on a machine acting as a
724 reader within a cluster. This is a boolean value and the default
725 is false.
726
727 nfsreaderdelay
728 If nfsreader is set, INN will use the value of nfsreaderdelay to
729 delay the apparent arrival time of articles to clients by this
730 amount. Note that only answers to GROUP and NEWNEWS commands are
731 affected. This value should be tuned based on the NFS cache
732 timeouts locally. The default is 60, that is to say one minute.
733
734 nnrpdcheckart
735 Whether nnrpd should check the existence of an article before
736 listing it as present in response to an NNTP command. The primary
737 use of this setting is to prevent nnrpd from returning information
738 about articles which are no longer present on the server but which
739 still have overview data available. Checking the existence of
740 articles before returning overview information slows down the
741 overview commands, but reduces the number of "article is missing"
742 errors seen by the client. This is a boolean value and the default
743 is true.
744
745 nnrpdflags
746 When nnrpd(8) is spawned from innd(8), these flags are passed as
747 arguments to the nnrpd process. This setting does not affect
748 instances of nnrpd that are started in daemon mode, or instances
749 that are started via another listener process such as inetd(8) or
750 xinetd(8). Shell quoting and metacharacters are not supported.
751 This is a string value and the default is unset.
752
753 nnrpdloadlimit
754 If set to a value other than 0, connections to nnrpd will be
755 refused if the system load average is higher than this value. The
756 default value is 16.
757
758 noreader
759 Normally, innd(8) will fork a copy of nnrpd(8) for all incoming
760 connections from hosts not listed in incoming.conf. If this
761 parameter is set to true, those connections will instead be
762 rejected with a 502 error code. This should be set to true for a
763 transit-only server that doesn't support readers, or if nnrpd is
764 running in daemon mode or being started out of inetd. This is a
765 boolean value and the default is false.
766
767 readerswhenstopped
768 Whether to allow readers to connect even if the server is paused or
769 throttled. This is only applicable if nnrpd(8) is spawned from
770 innd(8) rather than run out of inetd or in daemon mode. This is a
771 boolean value and the default is false.
772
773 readertrack
774 Whether to enable the tracking system for client behavior. Tracked
775 information is recorded to pathlog/tracklogs/log-ID, where ID is
776 determined by nnrpd's PID and launch time. Currently the
777 information recorded includes initial connection and posting; only
778 information about clients listed in nnrpd.track is recorded. In
779 addition, every posted article will be saved in
780 pathlog/trackposts/track.message-id, where message-id is the
781 message ID of the post. This is a boolean value and the default is
782 false.
783
784 tradindexedmmap
785 Whether to attempt to mmap() tradindexed overviews articles.
786 Setting this to true will give better performance on most systems,
787 but some systems have problems with mmap(). If this is set to
788 false, overviews will be read into memory before being sent to
789 readers. This is a boolean value and the default is true.
790
791 INN has optional support for generating keyword information
792 automatically from article body text and putting that information in
793 overview for the use of clients that know to look for it (HDR, OVER and
794 XPAT commands). The following parameters control that feature.
795
796 This may be too slow if you're taking a substantial feed, and probably
797 will not be useful for the average news reader; enabling this is not
798 recommended unless you have some specific intention to take advantage
799 of it.
800
801 keywords
802 Whether the keyword generation support should be enabled. This is
803 a boolean value and the default is false.
804
805 If an article already contains a Keywords header field, no keyword
806 generation is done and the original Keywords header field is kept
807 untouched.
808
809 In order to use this feature, the regex library should be available
810 and INN configured with the --enable-keywords flag. Otherwise, no
811 keywords will be generated, even though this boolean value is set
812 to true. You also have to add the Keywords header field into the
813 overview with extraoverviewadvertised or extraoverviewhidden.
814
815 keyartlimit
816 Articles larger than this value in bytes will not have keywords
817 generated for them (since it would take too long to do so). The
818 default value is 100000 (approximately 100 KB).
819
820 keylimit
821 Maximum number of bytes allocated for keyword data. If there are
822 more keywords than will fit into this many bytes when separated by
823 commas, the rest are discarded. The default value is 512.
