XPost: alt.free.newsservers

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid> <tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in my
morning feed until this morning. The time stamps don't show that though,
where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?

Thank you in advance, where I will not reply to the inevitable child-like responses from the kindergarten mentality idiots who infest this newsgroup.

NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet scripts.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nospam@nospam.net>
wrote:

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

You replied to a post that was originally posted through aioe.

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid> <tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in my >morning feed until this morning. The time stamps don't show that though, >where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?

See above.

Thank you in advance, where I will not reply to the inevitable child-like >responses from the kindergarten mentality idiots who infest this newsgroup.

Speaking!

--

Die Juden sind unser Ungl�ck.
- Heinrich Gotthard Freiherr von Treitschke (1834-1896)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Ed Rhodes wrote:

Do you see "aioe" in that path?
How did it get there?

You replied to a post that was originally posted through aioe.

Thanks for hazarding a guess as I know that answering a question
on Usenet opens all of us up to all sorts of potential insults.

I appreciate the guess but aioe has been "down" for a while
but the thread I had replied to is "brand new" in recent time.

This is the thread I had replied to:
<https://groups.google.com/g/comp.mobile.android/c/rzXt4soq9zY>
Google says it was opened on February 19th, 2023.

This is the message I sent from my "newsreader" on Sunday Feb 19th.
<https://groups.google.com/g/comp.mobile.android/c/rzXt4soq9zY/m/ji96cFipBQAJ>

That message did not show up until Wednesday morning (3 days later).
This huge delay is typical for mixmin for the past few weeks.

I've been keeping watch on all mixmin posts from me, and it takes
from 8 hours to about 3 days, where that one took 3 days even
though the Google record "says" it's dated on Feb 20, 2023 (and
note that even that is wrong as I sent it on the 19th in the morning).

How did "aioe" get in the path?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
B. What is aioe doing in that PATH if the server is supposedly down?

See above.

Here's the data as I know it, which may not be fully accurate.
a. AIOE went down long before that thread was started
b. So there's no way AIOE could have been in my reply path

And yet it is.
WTF?

Anyone else seeing "aioe" in their PATH when sending through mixmin?
How did it get there in the path for new threads if AIOE is down?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 22 Feb 2023, Andy Burnelli <nospam@nospam.net> posted some news:tt5gee$2le7n$1@paganini.bofh.team:

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>
<180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net;
posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in
my morning feed until this morning. The time stamps don't show that
though, where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven
queries:

A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?

Thank you in advance, where I will not reply to the inevitable
child-like responses from the kindergarten mentality idiots who infest
this newsgroup.

NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet
scripts.

This is your post from paganini,

Path: paganini.bofh.team!eternal-september.org!reader01.eternal- september.org!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe .org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay
with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On
Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting- host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: paganini.bofh.team misc.phone.mobile.iphone:176203 comp.mobile.android:101089

netfront

Path: news.netfront.net!news.endofthelinebbs.com!newsfeed.xs3.de!callisto.xs3.de !gandalf.srv.welterde.de!eternal-september.org!reader01.eternal- september.org!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe .org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay
with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On
Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting- host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: news.netfront.net misc.phone.mobile.iphone:37219 comp.mobile.android:31403

cheese server

Path: eternal-september.org!reader01.eternal- september.org!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe .org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay
with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On
Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting- host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: reader01.eternal-september.org misc.phone.mobile.iphone:171879 comp.mobile.android:101050

Look at the path for each post.

A server always inserts itself at the begining of an article path when received. The path doesn't necessarily reflect the exact sequence the
post traveled to get there, it's a listing of peers.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Andy Burnelli <nospam@nospam.net> writes:

Huh?
Do you see "aioe" in that path?
How did it get there?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

Everything I say here comes with the substantial caveat that the Path
header is generally not authenticated by peers and thus can be easily
forged, so any analysis of the Path header is guesswork and could be
tricked by someone in the right position in the article propagation
chain.

That said, the !.POSTED! marker is generally inserted by the server that
first accepts your message, and you said you posted through mixmin.net, so that's consistent. That means (assuming no forgery) everything after the !.POSTED! was either inserted by you or by mixmin.net. I'm assuming you
didn't preload your own Path header, so I would assume it was inserted by mixmin.net.

So I believe aioe.org is in there because the mixmin.net server put it
there.

Obviously that prompts the question why. I don't know why, but one common reason to insert other people's Path identities in your Path header is
because the Path is used by most servers to deduplicate feeds, so they
won't send an article to a server whose path identity already appears in
the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever reason) is to add its path
identity to your Path header before posting, or during posting.

Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

There are other possible explanations. For example, notice that sewer is
in there twice, and appears to be the server you read the message from.
In that case, sewer is presumably part of the mixmin.net server network,
and preloading that entry is presumably some optimization to avoid making duplicate article offers. Maybe the same thing is true for aioe.org;
maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to prevent the messages from propagating via normal channels because they'll be sent via some other
channel that's configured to ignore Path entries. I have done things like
that before to solve complex peering configuration issues.

I don't think there's any way of knowing for sure why it's there without
the mixmin.net server operator telling you. Without that, we can only speculate based on reasons why people have done such things in the past.

Two questions for those who know more about this than I do and who are purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?

You can't. The netnews protocols do not track that information in any way
that is available to you. You'd have to ask each individual server
operator to check their logs, or ask someone who has read access to that
server to try to put a time bound around when it showed up.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Ed Rhodes <ejay1118@yahoo.con> writes:

Andy Burnelli <nospam@nospam.net> wrote:

Huh?
Do you see "aioe" in that path?
How did it get there?

You replied to a post that was originally posted through aioe.

The Path header has nothing to do with replies and no part of the Path
header is constructed based on the article to which you are replying.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

21364 <ev7@once.org> writes:

A server is supposed to check the path to see if a peer is already in
the list before sending to prevent loops.

Yes. Well, sort of. It's not an important loop prevention mechanism;
loop prevention is done based on the Message-ID and Date headers and the
Path header isn't reliable enough for loop prevention. It's more of a
feed optimization; it saves you all the CHECK commands for message IDs
that the peer almost certainly already has since they appear in the Path header.

Russ Allbery <eagle@eyrie.org> posted:

Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

aioe and mixmin have been peering for some time.

