1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)
Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.
But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.
Huh?
Do you see "aioe" in that path?
How did it get there?
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid> <tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520
I can tell you that showed up in my morning feed but it was _not_ in my >morning feed until this morning. The time stamps don't show that though, >where I sent it on Sunday at 6am local time.
I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.
Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven queries:
A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?
Thank you in advance, where I will not reply to the inevitable child-like >responses from the kindergarten mentality idiots who infest this newsgroup.
Do you see "aioe" in that path?
How did it get there?
You replied to a post that was originally posted through aioe.
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
B. What is aioe doing in that PATH if the server is supposedly down?
See above.
1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)
Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.
But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.
Huh?
Do you see "aioe" in that path?
How did it get there?
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>
<180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net;
posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520
I can tell you that showed up in my morning feed but it was _not_ in
my morning feed until this morning. The time stamps don't show that
though, where I sent it on Sunday at 6am local time.
I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.
Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven
queries:
A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?
Thank you in advance, where I will not reply to the inevitable
child-like responses from the kindergarten mentality idiots who infest
this newsgroup.
NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet
scripts.
Huh?
Do you see "aioe" in that path?
How did it get there?
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
Two questions for those who know more about this than I do and who are purposefully helpful people, are the following data driven queries:
A. How can I tell when this arrived in any given news feed?
Andy Burnelli <nospam@nospam.net> wrote:
Huh?
Do you see "aioe" in that path?
How did it get there?
You replied to a post that was originally posted through aioe.
A server is supposed to check the path to see if a peer is already in
the list before sending to prevent loops.
Russ Allbery <eagle@eyrie.org> posted:
Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.
aioe and mixmin have been peering for some time.
A. How can I tell when this arrived in any given news feed?
You can't. The netnews protocols do not track that information in any
way that is available to you. You'd have to ask each individual server
operator to check their logs, or ask someone who has read access to
that server to try to put a time bound around when it showed up.
https://www.rfc-editor.org/rfc/rfc5536
3.2.7. Injection-Date
The Injection-Date header field contains the date and time that the
article was injected into the network. Its purpose is to enable news
servers, when checking for "stale" articles, to use a <date-time>
that was added by a news server at injection time rather than one
added by the user agent at message composition time.
Andy Burnelli <nospam@nospam.net> writes:
Huh?
Do you see "aioe" in that path?
How did it get there?
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
Everything I say here comes with the substantial caveat that the Path
header is generally not authenticated by peers and thus can be easily
forged, so any analysis of the Path header is guesswork and could be
tricked by someone in the right position in the article propagation
chain.
That said, the !.POSTED! marker is generally inserted by the server
that first accepts your message, and you said you posted through
mixmin.net, so that's consistent. That means (assuming no forgery) everything after the !.POSTED! was either inserted by you or by
mixmin.net. I'm assuming you didn't preload your own Path header, so
I would assume it was inserted by mixmin.net.
So I believe aioe.org is in there because the mixmin.net server put it
there.
Obviously that prompts the question why. I don't know why, but one
common reason to insert other people's Path identities in your Path
header is because the Path is used by most servers to deduplicate
feeds, so they won't send an article to a server whose path identity
already appears in the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever
reason) is to add its path identity to your Path header before
posting, or during posting.
Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.
There are other possible explanations. For example, notice that sewer
is in there twice, and appears to be the server you read the message
from. In that case, sewer is presumably part of the mixmin.net server network, and preloading that entry is presumably some optimization to
avoid making duplicate article offers. Maybe the same thing is true
for aioe.org; maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to
prevent the messages from propagating via normal channels because
they'll be sent via some other channel that's configured to ignore
Path entries. I have done things like that before to solve complex
peering configuration issues.
I don't think there's any way of knowing for sure why it's there
without the mixmin.net server operator telling you. Without that, we
can only speculate based on reasons why people have done such things
in the past.
Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven
queries:
A. How can I tell when this arrived in any given news feed?
You can't. The netnews protocols do not track that information in any
way that is available to you. You'd have to ask each individual
server operator to check their logs, or ask someone who has read
access to that server to try to put a time bound around when it showed
up.
You replied to a post that was originally posted through aioe.
The Path header has nothing to do with replies and no part of the Path
header is constructed based on the article to which you are replying.
However... I would also say that if AIOE is still down, then it "should"
also be "impossible" for aioe to be in the "PATH:" header, right?