824
825 keymaxwords
826 Maximum number of keywords that will be generated for an article.
827 (The keyword generation code will attempt to discard "noise" words,
828 so the number of keywords actually written into the overview will
829 usually be smaller than this even if the maximum number of keywords
830 is found.) The default value is 250.
831
832 Posting
833 These parameters are only used by nnrpd(8), inews(1), and other
834 programs that accept or generate postings. There are some special sets
835 of settings that are broken out separately after the initial
836 alphabetized list.
837
838 addinjectiondate
839 Whether to add an Injection-Date header field to all local posts.
840 This is a boolean value and the default is true.
841
842 Note that no Injection-Date header fields will be added to local
843 posts already containing both a Message-ID header field and a Date
844 header field. This is done in conformance with standards, to help
845 minimize the possibility of a loop in e-mail gatewaying and ensure
846 that a newly injected article is not treated as a new, separate
847 article in case of multiple injection of the same article to
848 different injecting agents.
849
850 addinjectionpostingaccount
851 Whether to add a posting-account attribute to the Injection-Info
852 header field body to all local posts giving the username assigned
853 to the user at connection time or after authentication. This is a
854 boolean value and the default is false. There is no intrinsic
855 support for obfuscating the value. That has to be done with a
856 user-written Perl filter, if desired.
857
858 addinjectionpostinghost
859 Whether to add a posting-host attribute to the Injection-Info
860 header field body to all local posts giving an FQDN (when known, by
861 reverse lookup of the client IP address) and IP address of the
862 system from which the post was received. This is a boolean value
863 and the default is true. Note that INN either does not add this
864 attribute or adds the name (when known) and IP address of the
865 client. There is no intrinsic support for obfuscating the name of
866 the client. That has to be done with a user-written Perl filter,
867 if desired.
868
869 When this parameter is set to true, an FQDN (obtained by reverse
870 lookup of the client IP address or, if unknown, the IP address
871 itself) of the client is also added to the Path header field body,
872 after the "!.POSTED" diagnostic.
873
874 checkincludedtext
875 Whether to check local postings for the ratio of new to quoted text
876 and reject them if that ratio is under 50%. Included text is
877 recognized by looking for lines beginning with ">", "|", or ":".
878 This is a boolean value and the default is false.
879
880 complaints
881 The value of the mail-complaints-to attribute of the Injection-Info
882 header field added to all local posts. The default is the
883 newsmaster's e-mail address. (If the newsmaster, selected at
884 configure time and defaulting to "usenet", doesn't contain "@", the
885 address will consist of the newsmaster, a "@", and the value of
886 fromhost.)
887
888 fromhost
889 Contains a domain used to construct e-mail addresses. The address
890 of the local news administrator will be given as <user>@fromhost,
891 where <user> is the newsmaster user set at compile time ("usenet"
892 by default). This setting will also be used by mailpost(8) to
893 fully qualify addresses and by inews(1) to generate the Sender
894 header field (and the From header field if missing). The value of
895 the FROMHOST environment variable, if set, overrides this setting.
896 The default is the fully qualified domain name of the local host.
897
898 localmaxartsize
899 The maximum article size (in bytes) for locally posted articles.
900 Articles larger than this will be rejected. A value of 0 allows
901 any size of article, but note that nnrpd and innd will crash if
902 system memory is exceeded. See also maxartsize, which applies to
903 all articles including those posted locally. The default value is
904 1000000 (approximately 1 MB).
905
906 moderatormailer
907 The address to which to send submissions for moderated groups. It
908 is only used if the moderators file doesn't exist, or if the
909 moderated group to which an article is posted is not matched by any
910 entry in that file, and takes the same form as an entry in the
911 moderators file. In most cases, "%s@moderators.isc.org" is a good
912 value for this parameter (%s is expanded into a form of the
913 newsgroup name). See moderators(5) for more details about the
914 syntax. The default is unset. If this parameter isn't set and an
915 article is posted to a moderated group that does not have a
916 matching entry in the moderators file, the posting will be rejected
917 with an error.
918
919 nnrpdauthsender
920 Whether to generate a Sender header field based on reader
921 authentication. If this parameter is set, a Sender header field
922 will be added to local posts containing the identity assigned by
923 readers.conf. If the assigned identity does not include an "@",
924 the reader's hostname is used. If this parameter is set but no
925 identity is assigned, the Sender header field will be removed from
926 all posts even if the poster includes one. This is a boolean value
927 and the default is false.