This makes me lean towards the second explanation that it's some sort of optimization.

A. How can I tell when this arrived in any given news feed?

You can't. The netnews protocols do not track that information in any
way that is available to you. You'd have to ask each individual server
operator to check their logs, or ask someone who has read access to
that server to try to put a time bound around when it showed up.

https://www.rfc-editor.org/rfc/rfc5536

3.2.7. Injection-Date

The Injection-Date header field contains the date and time that the
article was injected into the network. Its purpose is to enable news
servers, when checking for "stale" articles, to use a <date-time>
that was added by a news server at injection time rather than one
added by the user agent at message composition time.

The "injected into the network" part is important. There's only one Injection-Date header and it's added by the server to which you post the message. This doesn't tell you when the article has arrived in any given
news feed, since no other server adds that header. It can only tell you
when it was accepted by the first server.

Email provides this information in Received headers, but netnews doesn't
keep track of it.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 22 Feb 2023, Russ Allbery <eagle@eyrie.org> posted some news:87k009nk3y.fsf@hope.eyrie.org:

Andy Burnelli <nospam@nospam.net> writes:

Huh?
Do you see "aioe" in that path?
How did it get there?

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

Everything I say here comes with the substantial caveat that the Path
header is generally not authenticated by peers and thus can be easily
forged, so any analysis of the Path header is guesswork and could be
tricked by someone in the right position in the article propagation
chain.

That said, the !.POSTED! marker is generally inserted by the server
that first accepts your message, and you said you posted through
mixmin.net, so that's consistent. That means (assuming no forgery) everything after the !.POSTED! was either inserted by you or by
mixmin.net. I'm assuming you didn't preload your own Path header, so
I would assume it was inserted by mixmin.net.

So I believe aioe.org is in there because the mixmin.net server put it
there.

Along with others who peer with it.

Obviously that prompts the question why. I don't know why, but one
common reason to insert other people's Path identities in your Path
header is because the Path is used by most servers to deduplicate
feeds, so they won't send an article to a server whose path identity
already appears in the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever
reason) is to add its path identity to your Path header before
posting, or during posting.

A server is supposed to check the path to see if a peer is already in the
list before sending to prevent loops.

Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

aioe and mixmin have been peering for some time.

There are other possible explanations. For example, notice that sewer
is in there twice, and appears to be the server you read the message
from. In that case, sewer is presumably part of the mixmin.net server network, and preloading that entry is presumably some optimization to
avoid making duplicate article offers. Maybe the same thing is true
for aioe.org; maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to
prevent the messages from propagating via normal channels because
they'll be sent via some other channel that's configured to ignore
Path entries. I have done things like that before to solve complex
peering configuration issues.

I don't think there's any way of knowing for sure why it's there
without the mixmin.net server operator telling you. Without that, we
can only speculate based on reasons why people have done such things
in the past.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven
queries:

A. How can I tell when this arrived in any given news feed?

You can't. The netnews protocols do not track that information in any
way that is available to you. You'd have to ask each individual
server operator to check their logs, or ask someone who has read
access to that server to try to put a time bound around when it showed
up.

https://www.rfc-editor.org/rfc/rfc5536

3.2.7. Injection-Date

The Injection-Date header field contains the date and time that the
article was injected into the network. Its purpose is to enable news
servers, when checking for "stale" articles, to use a <date-time>
that was added by a news server at injection time rather than one
added by the user agent at message composition time.

This header field MUST be inserted whenever an article is injected.
However, software that predates this standard does not use this
header, and therefore agents MUST accept articles without the
Injection-Date header field.

injection-date = "Injection-Date:" SP date-time CRLF

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Russ Allbery wrote:

You replied to a post that was originally posted through aioe.

The Path header has nothing to do with replies and no part of the Path
header is constructed based on the article to which you are replying.

I agree with you that it's "impossible" (although it happened!) for me to
have replied to _anyone_ with aioe in the "References:" header, simply
based on my assumption that AIOE went down weeks before this thread occurred.

However...

I would also say that if AIOE is still down, then it "should" also be "impossible" for aioe to be in the "PATH:" header, right?

Somehow, the message went from mixmin to aioe and then to me even as
I was using dizum at the time to retrieve the messages.

Here's the "PATH:" header again, where it seems something 'funny' is
going on if AIOE is in the "PATH:" header, which anyone can reproduce.

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail


I am NOT a PATH: header expert, as all I know is you work backword from the bangs.
a. !not-for-mail
b. !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED
c. !aioe.org <=== how'd that get there?????
d. !news.uzoreto.com
e. !alphared
f. !sewer
g. !.POSTED
h. !news.mixmin.net
i. sewer

Again, I'm not an expert decomposing the path where I doubt the message took
9 hops but I'm not sure which of those bang-servers to double up on.

The issue is HOW did AIOE get into that PATH: when AIOE is supposedly down?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Andy Burnelli <nospam@nospam.net> writes:

However... I would also say that if AIOE is still down, then it "should"
also be "impossible" for aioe to be in the "PATH:" header, right?

No, any news server can put anything that it wants into the Path header.
There isn't anything in the Usenet protocol to stop it.

The next server may add some diagnostic characters to say that it doesn't
trust that Path header entry (although most servers do not currently
implement it), but unless someone writes some sort of custom filter (and
I'm not aware of any off-hand), nothing stops a server from inserting
anything it wants.

Somehow, the message went from mixmin to aioe and then to me even as I
was using dizum at the time to retrieve the messages.

I don't believe this is the case. I think you posted the message to
mixmin.net and then read it from a server called sewer (presumably this is "dizum"), and the aoie.org entry was added by mixmin.net.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Russ Allbery wrote:

Somehow, the message went from mixmin to aioe and then to me even as I
was using dizum at the time to retrieve the messages.

I don't believe this is the case. I think you posted the message to mixmin.net and then read it from a server called sewer (presumably this is "dizum"), and the aoie.org entry was added by mixmin.net.

OK. That makes sense. Thank you for that clarification. Much appreciated.
And yes, I think "sewer" is dizum's terminology as I read it with dizum.

But be advised I am no expert in PATH: headers.
So anything I say can and will be used against me. :)

All I know is they are in reverse separated by a bang and that's about it.

