dcox@ssd.kodak.com (Don Cox (253-7121)) (12/12/90)
System: Sun4/260, SunOS4.0.3 Cnews with nntp I am trying to set up a nntp news-server. I would like to be able to control who can/can't access this machine to read/post news. I have a nntp_access file established, with the following default: default xfer no I also have a list of the machines that I call "trusted" (all 400 of them), and have them all set to read & post. Some of these machines are within the same domain as the news-server, some are not. AUTH in the nntp conf.h file is undefined. We are running Sun yellow pages and nameserver. Any machinename that can't be resolved by the yp master is passed to the nameserver. Where does the nntp authenication get it's info as to whether or not a machine is allowed to post and/or read news? I have noticed that if the machine is in the same domain as the news-server machine that an absence of the machinename in the nntp_access file will prevent the machine from using rn on that news-server. But, any machine outside of that domain can read and post news all they want. I can explicitly prevent a machine from accessing the news-server by having an entry with it's qualified name and "no no" as the options. Ex: the qualified name for our news-server is solomon.si.kodak.com. Any machine in the si.kodak.com domain has to be listed in the nntp_access file or they are told that they are not allowed to use solomon as a news server. Yet, any machine that is in a domain other than si.kodak.com can read and post as they wish. That is, unless I have a special entry for the machine, such as hercules.cci.kodak.com no no. This will prevent hercules, which is outside my domain, from using the news-server, but I can't possibly include every machine in this manner to prevent their accessing my machine. Any ideas as to what I have set up wrong, or what I am doing wrong? I know that there has to be a way that I can prevent selected machines from outside my domain from using my news-server. Thanks much. -- Don Cox Phone (716) 253-7121 KMX (716) 253-7998 INTERNET dcox@ssd.kodak.com When an eel bites your leg, and the pain makes you beg, that's a moray!
huntting@csn.org (Brad Huntting) (12/24/90)
In article <1990Dec11.235258.18616@ssd.kodak.com> dcox@ssd.kodak.com (Don Cox (253-7121)) writes: > I have > a nntp_access file established, with the following default: > default xfer no And your not the only one... Can I just ask one thing: Please dont set `default xfer'. Forgeries are a reality. This just makes them harder to trace. brad