Somehow, the message went from mixmin to aioe and then to me even as I
was using dizum at the time to retrieve the messages.
Somehow, the message went from mixmin to aioe and then to me even as I
was using dizum at the time to retrieve the messages.
I don't believe this is the case. I think you posted the message to mixmin.net and then read it from a server called sewer (presumably this is "dizum"), and the aoie.org entry was added by mixmin.net.
netfront
I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.
So I believe aioe.org is in there because the mixmin.net server put it
there.
Obviously that prompts the question why. I don't know why, but one common reason to insert other people's Path identities in your Path header is because the Path is used by most servers to deduplicate feeds, so they
won't send an article to a server whose path identity already appears in
the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever reason) is to add its path
identity to your Path header before posting, or during posting.
Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.
There are other possible explanations. For example, notice that sewer is
in there twice, and appears to be the server you read the message from.
telnet news.dizum.net 119200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)
telnet news.mixmin.net 119400 Interrupted system call writing creating overview file -- throttling
openssl s_client -showcerts -connect news.mixmin.net:563Which spit out a lot of stuff but I didn't know what to do with it.
In that case, sewer is presumably part of the mixmin.net server network,
and preloading that entry is presumably some optimization to avoid making duplicate article offers. Maybe the same thing is true for aioe.org;
maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to prevent the messages from propagating via normal channels because they'll be sent via some other channel that's configured to ignore Path entries. I have done things like that before to solve complex peering configuration issues.
I don't think there's any way of knowing for sure why it's there without
the mixmin.net server operator telling you. Without that, we can only speculate based on reasons why people have done such things in the past.
Two questions for those who know more about this than I do and who are
purposefully helpful people, are the following data driven queries:
A. How can I tell when this arrived in any given news feed?
You can't. The netnews protocols do not track that information in any way that is available to you. You'd have to ask each individual server
operator to check their logs, or ask someone who has read access to that server to try to put a time bound around when it showed up.
echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"etc.
echo q | openssl s_client -connect news.eternal-september.org:563 | openssl x509 -noout -enddate | findstr "notAfter"
echo q | openssl s_client -connect news.dizum.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
Russ Allbery wrote:
There are other possible explanations. For example, notice that sewer
is in there twice, and appears to be the server you read the message
from.
I did notice that "sewer" was there twice so thank you for pointing it out. As a quick test, I just ran this command which anyone else can test too:
telnet news.dizum.net 119200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)
It's strange that "sewer" would be used both by Steve Crook at Mixmin
and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp
keyword?
Thanks for explaining that the date that mixmin used is all that we've
got. I did find some of these commands below that others may make use
of but I don't know enough about them to say whether they're useful or
not.
echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
What I was hoping was to find a way to see what the "PATH:" injected by
the nntp server would be; but none of those commands told me that.
So I believe aioe.org is in there because the mixmin.net server put it
there.
Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.
Andy Burnelli <nospam@nospam.net> writes:
Russ Allbery wrote:
There are other possible explanations. For example, notice that
sewer is in there twice, and appears to be the server you read the
message from.
I did notice that "sewer" was there twice so thank you for pointing
it out. As a quick test, I just ran this command which anyone else
can test too: C:\> telnet news.dizum.net 119
200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)
Yeah, I was wrong about this. It used to be a common pattern for
larger news servers to have a variety of internal servers and to use unqualified path entries for those internal servers, so I jumped to
that conclusion about sewer. But it appears to just be a path entry
used by a different server (news.dizum.net) that you are reading from.
It's not recommended to use unqualified names like that as path
entries because they're confusing if one is trying to track down a
problem and there's a higher chance of conflicts, but as with
everything else about Path, nothing enforces that and people do it
anyway. (And some servers have been doing it for a very long time.
Back in the UUCP days, unqualified names were standard, and there may
be some remnant sites that are that old.)
It's strange that "sewer" would be used both by Steve Crook at Mixmin
and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp
keyword?
It's not. I think it's a path preload just like the aioe.org entry,
and probably added for the same reason.
Given the other information on this thread, I'm leaning towards
mixmin.org using some sort of configuration where for local posts it
preloads the path entries [*] for several peers and then sets up
special feeds to those peers that ignore the path entries. I'm not
sure *why* it's set up that way (I can speculate about a few problems
that it might solve, but none of the explanations are that
satisfying), but that's what it's looking like to me.
[*] "Preloading" is the old Usenet term for adding path entries that
aren't your own to new posts when they're injected at your server.