BTW, another guy posted what _he_ saw in the PATH: headers, and AIOE is all over the place in his headers too.

I think it's "likely" reasonable (maybe) that mixmin inserted the aioe
parts (but of course, I have no way of knowing if that's the situation).

I think anyone can reproduce what I found out by sending a test message to
this newsgroup using the server news.mixmin.net:563 using their newsreader.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On Feb 23, 2023, Morse wrote
(in article<news:tt6l18$2tpi1$1@paganini.bofh.team>):

netfront

Netfront is alive?
I thought it was dead.

Is netfront only alive for no-registration reading?
Or is netfront back again alive for no-registration posting too?

Ron, the humblest guy in town.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On Feb 22, 2023 at 9:20:17 PM CST, "Russ Allbery" <eagle@eyrie.org> wrote:

I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

My first thought when reading the original post with the Path header, and checking that I see the same Path on my server, is that some fuckery is going on. Whether malicious intent, misconfiguration, or maybe a mixture of both,
I'm not sure, but am kind of curious.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Russ Allbery wrote:

So I believe aioe.org is in there because the mixmin.net server put it
there.

I didn't mess with the PATH: header, and, anyway, it can be tested easily
by others given only two newsservers were involved (as far as I am aware).

1. I posted to news.mixmin.net:563 (no username/password is needed)
2. I read using news.dizum.net:119 (no username/password is needed)

Given no username or password is needed, anyone should be able to reproduce this by posting a test message to this newsgroup using those free servers.

Obviously that prompts the question why. I don't know why, but one common reason to insert other people's Path identities in your Path header is because the Path is used by most servers to deduplicate feeds, so they
won't send an article to a server whose path identity already appears in
the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever reason) is to add its path
identity to your Path header before posting, or during posting.

Thanks for hazarding an answer which I appreciate since I know every post
to Usenet extracts its pound of flesh no matter how heartfelt the response.

Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

Interesting... (I should probably check the headers from Steve's mixmin
server from _before_ Paolo's aioe server went down to see if maybe this
is just Steve's reaction to Paolo's server going down)....

There are other possible explanations. For example, notice that sewer is
in there twice, and appears to be the server you read the message from.

I did notice that "sewer" was there twice so thank you for pointing it out.
As a quick test, I just ran this command which anyone else can test too:

telnet news.dizum.net 119

200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)

So that's a confirmation that "sewer" is a Dizum thing.
I couldn't test mixmin the same way as I don't know how to add encryption.

telnet news.mixmin.net 119

400 Interrupted system call writing creating overview file -- throttling
Connection to host lost.

Looking up how to test to see the PATH: in mixmin I found this:

openssl s_client -showcerts -connect news.mixmin.net:563

Which spit out a lot of stuff but I didn't know what to do with it.

But at least it showed the mixmin server was alive.

In that case, sewer is presumably part of the mixmin.net server network,
and preloading that entry is presumably some optimization to avoid making duplicate article offers. Maybe the same thing is true for aioe.org;
maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to prevent the messages from propagating via normal channels because they'll be sent via some other channel that's configured to ignore Path entries. I have done things like that before to solve complex peering configuration issues.
I don't think there's any way of knowing for sure why it's there without
the mixmin.net server operator telling you. Without that, we can only speculate based on reasons why people have done such things in the past.

It's strange that "sewer" would be used both by Steve Crook at Mixmin
and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp keyword?

Two questions for those who know more about this than I do and who are
purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?

You can't. The netnews protocols do not track that information in any way that is available to you. You'd have to ask each individual server
operator to check their logs, or ask someone who has read access to that server to try to put a time bound around when it showed up.

Thanks for explaining that the date that mixmin used is all that we've got.
I did find some of these commands below that others may make use of
but I don't know enough about them to say whether they're useful or not.

echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
echo q | openssl s_client -connect news.eternal-september.org:563 | openssl x509 -noout -enddate | findstr "notAfter"
echo q | openssl s_client -connect news.dizum.net:563 | openssl x509 -noout -enddate | findstr "notAfter"

etc.

What I was hoping was to find a way to see what the "PATH:" injected
by the nntp server would be; but none of those commands told me that.

They were just shots in the dark, but I included them in case someone
who knows how to make them report the injected PATH: could do so.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Andy Burnelli <nospam@nospam.net> writes:

Russ Allbery wrote:

There are other possible explanations. For example, notice that sewer
is in there twice, and appears to be the server you read the message
from.

I did notice that "sewer" was there twice so thank you for pointing it out. As a quick test, I just ran this command which anyone else can test too:

telnet news.dizum.net 119

200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)

Yeah, I was wrong about this. It used to be a common pattern for larger
news servers to have a variety of internal servers and to use unqualified
path entries for those internal servers, so I jumped to that conclusion
about sewer. But it appears to just be a path entry used by a different
server (news.dizum.net) that you are reading from.

It's not recommended to use unqualified names like that as path entries
because they're confusing if one is trying to track down a problem and
there's a higher chance of conflicts, but as with everything else about
Path, nothing enforces that and people do it anyway. (And some servers
have been doing it for a very long time. Back in the UUCP days,
unqualified names were standard, and there may be some remnant sites that
are that old.)

It's strange that "sewer" would be used both by Steve Crook at Mixmin
and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp
keyword?

It's not. I think it's a path preload just like the aioe.org entry, and probably added for the same reason.

Given the other information on this thread, I'm leaning towards mixmin.org using some sort of configuration where for local posts it preloads the
path entries [*] for several peers and then sets up special feeds to those peers that ignore the path entries. I'm not sure *why* it's set up that
way (I can speculate about a few problems that it might solve, but none of
the explanations are that satisfying), but that's what it's looking like
to me.

[*] "Preloading" is the old Usenet term for adding path entries that
aren't your own to new posts when they're injected at your server.

Thanks for explaining that the date that mixmin used is all that we've
got. I did find some of these commands below that others may make use
of but I don't know enough about them to say whether they're useful or
not.

echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"

This is printing out the expiration date of the TLS certificate for that server. I don't think this is useful for the question you're trying to investigate.

What I was hoping was to find a way to see what the "PATH:" injected by
the nntp server would be; but none of those commands told me that.