928
929 nnrpdposthost
930 If set, nnrpd(8) and rnews(1) will pass all locally posted articles
931 to the specified host rather than trying to inject them locally.
932 See also nnrpdpostport. This should always be set if xrefslave is
933 true. The default value is unset.
934
935 nnrpdpostport
936 The port on the remote server to connect to to post when
937 nnrpdposthost is used. The default value is 119.
938
939 organization
940 What to put in the Organization header field body if it is left
941 blank by the poster. The value of the ORGANIZATION environment
942 variable, if set, overrides this setting. The default is unset,
943 which tells INN not to insert an Organization header field.
944
945 spoolfirst
946 If true, nnrpd(8) will spool new articles rather than attempting to
947 send them to innd(8). If false, nnrpd will spool articles only if
948 it receives an error trying to send them to innd. Setting this to
949 true can be useful if nnrpd must respond as fast as possible to the
950 client; however, when set, articles will not appear to readers
951 until they are given to innd. nnrpd won't do this; "rnews -U" must
952 be run periodically to take the spooled articles and post them.
953 This is a boolean value and the default is false.
954
955 strippostcc
956 Whether to strip To, Cc, and Bcc header fields out of all local
957 posts via nnrpd(8). The primary purpose of this setting is to
958 prevent abuse of the news server by posting to a moderated group
959 and including To or Cc header fields in the post so that the news
960 server will send the article to arbitrary addresses. INN now
961 protects against this abuse in other ways provided mta is set to a
962 command that includes %s and honors it, so this is generally no
963 longer needed. This is a boolean value and the default is false.
964
965 nnrpd(8) has support for controlling high-volume posters via an
966 exponential backoff algorithm, as configured by the following
967 parameters.
968
969 Exponential posting backoff works as follows: news clients are indexed
970 by IP address (or username, see backoffauth below). Each time a post
971 is received from an IP address, the time of posting is stored (along
972 with the previous sleep time, see below). After a configurable number
973 of posts in a configurable period of time, nnrpd(8) will begin to sleep
974 for increasing periods of time before actually posting anything
975 (posting backoff is therefore activated). Posts will still be
976 accepted, but at an increasingly reduced rate.
977
978 After backoff has been activated, the length of time to sleep is
979 computed based on the difference in time between the last posting and
980 the current posting. If this difference is less than backoffpostfast,
981 the new sleep time will be 1 + (previous sleep time * backoffk). If
982 this difference is less than backoffpostslow but greater than
983 backoffpostfast, then the new sleep time will equal the previous sleep
984 time. If this difference is greater than backoffpostslow, the new
985 sleep time is zero and posting backoff is deactivated for this poster.
986 (Note that this does not mean posting backoff cannot be reactivated
987 later in the session.)
988
989 Exponential posting backoff will not be enabled unless backoffdb is set
990 and backoffpostfast and backoffpostslow are set to something other than
991 their default values.
992
993 Here are the parameters that control exponential posting backoff:
994
995 backoffauth
996 Whether to index posting backoffs by user rather than by source IP
997 address. You must be using authentication in nnrpd(8) for a value
998 of true to have any meaning. This is a boolean value and the
999 default is false.
1000
1001 backoffdb
1002 The path to a directory, writeable by the news user, that will
1003 contain the backoff database. There is no default for this
1004 parameter; you must provide a path to a creatable or writeable
1005 directory to enable exponential backoff.
1006
1007 backoffk
1008 The amount to multiply the previous sleep time by if the user is
1009 still posting too quickly. A value of 2 will double the sleep time
1010 for each excessive post. The default value is 1.
1011
1012 backoffpostfast
1013 Postings from the same identity that arrive in less than this
1014 amount of time (in seconds) will trigger increasing sleep time in
1015 the backoff algorithm. The default value is 0.
1016
1017 backoffpostslow
1018 Postings from the same identity that arrive in greater than this
1019 amount of time (in seconds) will reset the backoff algorithm.
1020 Another way to look at this constant is to realize that posters
1021 will be allowed to generate at most 86400/backoffpostslow posts per
1022 day. The default value is 1.
1023
1024 backofftrigger
1025 This many postings are allowed before the backoff algorithm is
1026 triggered. The default value is 10000.