Thanks for explaining that the date that mixmin used is all that
we've got. I did find some of these commands below that others may
make use of but I don't know enough about them to say whether they're
useful or not.
echo q | openssl s_client -connect news.mixmin.net:563 | opensslx509 -noout -enddate | findstr "notAfter"
This is printing out the expiration date of the TLS certificate for
that server. I don't think this is useful for the question you're
trying to investigate.
What I was hoping was to find a way to see what the "PATH:" injected
by the nntp server would be; but none of those commands told me that.
Yeah, servers are not required to tell you. *Usually*, as with the
example above from news.dizum.net, the first word in the 200 response
is the same as the path entry for that server, but this does not have
to be the case, and indeed I don't remember off-hand which
configuration setting INN uses as the first word after 200.
If a server is preloading extra path entries, there isn't any NNTP
command that's going to tell you that; you'd have to make a post and
then look at its Path header.
On 23/02/2023 04:20, Russ Allbery wrote:
So I believe aioe.org is in there because the mixmin.net server put it there.
Right
Could the mixmin.net server operator want to prevent messages posted through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering drama), but it's one reasonably obvious possible explanation.
Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
the standard configuration Postfilter adds the path aioe.org to Path:
and not your server, me to beginning I had the same problem, before I
figured it out), and then here is the reason for the presence of "aioe"
in the path: without aioe being "alive".
Huh?uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
Do you see "aioe" in that path?
How did it get there?
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!
From: Andy Burnelli <nospam@nospam.net>
Injection-Info: news.mixmin.net;
posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB Xref: sewer
misc.phone.mobile.iphone:116151 comp.mobile.android:98520
I can tell you that showed up in my morning feed but it was _not_ in my morning feed until this morning. The time stamps don't show that though, where I sent it on Sunday at 6am local time.
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nospam@nospam.net>
wrote:
1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)
Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.
But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.
Huh?
Do you see "aioe" in that path?
How did it get there?
You replied to a post that was originally posted through aioe.
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>
My first thought when reading the original post with the Path header, and checking that I see the same Path on my server, is that some fuckery is going on. Whether malicious intent, misconfiguration, or maybe a mixture of both, I'm not sure, but am kind of curious.
ping news.mixmin.netPinging fleegle.mixmin.net [144.76.182.167] with 32 bytes of data:
tracert news.mixmin.netWith the last few hops not having anything near 46.165.242.75 in them...
Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso
Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
the standard configuration Postfilter adds the path aioe.org to Path:
and not your server, me to beginning I had the same problem, before I
figured it out), and then here is the reason for the presence of "aioe"
in the path: without aioe being "alive".
You let the cat out of the bag.
Jesse Rehmer wrote:
My first thought when reading the original post with the Path header,
and checking that I see the same Path on my server, is that some
fuckery is going on. Whether malicious intent, misconfiguration, or
maybe a mixture of both, I'm not sure, but am kind of curious.
Regarding the test, I still haven't seen the original message in the
mixmin feed yet, but I expected it to be delayed over that of the
paganini copy.
Regarding the PATH: header with "aioe" in it when aioe can't be in the
loop I posted to news.mixmin.net:563 & read from news.dizum.net:119
This is the resulting PATH: header.
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
What would be useful to everyone, certainly to me, I think, would be
if someone can take apart the path and tell the rest of us what it's
saying.
For example, what IP address is that in the PATH: header?
It's not what a ping shows me of news.mixmin.net anyway.
ping news.mixmin.netPinging fleegle.mixmin.net [144.76.182.167] with 32 bytes of
data:
tracert news.mixmin.netWith the last few hops not having anything near 46.165.242.75 in
them...
17 253 ms 185 ms 190 ms ae4.cs1.ams17.nl.eth.zayo.com
[64.125.28.36] 18 186 ms 191 ms 215 ms
ae2.cs1.fra6.de.eth.zayo.com [64.125.29.58] 19 199 ms 198 ms
* ae0.cs1.fra9.de.eth.zayo.com [64.125.29.55] 20 193 ms 236
ms 202 ms ae1.mcs1.fra9.de.eth.zayo.com [64.125.29.65] 21 199 ms
207 ms 189 ms as24940.frankfurt.megaport.com [62.69.146.15] 22
198 ms 200 ms * hos-tr3.ex3k4.dc4.fsn1.hetzner.com
[213.239.224.69] 23 196 ms 178 ms 191 ms
ex9k1.dc11.fsn1.hetzner.com [213.239.203.142] 24 182 ms 189 ms
176 ms fleegle.mixmin.net [144.76.182.167]
A google for 46.165.242.75 shows
https://www.whois.com/whois/46.165.242.75
inetnum: 46.165.240.0 - 46.165.247.255
netname: Leaseweb
descr: Leaseweb Deutschland GmbH
person: RIPE Mann
address: Kleyerstrasse 75-87
address: 60326 Frankfurt am Main
address: Germany
Does that point to anything that makes sense to you why/how it's
there?
