Doc /

INN - cancel-lock/cancel-key

< INN - cancels | Configure the INN nntp server (2021/2022) | INN - robots >

Why

Basically, anybody having the necessary knowledge can issue a cancel to remove an article from a group. To prevent such thing, a system called "cancel-lock, cancel-key" was created and will be default on INN 2.7 (I'm still in 2.6 on feb 20, 2022).

How

notice that the postfilter Ivo version manage also Cancel-lock/Cancel-key.

Right now it need to use a patch of cleanfeed, you can find here.

For me it was in "cleanfeed-master", I used (but check the link to see if it's still the exact link)

wget https://home.gegeweb.org/files/filter_nnrpd.pl

and

wget https://home.gegeweb.org/files/cleanfeed.local

The RFC is here

Make sure you have the Digest::SHA and Digest::MD5 Perl modules installed. They are normally standard modules but some distributions do not install it by default.

The following commands should not return any error:
% perl -e "use Digest::SHA"
% perl -e "use Digest::MD5"

How to use it (as client)

Some newsgroups clients knows about cancel-lock/cancel-keys are are able to add themselves a cancel-lock key. So good :-). Of course, the same client knows howto add a cancel-key to a cancel/supersedes message, so if you use it, you shouldn't have any problem.

If you don't have such a client, the server will add itself a cancel-lock to your mail, but it needs to know how to makes sure it's you that send the cancel messages. If you connect to the server with login/passwd, it shouldn't be any problem, else read more.

Problem: no authentication

The scripts above expect your server to have an authentication mechanism. If not, anybody can cancel a post, even if "-C" was added in INN.

For you to understand, you need to know that the server have to be sure the cancel is originated by the author of the original article. One way to be so is to check if the article come from the same people as the target article.

I chooses to check if the cancel article come from the same IP than the original.

To achieve this I modified the filter_nnrpd.pl control-lock file.

after the original lines:

sub filter_post {
   my $rval = "" ;  

I added:

my $user = $attributes{'ipaddress'};

And voilà.

there are some limitations: you have to cancel the article from the same place you where when posting, and expect not to have a different IP, but mostly it works. After some days of use, nobody was able to cancel a test article I published, when I'm perfectly able to issue cancel or supersedes. Hope it will stay like this.

< INN - cancels | Configure the INN nntp server (2021/2022) | INN - robots >