1027
1028 TLS/SSL Support for Reading and Posting
1029 Here are the parameters used by nnrpd(8) to provide TLS/SSL support.
1030
1031 The parameters related to certificates are:
1032
1033 tlscafile
1034 The path to a file containing certificate authority root
1035 certificates, used to present a trust chain to a TLS client. This
1036 parameter is only used if nnrpd is built with TLS/SSL support. The
1037 default value is an empty string.
1038
1039 tlscapath
1040 The path to a directory containing certificate authority root
1041 certificates. Each file in the directory should contain one CA
1042 certificate, and the name of the file should be the CA subject name
1043 hash value. See the OpenSSL documentation for more information.
1044 This parameter is only used if nnrpd is built with TLS/SSL support.
1045 The default value is pathetc.
1046
1047 tlscertfile
1048 The path to a file containing the server certificate to present to
1049 TLS clients. This parameter is only used if nnrpd is built with
1050 TLS/SSL support. The default value is pathetc/cert.pem.
1051
1052 If you want to use a complete certificate chain, you can directly
1053 put it in tlscertfile (like Apache's SSLCertificateFile directive).
1054 Alternately, you can put a single certificate in tlscertfile and
1055 use tlscafile for additional certificates needed to complete the
1056 chain, like a separate authority root certificate.
1057
1058 More concretly, when using Let's Encrypt certificates, Certbot's
1059 files can be installed as follows:
1060
1061 tlscapath: /etc/letsencrypt/live/news.server.com
1062 tlscertfile: /etc/letsencrypt/live/news.server.com/fullchain.pem
1063 tlskeyfile: /etc/letsencrypt/live/news.server.com/privkey.pem
1064
1065 or:
1066
1067 tlscapath: /etc/letsencrypt/live/news.server.com
1068 tlscafile: /etc/letsencrypt/live/news.server.com/chain.pem
1069 tlscertfile: /etc/letsencrypt/live/news.server.com/cert.pem
1070 tlskeyfile: /etc/letsencrypt/live/news.server.com/privkey.pem
1071
1072 Make sure that the permission rights are properly set so that the
1073 news user or the news group can read these directories and files
1074 (typically, he should access /etc/letsencrypt/live/news.server.com
1075 and /etc/letsencrypt/archive/news.server.com where the real keys
1076 are located, and the private key should not be world-readable).
1077
1078 tlskeyfile
1079 The path to a file containing the encryption key for the server
1080 certificate named in tlscertfile. This may be the same as
1081 tlscertfile if, when you created the certificate, you put the key
1082 in the same file (if, for example, you gave the same file name to
1083 both the -out and -keyout options to "openssl req"). This
1084 parameter is only used if nnrpd is built with TLS/SSL support. The
1085 default value is pathetc/key.pem.
1086
1087 This file must only be readable by the news user or nnrpd will
1088 refuse to use it.
1089
1090 Finally, here are the parameters that can be used to tighten the level
1091 of security provided by TLS/SSL in case new attacks exploitable in NNTP
1092 on the TLS protocol or some supported cipher suite are discovered:
1093
1094 tlsciphers
1095 The string describing the cipher suites OpenSSL will support for
1096 TLS 1.2 and below. See OpenSSL's ciphers(1) command documentation
1097 for details. The default is unset, which uses OpenSSL's default
1098 cipher suite list.
1099
1100 tlsciphers13
1101 The string describing the cipher suites OpenSSL will support for
1102 TLS 1.3. See OpenSSL's ciphers(1) command documentation for
1103 details. The default is unset, which uses OpenSSL's default cipher
1104 suite list.
1105
1106 Note that a separate cipher suite configuration parameter is needed
1107 for TLS 1.3 because TLS 1.3 cipher suites are not compatible with
1108 TLS 1.2, and vice-versa. In order to avoid issues where legacy
1109 TLS 1.2 cipher suite configuration configured in the tlsciphers
1110 parameter would inadvertently disable all TLS 1.3 cipher suites,
1111 the inn.conf configuration has been separated out.