And maybe can someone who knows how a PATH: works tell us how many
hops it took and who injected which bang-section into that specific
nntp PATH: header?
1. !not-for-mail
2. !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED
3. !aioe.org <=== how'd that get there?????
4. !news.uzoreto.com
5. !alphared
6. !sewer
7. !.POSTED
8. !news.mixmin.net
9. sewer
I just checked all articles received from mixmin during the last 10 days
(167 in total) and the only post showing this anomaly in the Path: header
is yours. All other articles are correct:
Path: eternal-september.org!reader01.eternal-september.org! news.mixmin.net!.POSTED!not-for-mail.
According to my logs, the only posts through mixmin which have those unexpected components to the right of news.mixmin.net!.POSTED, are
yours.
Ray Banana wrote:
I just checked all articles received from mixmin during the last 10 days (167 in total) and the only post showing this anomaly in the Path: header is yours. All other articles are correct:
Path: eternal-september.org!reader01.eternal-september.org! news.mixmin.net!.POSTED!not-for-mail.
That's it. You're the second person to say that, so, it must be me.
I think I need to look at those telnet scripts again.
Maybe something messed up somewhere somehow someway.
For example, the scripts mess with some headers, but not normally the PATH: header. They just scramble the VPN and the TZONE on purpose for privacy.
Nothing fancy.
Just basic privacy.
The scripts were originally written by Marek Novotny, who has passed away.
I ported them from CentOS to Windows years ago with his expert Linux help.
Then I left them alone unless/until something broke.
Which rarely happens.
Looks like perhaps something broke.
It's either that or Steve is adding PATH: stuff just for me.
And I very much doubt that's the situation since I'm not that interesting.
Given that, I will dig into the scripts which I hadn't thought was the
issue until Wolfgang and Tim told me what they saw, and I confirmed that.
Sigh.
I apologize for what appears to be a false alarm on my part.
I'm embarrassed if that's the case, and it's looking like it indeed is.
Mea culpa.
I am sorry.
Tom Furie wrote:
According to my logs, the only posts through mixmin which have those
unexpected components to the right of news.mixmin.net!.POSTED, are
yours.
Why would my PATH: show up any differently than anyone else's does?
lark wrote:
Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it
(with the standard configuration Postfilter adds the path aioe.org
to Path: and not your server, me to beginning I had the same
problem, before I figured it out), and then here is the reason for
the presence of "aioe" in the path: without aioe being "alive".
You let the cat out of the bag.
Since I had posted to news.mixmin.net:563 and read from
news.dizum.net:119 is this how the nntp PATH: header got to where it
happened to get to?
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
1. Steve Crook's mixmin server injected this into the PATH: header...
!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.1
65.242.75.POSTED!not-for-mail
2. Alex deJoode's dizum server injected this into the PATH: header...
sewer!news.mixmin.net!.POSTED!sewer
200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)
*Usually*, as with the example above from news.dizum.net, the first
word in the 200 response is the same as the path entry for that
server, but this does not have to be the case, and indeed I don't
remember off-hand which configuration setting INN uses as the first
word after 200.
one common[...]
reason to insert other people's Path identities in your Path header is because the Path is used by most servers to deduplicate feeds, so they
won't send an article to a server whose path identity already appears in
the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever reason) is to add its path
identity to your Path header before posting, or during posting.
maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to prevent the messages from propagating via normal channels because they'll be sent via some other channel that's configured to ignore Path entries. I have done things like that before to solve complex peering configuration issues.
On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nospam@nospam.net>
wrote:
1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)
Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.
But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.
Huh?
Do you see "aioe" in that path?
How did it get there?
You replied to a post that was originally posted through aioe.
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>
The obscurity of your injection methods, is what ends up
finding things like these path preloads.
How many other people, inject messages exactly the way you do ?