Yeah, servers are not required to tell you. *Usually*, as with the
example above from news.dizum.net, the first word in the 200 response is
the same as the path entry for that server, but this does not have to be
the case, and indeed I don't remember off-hand which configuration setting
INN uses as the first word after 200.

If a server is preloading extra path entries, there isn't any NNTP command that's going to tell you that; you'd have to make a post and then look at
its Path header.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 23/02/2023 04:20, Russ Allbery wrote:

So I believe aioe.org is in there because the mixmin.net server put it
there.

Right

Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
the standard configuration Postfilter adds the path aioe.org to Path:
and not your server, me to beginning I had the same problem, before I
figured it out), and then here is the reason for the presence of "aioe"
in the path: without aioe being "alive".


--
Ivo Gandolfo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Russ Allbery <eagle@eyrie.org> wrote in
news:87v8js6hhp.fsf@hope.eyrie.org:

Andy Burnelli <nospam@nospam.net> writes:

Russ Allbery wrote:

There are other possible explanations. For example, notice that
sewer is in there twice, and appears to be the server you read the
message from.

I did notice that "sewer" was there twice so thank you for pointing
it out. As a quick test, I just ran this command which anyone else
can test too: C:\> telnet news.dizum.net 119
200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)

Yeah, I was wrong about this. It used to be a common pattern for
larger news servers to have a variety of internal servers and to use unqualified path entries for those internal servers, so I jumped to
that conclusion about sewer. But it appears to just be a path entry
used by a different server (news.dizum.net) that you are reading from.

I run a Windows NNTP server where I can alter the host name and make it
appear as something else. When I configure a peer server, it appears in
the path and gets appended after the server name. I can also add a
nonexistent peer.

So Path: servername|peer1|peer2|nopeer1|nopeer2 etc.

It's not recommended to use unqualified names like that as path
entries because they're confusing if one is trying to track down a
problem and there's a higher chance of conflicts, but as with
everything else about Path, nothing enforces that and people do it
anyway. (And some servers have been doing it for a very long time.
Back in the UUCP days, unqualified names were standard, and there may
be some remnant sites that are that old.)

It's strange that "sewer" would be used both by Steve Crook at Mixmin
and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp
keyword?

Steve dosen't use "sewer" except for peering.

It's not. I think it's a path preload just like the aioe.org entry,
and probably added for the same reason.

Given the other information on this thread, I'm leaning towards
mixmin.org using some sort of configuration where for local posts it
preloads the path entries [*] for several peers and then sets up
special feeds to those peers that ignore the path entries. I'm not
sure *why* it's set up that way (I can speculate about a few problems
that it might solve, but none of the explanations are that
satisfying), but that's what it's looking like to me.

[*] "Preloading" is the old Usenet term for adding path entries that
aren't your own to new posts when they're injected at your server.

Thanks for explaining that the date that mixmin used is all that
we've got. I did find some of these commands below that others may
make use of but I don't know enough about them to say whether they're
useful or not.

echo q | openssl s_client -connect news.mixmin.net:563 | openssl

x509 -noout -enddate | findstr "notAfter"

This is printing out the expiration date of the TLS certificate for
that server. I don't think this is useful for the question you're
trying to investigate.

What I was hoping was to find a way to see what the "PATH:" injected
by the nntp server would be; but none of those commands told me that.

Yeah, servers are not required to tell you. *Usually*, as with the
example above from news.dizum.net, the first word in the 200 response
is the same as the path entry for that server, but this does not have
to be the case, and indeed I don't remember off-hand which
configuration setting INN uses as the first word after 200.

If a server is preloading extra path entries, there isn't any NNTP
command that's going to tell you that; you'd have to make a post and
then look at its Path header.

True and there is still room for obfuscation.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

In article <tt75ca$2vfhi$1@paganini.bofh.team>
Ivo Gandolfo <usenet@bofh.team> wrote:

On 23/02/2023 04:20, Russ Allbery wrote:

So I believe aioe.org is in there because the mixmin.net server put it there.

Right

Could the mixmin.net server operator want to prevent messages posted through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering drama), but it's one reasonably obvious possible explanation.

Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
the standard configuration Postfilter adds the path aioe.org to Path:
and not your server, me to beginning I had the same problem, before I
figured it out), and then here is the reason for the presence of "aioe"
in the path: without aioe being "alive".

You let the cat out of the bag.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli wrote:

Huh?
Do you see "aioe" in that path?
How did it get there?

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!

uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

From: Andy Burnelli <nospam@nospam.net>
Injection-Info: news.mixmin.net;
posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB Xref: sewer
misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in my morning feed until this morning. The time stamps don't show that though, where I sent it on Sunday at 6am local time.

I just checked all articles received from mixmin during the last 10 days
(167 in total) and the only post showing this anomaly in the Path: header
is yours. All other articles are correct:

Path: eternal-september.org!reader01.eternal-september.org! news.mixmin.net!.POSTED!not-for-mail.

--
Too many ingredients in the soup, no room for a spoon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 2023-02-22, Andy Burnelli <nospam@nospam.net> wrote:

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

According to my logs, the only posts through mixmin which have those
unexpected components to the right of news.mixmin.net!.POSTED, are
yours.

Cheers,
Tom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

(this is the duplicate sent via mixmin moments later)

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nospam@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me> <180220231127060887%nospam@nospam.invalid> <tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me> <tsrcrn$48ja$1@dont-email.me> <180220231913479333%nospam@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in my
morning feed until this morning. The time stamps don't show that though,
where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?

Thank you in advance, where I will not reply to the inevitable child-like responses from the kindergarten mentality idiots who infest this newsgroup.

NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet scripts.

(this is the duplicate sent via mixmin moments later)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 22 Feb 2023, Ed Rhodes <ejay1118@yahoo.con> posted some news:5aedvh9eq4853uicis2hrcql97t6al6sup@4ax.com:

On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nospam@nospam.net>
wrote:

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

You replied to a post that was originally posted through aioe.

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>

No, it wasn't. You think you can read headers but you flunked path class.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Jesse Rehmer wrote:

My first thought when reading the original post with the Path header, and checking that I see the same Path on my server, is that some fuckery is going on. Whether malicious intent, misconfiguration, or maybe a mixture of both, I'm not sure, but am kind of curious.

Regarding the test, I still haven't seen the original message in the mixmin feed yet, but I expected it to be delayed over that of the paganini copy.