1112
1113 tlscompression
1114 Whether to enable or disable TLS/SSL-level compression support, if
1115 the negotiated protocol supports it (notably, TLS 1.3 no longer
1116 supports it). This is a boolean and the default is false, that is
1117 to say compression is disabled, so as to follow the best current
1118 practices for a secure use of TLS in application protocols (see
1119 RFC 8143 for NNTP).
1120
1121 Note that enabling TLS/SSL-level compression will be possible only
1122 if the OpenSSL library INN has been built with, supports that
1123 feature.
1124
1125 tlseccurve
1126 The name of the elliptic curve to use for ephemeral key exchanges.
1127 To see the list of curves supported by OpenSSL, use "openssl
1128 ecparam -list_curves".
1129
1130 The default is unset, which means an appropriate curve is auto-
1131 selected (if your OpenSSL version is at least 1.0.2 or you are
1132 using LibreSSL) or the NIST P-256 curve is used.
1133
1134 This option is only effective if your OpenSSL version has ECDH
1135 support.
1136
1137 tlspreferserverciphers
1138 Whether to let the client or the server decide the preferred cipher
1139 suite, signature algorithm or elliptic curve to use for an incoming
1140 connection. This is a boolean and the default is true, that is to
1141 say the server will choose following its own preferences.
1142
1143 tlsprotocols
1144 The list of TLS/SSL protocol versions to support. Valid protocols
1145 are SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. The default
1146 value is to only allow secure TLS protocols:
1147
1148 tlsprotocols: [ TLSv1.2 TLSv1.3 ]
1149
1150 Note that the listed protocols will be enabled only if the OpenSSL
1151 library INN has been built with, supports them. In case OpenSSL
1152 supports protocols more recent than TLSv1.3, they will be
1153 automatically enabled (which anyway is fine regarding security, as
1154 newer protocols are supposed to be more secure).
1155
1156 "SSLv2" was formally deprecated by RFC 6176 in 2011, "SSLv3" by
1157 RFC 7568 in 2015, "TLSv1.0" and "TLSv1.1" by RFC 8996 in 2021.
1158
1159 Monitoring
1160 These parameters control the behavior of innwatch(8), the program that
1161 monitors INN and informs the news administrator if anything goes wrong
1162 with it.
1163
1164 doinnwatch
1165 Whether to start innwatch(8) from rc.news. This is a boolean
1166 value, and the default is true.
1167
1168 innwatchbatchspace
1169 Free space in pathoutgoing, in inndf(8) output units (normally
1170 kilobytes), at which innd(8) will be throttled by innwatch(8),
1171 assuming a default innwatch.ctl. The default value is 4000.
1172
1173 innwatchlibspace
1174 Free space in pathdb, in inndf(8) output units (normally
1175 kilobytes), at which innd(8) will be throttled by innwatch(8),
1176 assuming a default innwatch.ctl. The default value is 25000.
1177
1178 innwatchloload
1179 Load average times 100 at which innd(8) will be restarted by
1180 innwatch(8) (undoing a previous pause or throttle), assuming a
1181 default innwatch.ctl. The default value is 1000 (that is, a load
1182 average of 10.00).
1183
1184 innwatchhiload
1185 Load average times 100 at which innd(8) will be throttled by
1186 innwatch(8), assuming a default innwatch.ctl. The default value is
1187 2000 (that is, a load average of 20.00).
1188
1189 innwatchpauseload
1190 Load average times 100 at which innd(8) will be paused by
1191 innwatch(8), assuming a default innwatch.ctl. The default value is
1192 1500 (that is, a load average of 15.00).
1193
1194 innwatchsleeptime
1195 How long (in seconds) innwatch(8) will sleep between each check of
1196 INN. The default value is 600.
1197
1198 innwatchspoolnodes
1199 Free inodes in patharticles at which innd(8) will be throttled by
1200 innwatch(8), assuming a default innwatch.ctl. The default value is
1201 200.
1202
1203 innwatchspoolspace
1204 Free space in patharticles and pathoverview, in inndf(8) output
1205 units (normally kilobytes), at which innd(8) will be throttled by
1206 innwatch(8), assuming a default innwatch.ctl. The default value is
1207 25000.
1208
1209 Logging
1210 These parameters control what information INN logs.
1211
1212 docnfsstat
1213 Whether to start cnfsstat(8) when innd(8) is started. cnfsstat
1214 will log the status of all CNFS cycbuffs to syslog on a periodic
1215 basis (frequency is the default for "cnfsstat -l", currently 600
1216 seconds). This is a boolean value and the default is false.
