I have cleanfeed installed. filter_innd.pl is a symlink to cleanfeed. I
would expect cleanfeed to reject certain posts posted to my server via
nnrpd (for example, binary postings to non-binary groups), and I vaguely remember that it worked this way, but now it doesn't happen. Server
happily accepts these posts.
When is filter_innd.pl used? Is it used only for articles coming from
other servers (via a newsfeed), or also for locally posted articles?
If it's the latter, then where in this picture filter_nnrpd.pl fits in?
What if both are enabled, and someone posts the article (via nnrpd)? filter_nnrpd.pl is executed, but is filter_innd.pl executed also?
When is filter_innd.pl used? Is it used only for articles coming from
If it's the latter, then where in this picture filter_nnrpd.pl fits in?
What if both are enabled, and someone posts the article (via nnrpd)? filter_nnrpd.pl is executed, but is filter_innd.pl executed also?
I have cleanfeed installed. filter_innd.pl is a symlink to cleanfeed. I
would expect cleanfeed to reject certain posts posted to my server via
nnrpd (for example, binary postings to non-binary groups), and I vaguely remember that it worked this way, but now it doesn't happen. Server
happily accepts these posts.
On my installation, /etc/news/filters/filter_innd.pl calls /etc/news/cleanfeed/cleanfeed.local and is called for every article
/etc/news/filters/filter_innd.pl and cleanfeed are not allowed to modify articles (for good reasons).
In /etc/news/cleanfeed/cleanfeed.local there are some toggles you can
set to modify the behaviour.
On my installation, /etc/news/filters/filter_innd.pl calls
/etc/news/cleanfeed/cleanfeed.local and is called for every article
/etc/news/cleanfeed/cleanfeed I guess?
- MIME-encoded image is accepted. Example (full post):
To me, it looks like a bug in cleanfeed, but is it possible that such
basic loophole in a filter used by most news servers went unnoticed?
When I'm trying to post yEnc-encoded data, I'm getting the info in a rejection message, so I guess filter_innd.pl is enough for that.
If there's any other cleanfeed-like tool (or cleanfeed fork) that's still maintained I'll be happy to switch.
/etc/news/cleanfeed/cleanfeed.local and is called for every article
/etc/news/cleanfeed/cleanfeed I guess?
Not in my installation, but I guess it was manually installed.
Maybe this is just not handled by this version?
I don't think mine does it either, however I have not encountered,
recently, anyone posting that kind of stuff. If it's in the big8 and you
have a Message-ID I could look for it.
I guess rejecting Content-Type: multipart/mixed in the header checks
could be enough. It would be even better to do it in filter_nnrpd.pl so
that the user gets some info (if it's a local post).
Doing a quick search shows me that the original author has not released anything since 1998, and that there are various patches floating around
and a mixmin version on GitHub, dating > 10 years ago.
Anyone has a more recent version?
When I'm trying to post yEnc-encoded data, I'm getting the info in a
rejection message, so I guess filter_innd.pl is enough for that.
Rejection message to the NNTP/NNRP client? that's filter_nnrpd.pl.
There was also a tool used by AIOE (postfilter) [1], some french news server installed it recently apparently with good success [2], although he
asked for help for configuration details.
[1] https://github.com/Aioe/postfilter
[2] https://usenet-fr.alphanet.ch/search/message-id/%3Ctvjqtq%2468o%241%40ns507557.dodin.fr.nf%3E/0
I got a rejection message during posting from filter_innd.pl.
: 441 437 Binary: misplaced binary
Adam W. <gof-cut-this-news@cut-this-chmurka.net.invalid> wrote:
I have cleanfeed installed. filter_innd.pl is a symlink to cleanfeed. I
would expect cleanfeed to reject certain posts posted to my server via
nnrpd (for example, binary postings to non-binary groups), and I vaguely
remember that it worked this way, but now it doesn't happen. Server
happily accepts these posts.
An update.
When I try to post an article with a forbidden subject (simpbiz.software),
it gets rejected, so the filtering is enabled. But still, binary postings
get through.
I'm testing it with (prefixing here with : so it doesn't get flagged as a binary posting):
: begin 664 test
: `
: end
: begin 664 test
: `
: end
Try to do bigger file, at leat couple of lines long.
Neodome Admin <admin@neodome.net> wrote:
: begin 664 test
: `
: end
Try to do bigger file, at leat couple of lines long.
It looks like it's triggered when the extension is .jpg.
The most important issue is that MIME-encoded binaries are accepted...
441 437 Binary: misplaced binary
So, maybe I was wrong, and filter_nnrpd.pl AND filter_innd.pl (cleanfeed here) can transmit error messages to the user.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 308 |
Nodes: | 16 (2 / 14) |
Uptime: | 91:28:33 |
Calls: | 6,923 |
Calls today: | 1 |
Files: | 12,382 |
Messages: | 5,434,024 |