Regarding the PATH: header with "aioe" in it when aioe can't be in the loop
I posted to news.mixmin.net:563 & read from news.dizum.net:119

This is the resulting PATH: header.
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

What would be useful to everyone, certainly to me, I think, would be if
someone can take apart the path and tell the rest of us what it's saying.

For example, what IP address is that in the PATH: header?
It's not what a ping shows me of news.mixmin.net anyway.

ping news.mixmin.net

Pinging fleegle.mixmin.net [144.76.182.167] with 32 bytes of data:

tracert news.mixmin.net

With the last few hops not having anything near 46.165.242.75 in them...
17 253 ms 185 ms 190 ms ae4.cs1.ams17.nl.eth.zayo.com [64.125.28.36]
18 186 ms 191 ms 215 ms ae2.cs1.fra6.de.eth.zayo.com [64.125.29.58]
19 199 ms 198 ms * ae0.cs1.fra9.de.eth.zayo.com [64.125.29.55]
20 193 ms 236 ms 202 ms ae1.mcs1.fra9.de.eth.zayo.com [64.125.29.65]
21 199 ms 207 ms 189 ms as24940.frankfurt.megaport.com [62.69.146.15]
22 198 ms 200 ms * hos-tr3.ex3k4.dc4.fsn1.hetzner.com [213.239.224.69]
23 196 ms 178 ms 191 ms ex9k1.dc11.fsn1.hetzner.com [213.239.203.142]
24 182 ms 189 ms 176 ms fleegle.mixmin.net [144.76.182.167]

A google for 46.165.242.75 shows https://www.whois.com/whois/46.165.242.75
inetnum: 46.165.240.0 - 46.165.247.255
netname: Leaseweb
descr: Leaseweb Deutschland GmbH
person: RIPE Mann
address: Kleyerstrasse 75-87
address: 60326 Frankfurt am Main
address: Germany

Does that point to anything that makes sense to you why/how it's there?

And maybe can someone who knows how a PATH: works tell us how many hops it took and who injected which bang-section into that specific nntp PATH: header?

1. !not-for-mail
2. !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED
3. !aioe.org <=== how'd that get there?????
4. !news.uzoreto.com
5. !alphared
6. !sewer
7. !.POSTED
8. !news.mixmin.net
9. sewer

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 23-02-2023 07:41 Ivo Gandolfo <usenet@bofh.team> wrote:

Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso

Did Paolo Amoroso of aioe fame write the "Postfilter" application?

I googled for those two words in combination and only this came up. https://www.paoloamoroso.com/about

It's creepy to google someone I don't know but that guy wrote a book https://leanpub.com/spaceappsforandroid

And he has a web page & journal on the net so he's not shy about himself. https://journal.paoloamoroso.com/

But still, I didn't see any mention of nntp servers or aioe specifically.
Nor any mention that he wrote the Postfilter 9.3 code.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

lark wrote:

Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
the standard configuration Postfilter adds the path aioe.org to Path:
and not your server, me to beginning I had the same problem, before I
figured it out), and then here is the reason for the presence of "aioe"
in the path: without aioe being "alive".

You let the cat out of the bag.

Since I had posted to news.mixmin.net:563 and read from news.dizum.net:119
is this how the nntp PATH: header got to where it happened to get to?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

1. Steve Crook's mixmin server injected this into the PATH: header...
!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

2. Alex deJoode's dizum server injected this into the PATH: header...
sewer!news.mixmin.net!.POSTED!sewer

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers, alt.society.mental-health

Andy Burnelli <nospam@nospam.net> wrote in news:tt99ur$3b541$1@paganini.bofh.team:

Jesse Rehmer wrote:

My first thought when reading the original post with the Path header,
and checking that I see the same Path on my server, is that some
fuckery is going on. Whether malicious intent, misconfiguration, or
maybe a mixture of both, I'm not sure, but am kind of curious.

Regarding the test, I still haven't seen the original message in the
mixmin feed yet, but I expected it to be delayed over that of the
paganini copy.

Regarding the PATH: header with "aioe" in it when aioe can't be in the
loop I posted to news.mixmin.net:563 & read from news.dizum.net:119

This is the resulting PATH: header.
Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

What would be useful to everyone, certainly to me, I think, would be
if someone can take apart the path and tell the rest of us what it's
saying.

For example, what IP address is that in the PATH: header?
It's not what a ping shows me of news.mixmin.net anyway.

ping news.mixmin.net

Pinging fleegle.mixmin.net [144.76.182.167] with 32 bytes of
data:

tracert news.mixmin.net

With the last few hops not having anything near 46.165.242.75 in
them...
17 253 ms 185 ms 190 ms ae4.cs1.ams17.nl.eth.zayo.com
[64.125.28.36] 18 186 ms 191 ms 215 ms
ae2.cs1.fra6.de.eth.zayo.com [64.125.29.58] 19 199 ms 198 ms
* ae0.cs1.fra9.de.eth.zayo.com [64.125.29.55] 20 193 ms 236
ms 202 ms ae1.mcs1.fra9.de.eth.zayo.com [64.125.29.65] 21 199 ms
207 ms 189 ms as24940.frankfurt.megaport.com [62.69.146.15] 22
198 ms 200 ms * hos-tr3.ex3k4.dc4.fsn1.hetzner.com
[213.239.224.69] 23 196 ms 178 ms 191 ms
ex9k1.dc11.fsn1.hetzner.com [213.239.203.142] 24 182 ms 189 ms
176 ms fleegle.mixmin.net [144.76.182.167]

A google for 46.165.242.75 shows
https://www.whois.com/whois/46.165.242.75
inetnum: 46.165.240.0 - 46.165.247.255
netname: Leaseweb
descr: Leaseweb Deutschland GmbH
person: RIPE Mann
address: Kleyerstrasse 75-87
address: 60326 Frankfurt am Main
address: Germany

Does that point to anything that makes sense to you why/how it's
there?

And maybe can someone who knows how a PATH: works tell us how many
hops it took and who injected which bang-section into that specific
nntp PATH: header?

1. !not-for-mail
2. !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED
3. !aioe.org <=== how'd that get there?????
4. !news.uzoreto.com
5. !alphared
6. !sewer
7. !.POSTED
8. !news.mixmin.net
9. sewer

Dude, you've ben told multiple times by multiple different posters how the
path functions and you refuse to accept it.