1217
1218 htmlstatus
1219 Whether innd should write the status report as HTML file or in
1220 plain text. The HTML status file goes to pathhttp/inn_status.html,
1221 while the plain text status file is written to pathlog/inn.status.
1222 This is a boolean value and the default is true (an HTML status
1223 file is written). Also see the status parameter.
1224
1225 incominglogfrequency
1226 How many articles to process on an incoming channel before logging
1227 the activity. The default value is 200.
1228
1229 logartsize
1230 Whether the size of accepted articles (in bytes) should be written
1231 to the article log file. This is useful for flow rate statistics
1232 and is recommended. This is a boolean value and the default is
1233 true.
1234
1235 logcancelcomm
1236 Set this to true to log "ctlinnd cancel" commands to syslog. This
1237 is a boolean value and the default is false.
1238
1239 logcycles
1240 How many old logs scanlogs(8) keeps. scanlogs(8) is generally run
1241 by news.daily(8) and will archive compressed copies of this many
1242 days worth of old logs. The default value is 3.
1243
1244 logipaddr
1245 Whether the verified name of the remote feeding host should be
1246 logged to the article log for incoming articles rather than the
1247 last entry in the Path header field body. The only reason to ever
1248 set this to false is due to some interactions with newsfeeds flags;
1249 see newsfeeds(5) for more information. This is a boolean value and
1250 the default is true.
1251
1252 logsitename
1253 Whether the names of the sites to which accepted articles will be
1254 sent should be put into the article log file. This is useful for
1255 debugging and statistics. This is a boolean value and the default
1256 is true.
1257
1258 logstatus
1259 Whether innd should write a shortened version of its status report
1260 to syslog every status seconds. This is a boolean value and the
1261 default is true. If set to true, see the status parameter for more
1262 details on how to enable status reporting.
1263
1264 logtrash
1265 Whether innd should add a line in the news log file to report
1266 unwanted newsgroups (that is to say newsgroups not locally carried
1267 by the news server). This is a boolean value and the default is
1268 true. It may be useful to set it to false when wanttrash is set to
1269 true.
1270
1271 nnrpdoverstats
1272 Whether nnrpd overview statistics should be logged via syslog.
1273 This can be useful for measuring overview performance. This is a
1274 boolean value and the default is true.
1275
1276 nntplinklog
1277 Whether to put the storage API token for accepted articles (used by
1278 nntplink) in the article log. This is a boolean value and the
1279 default is false.
1280
1281 stathist
1282 Where to write history statistics for analysis with
1283 contrib/stathist.pl; this can be modified with ctlinnd(8) while
1284 innd is running. Logging does not occur unless a path is given,
1285 and there is no default value.
1286
1287 status
1288 How frequently (in seconds) innd(8) should write out a status
1289 report. The report is written to pathhttp/inn_status.html or
1290 pathlog/inn.status depending on the value of htmlstatus. If this
1291 is set to 0 or "false", status reporting is disabled. The default
1292 value is 600 (that is to say reports are written every 10 minutes).
1293
1294 timer
1295 How frequently (in seconds) innd(8) should report performance
1296 timings to syslog. If this is set to 0, performance timing is
1297 disabled. Enabling this is highly recommended, and innreport(8)
1298 can produce a nice summary of the timings. If set to 0,
1299 performance timings in nnrpd(8) are also disabled, although nnrpd
1300 always reports statistics on exit and therefore any non-zero value
1301 is equivalent for it. The default value is 600 (that is to say
1302 performance timings are reported every 10 minutes).
1303
1304 System Tuning
1305 The following parameters can be modified to tune the low-level
1306 operation of INN. In general, you shouldn't need to modify any of them
1307 except possibly rlimitnofile unless the server is having difficulty.
1308
1309 badiocount
1310 How many read or write failures until a channel is put to sleep or
1311 closed. The default value is 5.
1312
1313 blockbackoff
1314 Each time an attempted write returns EAGAIN or EWOULDBLOCK, innd(8)
1315 will wait for an increasing number of seconds before trying it
1316 again. This is the multiplier for the sleep time. If you're
1317 having trouble with channel feeds not keeping up, it may be good to
1318 change this value to 2 or 3, since then when the channel fills INN
1319 will try again in a couple of seconds rather than waiting two
1320 minutes. The default value is 120.
