Doc /

INN - filtering spam, cleanfeed and postfilter

< INN - filling the groups (peering) | Configure the INN nntp server (2021/2022) | INN - authentication >

Cleanfeed

Install Cleanfeed

aioe recommends the "cleanfeed" spam filter. This one is not available on my openSUSE Leap 15.3, but it's a simple perl script one can find here.

The filter folder as said in inn.conf pathfilter option is "/usr/lib/news/bin/filter", for convenience, I added in my ~news folder a link and changed the ownership to news:news.

 ln -s /usr/lib/news/bin/filter filter

then I noticed that the "filter" folder is not empty... but the /usr/lib/news/bin/filter folder is owned by root, so dealing with it needs to be root.

Downloading cleanfeed

So go to the link above.

  • download the zip file from "code" with "wget -nH https://github.com/crooks/cleanfeed/archive/refs/heads/master.zip", this create the master.zip file in your present folder (notice there are several versions of cleanfeed archive, mostly indentical);
  • use mc to open this file and copy "cleanfeed-master" to the news folder. In this way all the relevant files/folders are created.

The download can give you a "cleanfeed.tar.gz", a master.zip or a "cleanfeed.zip", but the content is the same.

news@ns507557:~> ll cleanfeed/
total 120
drwxr-xr-x 1 news news    84  2 mars   2020 badurls
-rw-r--r-- 1 news news  1577  2 mars   2020 changelog
-rw-r--r-- 1 news news 96948  2 mars   2020 cleanfeed
-rw-r--r-- 1 news news   197  2 mars   2020 cleanfeed.asc
-rw-r--r-- 1 news news  7035  2 mars   2020 cleanfeed.local.sample
-rw-r--r-- 1 news news   749  2 mars   2020 filter_nnrpd.pl
drwxr-xr-x 1 news news   234  2 mars   2020 html
-rw-r--r-- 1 news news   838  2 mars   2020 README
drwxr-xr-x 1 news news   216  2 mars   2020 samples
drwxr-xr-x 1 news news    28  2 mars   2020 tools
  • go as root to /usr/lib/news/bin/filter;
  • moved the present content to an "oldfilter" folder (just in case);
  • ln -s /etc/news/cleanfeed-master/filter_nnrpd.pl filter_innd.pl
s507557:/usr/lib/news/bin/filter # ll
total 4
lrwxrwxrwx 1 root root  42 20 déc.  10:22 filter_nnrpd.pl -> /etc/news/cleanfeed-master/filter_nnrpd.pl
drwxr-xr-x 1 root news 288 19 déc.  18:32 oldfilter

Allowing perl and filter_innd.pl

The doc is here / and here for cleanfeed.

The culprit is than

  • perl can't be enabled in INN if there is no perl filter... the default install gives the necessary files, so that perl is enabled, but as soon as you move the files to an "oldfiles" folder, perl is disabled until filter_innd.pl is again created.
  • cleanfeed filter is *not" filter_innd.pl but simply "cleanfeed" in the cleanfeed folder. This may seems obvious, but it's not as there *is* a filter_innpd.pl file.

So

news@ns507557:/etc/news/filter> ln -s /etc/news/cleanfeed-master/cleanfeed filter_innd.pl

news@ns507557:/etc/news/filter> ll
total 8
lrwxrwxrwx 1 news news  36 24 déc.  08:52 filter_innd.pl -> /etc/news/cleanfeed-master/cleanfeed
lrwxrwxrwx 1 news news  42 22 déc.  09:53 filter_nnrpd.pl -> /etc/news/cleanfeed-master/filter_nnrpd.pl
drwxr-xr-x 1 news news 288 19 déc.  18:32 oldfilter

news@ns507557:/etc/news/filter> ctlinnd reload filter.perl 'reason'
Ok

news@ns507557:/etc/news/filter> ctlinnd perl y
Ok

news@ns507557:/etc/news/filter> ctlinnd mode
Server running
Allowing remote connections
Parameters c 10 i 50 (1) l 5000000 o 1010 t 300 H 2 T 60 X 0 normal specified
Not reserved
Readers follow enabled
Perl filtering enabled
Perl filter stats: Pass: 0  Reject: 0  Refuse: 0  MD5: 0  PHL: 0  PHN: 0  PHR: 0  FSL: 0