It doesn't matter how many times you rehash and ask, it's not going to
change.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Ray Banana wrote:

I just checked all articles received from mixmin during the last 10 days
(167 in total) and the only post showing this anomaly in the Path: header
is yours. All other articles are correct:

Path: eternal-september.org!reader01.eternal-september.org! news.mixmin.net!.POSTED!not-for-mail.

That's it. You're the second person to say that, so, it must be me.
I think I need to look at those telnet scripts again.

Maybe something messed up somewhere somehow someway.
For example, the scripts mess with some headers, but not normally the PATH: header. They just scramble the VPN and the TZONE on purpose for privacy.

Nothing fancy.
Just basic privacy.

The scripts were originally written by Marek Novotny, who has passed away.
I ported them from CentOS to Windows years ago with his expert Linux help.

Then I left them alone unless/until something broke.
Which rarely happens.

Looks like perhaps something broke.

It's either that or Steve is adding PATH: stuff just for me.
And I very much doubt that's the situation since I'm not that interesting.

Given that, I will dig into the scripts which I hadn't thought was the
issue until Wolfgang and Tim told me what they saw, and I confirmed that.

Sigh.

I apologize for what appears to be a false alarm on my part.
I'm embarrassed if that's the case, and it's looking like it indeed is.

Mea culpa.
I am sorry.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Tom Furie wrote:

According to my logs, the only posts through mixmin which have those unexpected components to the right of news.mixmin.net!.POSTED, are
yours.

Now _that_ is interesting!
As far as I know, I'm "normal" to any of these nntp servers, so to speak.

I just saw that Wolfang said the same thing as you, so I checked what I
could in the three newsgroups I post most to, which are, for the record:
<http://news.google.com/g/comp.mobile.android>
<http://news.google.com/g/misc.phone.mobile.iphone>

If I filter those newsgroups on message id's containing mixmin, I can see
I'm not the only one posting to those newsgroups using the mixmin server.

But I pretty much see what you are saying looking at the PATH: headers.
Listed in short-to-long order to eliminate duplicates in the results
there are only about a dozen different PATH: headers in those newsgroups.

Path: sewer!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!news.mixmin.net!news.neodome.net!mail2news
Path: sewer!news2.arglkargh.de!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!weretis.net!feeder8.news.weretis.net!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!alphared!news.uzoreto.com!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
Path: sewer!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!news2.arglkargh.de!news.karotte.org!news.szaf.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!alphared!news2.arglkargh.de!news.karotte.org!news.szaf.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!alphared!2.eu.feeder.erje.net!3.us.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!news.ausics.net!news.mixmin.net!.POSTED!not-for-mail

And only mine have the "aioe" in that Path: header.
I agree that's rather odd.

Why would my PATH: show up any differently than anyone else's does?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Andy Burnelli <nospam@nospam.net> wrote:

Ray Banana wrote:

I just checked all articles received from mixmin during the last 10 days (167 in total) and the only post showing this anomaly in the Path: header is yours. All other articles are correct:

Path: eternal-september.org!reader01.eternal-september.org! news.mixmin.net!.POSTED!not-for-mail.

That's it. You're the second person to say that, so, it must be me.
I think I need to look at those telnet scripts again.

Maybe something messed up somewhere somehow someway.
For example, the scripts mess with some headers, but not normally the PATH: header. They just scramble the VPN and the TZONE on purpose for privacy.

Nothing fancy.
Just basic privacy.

The scripts were originally written by Marek Novotny, who has passed away.
I ported them from CentOS to Windows years ago with his expert Linux help.

Then I left them alone unless/until something broke.
Which rarely happens.

Looks like perhaps something broke.

It's either that or Steve is adding PATH: stuff just for me.
And I very much doubt that's the situation since I'm not that interesting.

Could it have anything to do with your copious activities in:- misc.phone.mobile.iphone; comp.sys.mac.*; etc. ?

Given that, I will dig into the scripts which I hadn't thought was the
issue until Wolfgang and Tim told me what they saw, and I confirmed that.

Sigh.

I apologize for what appears to be a false alarm on my part.
I'm embarrassed if that's the case, and it's looking like it indeed is.

Mea culpa.
I am sorry.

--
^Ï^. – Sn!pe – My pet rock Gordon just is.

If you want peace, prepare for war.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 2/23/2023 11:27 PM, Andy Burnelli wrote:

Tom Furie wrote:

According to my logs, the only posts through mixmin which have those
unexpected components to the right of news.mixmin.net!.POSTED, are
yours.

Why would my PATH: show up any differently than anyone else's does?

The obscurity of your injection methods, is what ends up
finding things like these path preloads.

How many other people, inject messages exactly the way you do ?

The evidence says, none this month.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 23 Feb 2023, Andy Burnelli <nospam@nospam.net> posted some news:tt9b4f$3b8na$1@paganini.bofh.team:

lark wrote:

Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it
(with the standard configuration Postfilter adds the path aioe.org
to Path: and not your server, me to beginning I had the same
problem, before I figured it out), and then here is the reason for
the presence of "aioe" in the path: without aioe being "alive".

You let the cat out of the bag.

Since I had posted to news.mixmin.net:563 and read from
news.dizum.net:119 is this how the nntp PATH: header got to where it
happened to get to?

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

1. Steve Crook's mixmin server injected this into the PATH: header...
!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.1
65.242.75.POSTED!not-for-mail

2. Alex deJoode's dizum server injected this into the PATH: header...
sewer!news.mixmin.net!.POSTED!sewer

So explain this one.

Path: news.neodome.net!weretis.net!feeder8.news.weretis.net!Andy.Burnelli.is.clu eless|paganini.bofh.team!not-for-mail

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Hi Russ,

200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)

*Usually*, as with the example above from news.dizum.net, the first
word in the 200 response is the same as the path entry for that
server, but this does not have to be the case, and indeed I don't
remember off-hand which configuration setting INN uses as the first
word after 200.

Neither do I off-hand. Just checked: both innd and nnrpd advertise the
path identity after the 200/201 greeting response.
(In the next 2.8.0 major release, nnrpd will advertise instead the new configurable server name which will also be used in Message-ID and Injection-Info header fields. If not set, it defaults to innd's path identity.)