1321
1322 chaninacttime
1323 The time (in seconds) to wait between noticing inactive channels.
1324 The default value is 600.
1325
1326 chanretrytime
1327 How many seconds to wait before a channel restarts. The default
1328 value is 300.
1329
1330 datamovethreshold
1331 The threshold for deciding whether to move already-read data to the
1332 top of buffer or extend the buffer. The buffer described here is
1333 used for reading NNTP data. Increasing this value may improve
1334 performance, but it should not be increased on Systems with
1335 insufficient memory. Permitted values are between 0 and 1048576
1336 (out of range values are treated as 1048576) and the default value
1337 is 16384.
1338
1339 icdsynccount
1340 How many article writes between updating the active and history
1341 files. The default value is 10.
1342
1343 keepmmappedthreshold
1344 When using buffindexed, retrieving overview data (that is,
1345 responding to OVER or running expireover) causes mmapping of all
1346 overview data blocks which include requested overview data for
1347 newsgroup. But for high volume newsgroups like control.cancel,
1348 this may cause too much mmapping at once leading to system resource
1349 problems. To avoid this, if the amount to be mmapped exceeds
1350 keepmmappedthreshold (in KB), buffindexed mmap's just one overview
1351 block (8 KB). This parameter is specific to buffindexed overview
1352 storage method. The default value is 1024 (1 MB).
1353
1354 maxcmdreadsize
1355 If set to anything other than 0, maximum buffer size (in bytes) for
1356 reading NNTP command will have this value. It should not be large
1357 on systems which are slow to process and store articles, as that
1358 would lead to innd(8) spending a long time on each channel and
1359 keeping other channels waiting. The default value is BUFSIZ
1360 defined in stdio.h (1024 in most environments, see setbuf(3)).
1361
1362 maxforks
1363 How many times to attempt a fork(2) before giving up. The default
1364 value is 10.
1365
1366 maxlisten
1367 How many incoming connections can queue up in the listen backlog
1368 for innd, nnrpd and two overview storage methods ("ovdb" and
1369 "ovsqlite"). The default value is 128 and should be raised in case
1370 you notice that some connection requests get dropped.
1371
1372 nicekids
1373 If set to anything other than 0, all child processes of innd(8)
1374 will have this nice(2) value. This is usually used to give all
1375 child processes of innd(8) a lower priority (higher nice value) so
1376 that innd(8) can get the lion's share of the CPU when it needs it.
1377 The default value is 4.
1378
1379 nicenewnews
1380 If set to anything greater than 0, all nnrpd(8) processes that
1381 receive and process a NEWNEWS command will nice(2) themselves to
1382 this value (giving other nnrpd processes a higher priority). The
1383 default value is 0. Note that this value will be ignored if set to
1384 a lower value than nicennrpd (or nicekids if nnrpd(8) is spawned
1385 from innd(8)).
1386
1387 nicennrpd
1388 If set to anything greater than 0, all nnrpd(8) processes will
1389 nice(2) themselves to this value. This gives other news processes
1390 a higher priority and can help overchan(8) keep up with incoming
1391 news (if that's the object, be sure overchan(8) isn't also set to a
1392 lower priority via nicekids). The default value is 0, which will
1393 cause nnrpd(8) processes spawned from innd(8) to use the value of
1394 nicekids, while nnrpd(8) run as a daemon will use the system
1395 default priority. Note that for nnrpd(8) processes spawned from
1396 innd(8), this value will be ignored if set to a value lower than
1397 nicekids.
1398
1399 pauseretrytime
1400 Wait for this many seconds before noticing inactive channels. Wait
1401 for this many seconds before innd processes articles when it's
1402 paused or the number of channel write failures exceeds badiocount.
1403 The default value is 300.
1404
1405 peertimeout
1406 How long (in seconds) an innd(8) incoming channel may be inactive
1407 before innd closes it. The default value is 3600 (an hour).