Allowing options in cleanfeed.local

It's better not to change too often the main perl file, so it exists a "cleanfeed.local" file. But the place where this file have to be is indicated in a parameter in cleanfeed perl file.

the parameter is at the beginning of cleanfeed (or filter_innd.pl)

#$config_dir = '/usr/local/news/cleanfeed/etc';
$config_dir = '/usr/lib/news/bin/filter';

first line (with #) is the cleanfeed default, second line is what I choosed. It's simply the basic filter folder.

some files are aimed to hold variations and are stored in the cleanfeed source folder subfolder /etc.

Postfilter

Postfilter aim to filter posts coming from the users of your server. Main doc is here.

Pre Install

Thanks to Ivo, I have here a version including cancel-key/cancel-lock Attach:postfilter.zip and reader.conf for user authentication Attach:readers.conf.zip

Fore the online git version:

You can download it from Postfilter Github.

for this, look at the "code" button and clic on it.

Right clic on "Download ZIP".

go to your server, root account and type

wget <link you copied just before>

just now, for me it was:

wget https://github.com/Aioe/postfilter/archive/refs/heads/master.zip

Then I preferred to rename the file with a more descriptive name:

mv master.zip postfilter-master.zip

then

unzip postfilter-master.zip

cd postfilter-master/

Frequent use of "ll" (ls -l if you don't have the ll alias) is recommended to check if you are in the right folder.

Her you find the postfilter installer, so

./postfilter-installer -c to check. I lacked Net::DNS perl module

You install the missing module doing:

 #:cpan Net::DNS

After that, runninc -c, ask for DBI, si

cpan DBI gives an error, but

 # zypper in perl-Net::DNS

Works. And now ./postfilter-installer -c is happy :-).

Install

As root...

 #/root/postfilter-master/postfilter-installer -i

It goes OK. Just for references, the results:

innconfval found at /usr/lib/news/bin//innconfval
Postfilter directories created OK. Touching files OK. Copying files OK.
Replacing filter_nnrpd.pl [ OK ] <- this may not be OK, because this filter was used, to check
Postfilter was successfully installed
 # ./postfilter-installer -v

Should show you

Postfilter 0.8 [ OK ]

Config files for postfilter (present in the etc folder of the archive) are copied to ~news/postfilter.

Here, change the postfilter.conf at your will (the file is self-explanatory). In rules.conf change your IP.

In access.conf are the numbers of things allowed.

Badwords.conf is nearly empty by default and syntax is very picky. Change with caution.

Find files

  • postfilter.pl is in /usr/lib/news/bin/filter/postfilter/postfilter.pl with lin k from /usr/lib/news/bin/filter/filter_nnrpd.pl
  • Config files are in /etc/news/postfilter
  • logs are in /etc/news/spool/postfilter>

Postfilter configuration

Postfilter is very powerful, but thus pretty hard to configure. I had to make some changes to the default file some not that good that I had to remove :-(

I try to add in the file a comment like "charged to tru by jdd on sep 25 2022" to make finding my changes more easily. I make frequent file copies, just in case. I presently (when I write this doc made 11 changes...

List (grep -A 3 jdd postfilter.conf)

  • "salt" obviously changed for some ugly list of signs
  • "server_type", "public",
  • "enable_domain_check", "false",
  • "default_action_on_reject", "reject",
  • "period", 21600,
  • "tor_network", "reject",
  • "allow_control_cancel", "true",

For this option, the file says that it's unused if INN is started with the -C option. This don't prove right. If set to "false", it prevent the working of control-lock, when inn -C don't.

  • "allow_mail_headers", "true", (for the mail to news gateway)
  • "allow_html", "true", (I expect less problem with multipart mails in the gateway)
  • "maximum_multipost", 3,
  • "delete_header_x-no-archive", "false",

There are man pages for banlist.conf, postlegal Doc is in /usr/share/doc/postfilter/, but it's pretty short :-(.

< INN - filling the groups (peering) | Configure the INN nntp server (2021/2022) | INN - authentication >