The evidence says, none this month.
1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)
Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.
But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.
Huh?
Do you see "aioe" in that path?
How did it get there?
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
But still, I didn't see any mention of nntp servers or aioe specifically.
Nor any mention that he wrote the Postfilter 9.3 code.
perhaps aioe still has a transit (peering) server running and only its
reader is down.
Ed Rhodes <ejay1118@yahoo.con> writes:
Andy Burnelli <nospam@nospam.net> wrote:
Huh?
Do you see "aioe" in that path?
How did it get there?
You replied to a post that was originally posted through aioe.
The Path header has nothing to do with replies and no part of the Path
header is constructed based on the article to which you are replying.
Paul wrote:
The obscurity of your injection methods, is what ends up
finding things like these path preloads.
How many other people, inject messages exactly the way you do ?
The evidence says, none this month.
Hi Paul,
Thanks. I know you well from the Windows ng and you're a purposefully
helpful guy, like I am, who has helped thousands over the years.
I found the problem which was a syntax error crept into the scripts.
I will send _this_ message via Paganini & Mixmin on Saturday February
26th, at 11pm via my telnet scripts and at the same time I will ensure
my system
time (which changes randomly to foil fingerprinters) will be Pacific Time.
I expect the Mixmin copy to arrive in a few days, sans aioe in the path.
(this is the duplicate sent via mixmin moments later)
1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)
Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.
But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.
Huh?
Do you see "aioe" in that path?
How did it get there?
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>
<180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net;
posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520
I can tell you that showed up in my morning feed but it was _not_ in
my morning feed until this morning. The time stamps don't show that
though, where I sent it on Sunday at 6am local time.
I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.
Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven
queries:
A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?
Thank you in advance, where I will not reply to the inevitable
child-like responses from the kindergarten mentality idiots who infest
this newsgroup.
NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet
scripts.
(this is the duplicate sent via mixmin moments later)
openssl s_client -ign_eof -connect news.cyber23.de:563
Andy Burnelli <nospam@nospam.net> writes:
Somehow, the message went from mixmin to aioe and then to me even
as I was using dizum at the time to retrieve the messages.
I don't believe this is the case. I think you posted the message to mixmin.net and then read it from a server called sewer (presumably
this is "dizum"), and the aoie.org entry was added by mixmin.net.
perhaps aioe still has a transit (peering) server running and only
its reader is down.
Hi Russ,
I hope such insertions and preloads are done before adding the path
identity of the news server which actually handles the message. That is
to say, if my.news.server.net inserts preload.net in the Path header
field, and has verified the last entry of the received path is the
expected one, it would be this way:
Path: my.news.server.net!preload.net!!previous.path
By the way, is it wise to add a verified diag match here? (my.news.server.net!!preload.net) I am unsure, as the article did not
pass through preload.net, and such a syntax would imply that
my.server.net verified it came from preload.net.
The rationale for preload.net added first is that it would otherwise
mean that the next peer would know that the path identity of my.news.server.net could be preload.net, so that it does not do
something like:
Path: next.server.com!.MISMATCH.my.news.server.net!preload.net!my.news.server.net!previous.path
Coming back to how INN deals with additional path identities, we have 2 parameters (pathcluster and pathalias) which preload like:
Path: pathcluster!my.news.server!pathalias!previous.path
Would path diagnostic only be activated between pathcluster and my.news.server, and never around pathalias?
Path: pathcluster!!my.news.server!pathalias!previous.path
It would imply that when pathalias is set, no verification of the path identity of the feeding peer is done.
pathalias could indeed have 2 different uses: an internal name (and in
that case, path diag would be OK) or the name of another server (and in
that case, I am not sure path diag is OK to be added here)
[...]Path: my.news.server.net!preload.net!!previous.path
Well, strictly speaking these sorts of Path preloads and insertions are against the protocol unless one is adding only other Path identities that
one controls, so the protocol itself does not consider them or provide any guidance, other than saying that doing this at all violates a MUST. It's just an old, slightly disreputable technique that happens to sort of sometimes work.
I don't think we should document the latter (or even say explicitly that
this should only be some other alias that you control). People who want
to break the rules should know what they're doing; it's not really the
sort of thing that one should document, IMO.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 307 |
Nodes: | 16 (2 / 14) |
Uptime: | 132:33:25 |
Calls: | 6,856 |
Calls today: | 2 |
Files: | 12,360 |
Messages: | 5,418,148 |