1408
1409 rlimitnofile
1410 The maximum number of file descriptors that innd(8) or innfeed(8)
1411 can have open at once. If innd(8) or innfeed(8) attempts to open
1412 more file descriptors than this value, it is possible the program
1413 may throttle or otherwise suffer reduced functionality. The number
1414 of open file descriptors is roughly the maximum number of incoming
1415 feeds and outgoing batches for innd(8) and the number of outgoing
1416 streams for innfeed(8). If this parameter is set to a negative
1417 value, the default limit of the operating system will be used; this
1418 will normally be adequate on systems other than Solaris. Nearly
1419 all operating systems have some hard maximum limit beyond which
1420 this value cannot be raised, usually either 128, 256, or 1024. The
1421 default value of this parameter is "-1". Setting it to 256 on
1422 Solaris systems is highly recommended.
1423
1424 Paths Names
1425 patharchive
1426 Where to store archived news. The default value is
1427 pathspool/archive.
1428
1429 patharticles
1430 The path to where the news articles are stored (for storage methods
1431 other than CNFS). The default value is pathspool/articles.
1432
1433 pathbin
1434 The path to the news binaries. The default value is pathnews/bin.
1435
1436 pathcontrol
1437 The path to the files that handle control messages. The code for
1438 handling each separate type of control message is located here. Be
1439 very careful what you put in this directory with a name ending in
1440 ".pl", as it can potentially be a severe security risk. The
1441 default value is pathbin/control.
1442
1443 pathdb
1444 The path to the database files used and updated by the server
1445 (currently, active, active.times, history and its indices, and
1446 newsgroups). The default value is pathnews/db.
1447
1448 pathetc
1449 The path to the news configuration files. The default value is
1450 pathnews/etc.
1451
1452 pathfilter
1453 The path to the Perl and Python filters. The default value is
1454 pathbin/filter.
1455
1456 pathhttp
1457 Where any HTML files (such as periodic status reports) are placed.
1458 If the news reports should be available in real-time on the web,
1459 the files in this directory should be served by a web server. The
1460 default value is the value of pathnews/http.
1461
1462 pathincoming
1463 Location where incoming batched news is stored. The default value
1464 is pathspool/incoming.
1465
1466 pathlog
1467 Where the news log files are written. The default value is
1468 pathnews/log.
1469
1470 pathnews
1471 The home directory of the news user and usually the root of the
1472 news hierarchy. There is no default; this parameter must be set in
1473 inn.conf or INN will refuse to start.
1474
1475 pathoutgoing
1476 Default location for outgoing feed files. The default value is
1477 pathspool/outgoing.
1478
1479 pathoverview
1480 The path to news overview files. The default value is
1481 pathspool/overview.
1482
1483 pathrun
1484 The path to files required while the server is running and run-time
1485 state information. This includes lock files and the sockets for
1486 communicating with innd(8). This directory and the control sockets
1487 in it should be protected from unprivileged users other than the
1488 news user. The default value is pathnews/run.
1489
1490 pathspool
1491 The root of the news spool hierarchy. This used mostly to set the
1492 defaults for other parameters, and to determine the path to the
1493 backlog directory for innfeed(8). The default value is
1494 pathnews/spool.
1495
1496 pathtmp
1497 Where INN puts temporary files. For security reasons, this is not
1498 the same as the system temporary files directory (INN creates a lot
1499 of temporary files with predictable names and does not go to
1500 particularly great lengths to protect against symlink attacks and
1501 the like; this is safe provided that normal users can't write into
1502 its temporary directory). The default value is set at configure
1503 time and defaults to pathnews/tmp.
1504
1506 Here is a very minimalist example that only sets those parameters that
1507 are required.
1508
1509 mta: "/usr/lib/sendmail -oi -oem %s"
1510 ovmethod: tradindexed
1511 pathhost: news.example.com
1512 pathnews: /usr/local/news
1513 hismethod: hisv6
1514
1515 For a more comprehensive example, see the sample inn.conf distributed
1516 with INN and installed as a starting point; it contains all of the
1517 default values for reference.
1518
1520 Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews and since
1521 modified, updated, and reorganized by innumerable other people.
1522
1524 inews(1), innd(8), innwatch(8), libinn_dbz(3), libinn_uwildmat(3),
1525 makehistory(8), nnrpd(8), rnews(1).
1526
1527 Nearly every program in INN uses this file to one degree or another.
1528 The above are just the major and most frequently mentioned ones.
1529
1530
1531
1532INN 2.7.0 2022-07-10 INN.CONF(5)