--
Julien ÉLIE

« – On nage dans le lac, on escalade les montagnes…
– Ben quoi ? Nous ne sommes pas en vacances ! » (Astérix)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Hi Russ,

one common
reason to insert other people's Path identities in your Path header is because the Path is used by most servers to deduplicate feeds, so they
won't send an article to a server whose path identity already appears in
the Path. Therefore, a long-standing tactic for preventing your post from showing up at some server (for whatever reason) is to add its path
identity to your Path header before posting, or during posting.

[...]

maybe mixmin.net and aioe.org have a special peering relationship and mixmin.net preloads the aioe.org path entry to prevent the messages from propagating via normal channels because they'll be sent via some other channel that's configured to ignore Path entries. I have done things like that before to solve complex peering configuration issues.

I hope such insertions and preloads are done before adding the path
identity of the news server which actually handles the message.
That is to say, if my.news.server.net inserts preload.net in the Path
header field, and has verified the last entry of the received path is
the expected one, it would be this way:

Path: my.news.server.net!preload.net!!previous.path

By the way, is it wise to add a verified diag match here? (my.news.server.net!!preload.net) I am unsure, as the article did not
pass through preload.net, and such a syntax would imply that
my.server.net verified it came from preload.net.
Yet, I also wonder if "preload.net!!previous.path" is OK as preload.net
didn't verify previous.path (it was actually verified by
my.news.server.net).

So, maybe there shouldn't be any diagnostic added when preloading at the
right side?

Path: my.news.server.net!preload.net!previous.path


The rationale for preload.net added first is that it would otherwise
mean that the next peer would know that the path identity of
my.news.server.net could be preload.net, so that it does not do
something like:

Path: next.server.com!.MISMATCH.my.news.server.net!preload.net!my.news.server.net!previous.path



Coming back to how INN deals with additional path identities, we have 2 parameters (pathcluster and pathalias) which preload like:

Path: pathcluster!my.news.server!pathalias!previous.path


Would path diagnostic only be activated between pathcluster and
my.news.server, and never around pathalias?

Path: pathcluster!!my.news.server!pathalias!previous.path

It would imply that when pathalias is set, no verification of the path
identity of the feeding peer is done. (Or maybe a special pathaliasdiag configuration option should be added to incoming.conf to enable it
anyway? - default would be disabled)

pathalias could indeed have 2 different uses: an internal name (and in
that case, path diag would be OK) or the name of another server (and in
that case, I am not sure path diag is OK to be added here)

--
Julien ÉLIE

« La fin du monde est un sujet sérieux, surtout pour ceux qui s'y
préparent. » (Filiu)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 22 Feb 2023, Ed Rhodes <ejay1118@yahoo.con> posted some news:5aedvh9eq4853uicis2hrcql97t6al6sup@4ax.com:

On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nospam@nospam.net>
wrote:

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

You replied to a post that was originally posted through aioe.

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>

No, it wasn't. You think you can read headers but you flunked path class.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Paul wrote:

The obscurity of your injection methods, is what ends up
finding things like these path preloads.

How many other people, inject messages exactly the way you do ?

The evidence says, none this month.

Hi Paul,
Thanks. I know you well from the Windows ng and you're a purposefully
helpful guy, like I am, who has helped thousands over the years.

I found the problem which was a syntax error crept into the scripts.

I will send _this_ message via Paganini & Mixmin on Saturday February 26th,
at 11pm via my telnet scripts and at the same time I will ensure my system
time (which changes randomly to foil fingerprinters) will be Pacific Time.

I expect the Mixmin copy to arrive in a few days, sans aioe in the path.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 2023-02-22, Andy Burnelli <nospam@nospam.net> wrote:

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

perhaps aioe still has a transit (peering) server running and only its
reader is down.

--
SDF Public Access UNIX System - https://sdf.org

That which does not kill you makes you stranger.
-- Trevor Goodchild - AEon Flux

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 24/02/2023 04:26, mike wrote:

But still, I didn't see any mention of nntp servers or aioe specifically.
Nor any mention that he wrote the Postfilter 9.3 code.

https://github.com/Aioe

--
Ivo Gandolfo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On Tue, 28 Feb 2023 18:06:50 +0000, fos wrote:

perhaps aioe still has a transit (peering) server running and only its
reader is down.

negative

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Russ Allbery <eagle@eyrie.org> writes:

Ed Rhodes <ejay1118@yahoo.con> writes:

Andy Burnelli <nospam@nospam.net> wrote:

Huh?
Do you see "aioe" in that path?
How did it get there?

You replied to a post that was originally posted through aioe.

The Path header has nothing to do with replies and no part of the Path
header is constructed based on the article to which you are replying.

Check Path header in this message: <ttf01c$1ckpr$1@news.mixmin.net>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Andy Burnelli <nospam@nospam.net> writes:

Paul wrote:

The obscurity of your injection methods, is what ends up
finding things like these path preloads.
How many other people, inject messages exactly the way you do ?
The evidence says, none this month.

Hi Paul,
Thanks. I know you well from the Windows ng and you're a purposefully
helpful guy, like I am, who has helped thousands over the years.

I found the problem which was a syntax error crept into the scripts.

I will send _this_ message via Paganini & Mixmin on Saturday February
26th, at 11pm via my telnet scripts and at the same time I will ensure
my system
time (which changes randomly to foil fingerprinters) will be Pacific Time.

I expect the Mixmin copy to arrive in a few days, sans aioe in the path.

This message have your User-Agent in Path.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

On 22 Feb 2023, Andy Burnelli <nospam@nospam.net> posted some news:tt5gh5$3c90k$1@news.mixmin.net:

(this is the duplicate sent via mixmin moments later)

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus
received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path:
sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
Andy Burnelli <nospam@nospam.net> Newsgroups:
misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
<was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
Message-ID: <tst896$1ongb$1@news.mixmin.net>
References: <tsqtni$2ar0$1@dont-email.me>
<180220231127060887%nospam@nospam.invalid>
<tsqusa$vsp5$1@paganini.bofh.team> <tsr0sq$2pii$1@dont-email.me>
<tsrcrn$48ja$1@dont-email.me>
<180220231913479333%nospam@nospam.invalid> Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net;
posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
logging-data="1859083"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in
my morning feed until this morning. The time stamps don't show that
though, where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven
queries:

A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?

Thank you in advance, where I will not reply to the inevitable
child-like responses from the kindergarten mentality idiots who infest
this newsgroup.

NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet
scripts.

(this is the duplicate sent via mixmin moments later)

Vous �tes un fou du TOC et les gens aiment jouer avec vous.

Sujet : Re: Suprisingly a Peering request
De : mnalis-news (at) *nospam* voyager.hr (Matija Nalis)
Groupes : news.admin.peering
Date : 06. Jan 2022, 17:01:44
Autres ent�tes
On Wed, 5 Jan 2022 21:17:31 -0600, R. Holme <holmer@url.invalid> wrote:

openssl s_client -ign_eof -connect news.cyber23.de:563

Port 119 is MITM spook and blackhat territory. This is why I ask about a
secure connection being available.

Posting _anything_ to port 119 that is not cryptographically signed can
allow the blackhats and spooks to interject, change en route your data.

Why do you think there is any difference in security between
"TLS connect to port 563 directly" compared to "plaintext connect to
port 119, issue 'STARTTLS' command, and refuse to proceed unless server
offers TLS" ?

(assuming your client has an option "force use of STARTTLS", of course -
if it does not, that seems like a client bug, if it's interested in
offering transport security).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Am 22.02.2023 um 21:08:23 Uhr schrieb Russ Allbery:

Andy Burnelli <nospam@nospam.net> writes:

Somehow, the message went from mixmin to aioe and then to me even
as I was using dizum at the time to retrieve the messages.

I don't believe this is the case. I think you posted the message to mixmin.net and then read it from a server called sewer (presumably
this is "dizum"), and the aoie.org entry was added by mixmin.net.

Why should mixmin do that?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.free.newsservers

Am 28.02.2023 um 18:06:50 Uhr schrieb fos@sdf.org:

perhaps aioe still has a transit (peering) server running and only
its reader is down.

According to E-S, they use newsfeed.aioe.org which points to
46.165.242.75.

I get ICMP dest unreachable.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Julien ÉLIE <iulius@nom-de-mon-site.com.invalid> writes:

Hi Russ,

I hope such insertions and preloads are done before adding the path
identity of the news server which actually handles the message. That is
to say, if my.news.server.net inserts preload.net in the Path header
field, and has verified the last entry of the received path is the
expected one, it would be this way:

Path: my.news.server.net!preload.net!!previous.path

Well, strictly speaking these sorts of Path preloads and insertions are
against the protocol unless one is adding only other Path identities that
one controls, so the protocol itself does not consider them or provide any guidance, other than saying that doing this at all violates a MUST. It's
just an old, slightly disreputable technique that happens to sort of
sometimes work.

(As it turns out, in this case apparently the person who made the original report was inserting all of these spurious Path entries himself? Without knowing it? I dunno, I got confused and didn't follow and decided I
didn't care enough.)

In the case of the server farm with multiple identities, this is covered
in RFC 5537 section 3.2.1 step 4:

4. The agent MAY then prepend to the Path header field content "!"
or "!!" followed by an additional <path-identity> for itself
other than its primary one. Using "!!", and thereby adding a
<diag-match> since the <path-identity> clearly is verified, is
RECOMMENDED. This step may be repeated any number of times.
This is permitted for agents that have multiple <path-identity>s
(such as during a transition from one to another). Each of these
<path-identity>s MUST meet the requirements set out in
Section 3.2.

By the way, is it wise to add a verified diag match here? (my.news.server.net!!preload.net) I am unsure, as the article did not
pass through preload.net, and such a syntax would imply that
my.server.net verified it came from preload.net.

In the case of some Path identity that isn't one's own, the server would already be violating the rules of the protocol so it would amount to a
judgment call about what would cause the least harm. I'd probably just
use "!" for everything because at the point that I'm lying about the Path
of the article, I can't really claim any of this stuff has been checked.

The rationale for preload.net added first is that it would otherwise
mean that the next peer would know that the path identity of my.news.server.net could be preload.net, so that it does not do
something like:

Path: next.server.com!.MISMATCH.my.news.server.net!preload.net!my.news.server.net!previous.path

One could argue that MISMATCH is correct in this case since it at least documents that my.news.server.net is breaking the protocol.

Coming back to how INN deals with additional path identities, we have 2 parameters (pathcluster and pathalias) which preload like:

Path: pathcluster!my.news.server!pathalias!previous.path

Would path diagnostic only be activated between pathcluster and my.news.server, and never around pathalias?

Path: pathcluster!!my.news.server!pathalias!previous.path

In the case of INN's pathcluster and pathalias settings, these are
intended to be used for additional Path identities that are yours, such as
the migration case mentioned in the RFC. The delimiter between
my.news.server and pathalias therefore SHOULD use "!!". (And pathcluster should be the identity that you tell your peers to expect, so that they
will also use "!!".)

It would imply that when pathalias is set, no verification of the path identity of the feeding peer is done.

The delimiter between pathalias and previous.path shouldn't be affected by
this setting. It should be "!!" if previous.path is verified and
something else if it is not, regardless of whether pathalias or
my.news.server is the next entry.

pathalias could indeed have 2 different uses: an internal name (and in
that case, path diag would be OK) or the name of another server (and in
that case, I am not sure path diag is OK to be added here)

I don't think we should document the latter (or even say explicitly that
this should only be some other alias that you control). People who want
to break the rules should know what they're doing; it's not really the
sort of thing that one should document, IMO.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Russ,

Path: my.news.server.net!preload.net!!previous.path

Well, strictly speaking these sorts of Path preloads and insertions are against the protocol unless one is adding only other Path identities that
one controls, so the protocol itself does not consider them or provide any guidance, other than saying that doing this at all violates a MUST. It's just an old, slightly disreputable technique that happens to sort of sometimes work.

[...]

I don't think we should document the latter (or even say explicitly that
this should only be some other alias that you control). People who want
to break the rules should know what they're doing; it's not really the
sort of thing that one should document, IMO.

That's perfectly clear, thanks for your message.

--
Julien ÉLIE

« L'art de la médecine consiste à distraire le malade pendant que la
nature le guérit. » (Voltaire)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)