dcox@ssd.kodak.com (Don Cox (253-7121)) (12/12/90)
System: Sun4/260, SunOS4.0.3
Cnews with nntp
I am trying to set up a nntp news-server. I would like to be able to
control who can/can't access this machine to read/post news. I have
a nntp_access file established, with the following default:
default xfer no
I also have a list of the machines that I call "trusted" (all 400
of them), and have them all set to read & post. Some of these
machines are within the same domain as the news-server, some are not.
AUTH in the nntp conf.h file is undefined.
We are running Sun yellow pages and nameserver. Any machinename
that can't be resolved by the yp master is passed to the nameserver.
Where does the nntp authenication get it's info as to whether or not
a machine is allowed to post and/or read news? I have noticed that if
the machine is in the same domain as the news-server machine that an
absence of the machinename in the nntp_access file will prevent the
machine from using rn on that news-server. But, any machine outside of
that domain can read and post news all they want. I can explicitly
prevent a machine from accessing the news-server by having an entry
with it's qualified name and "no no" as the options.
Ex: the qualified name for our news-server is solomon.si.kodak.com.
Any machine in the si.kodak.com domain has to be listed in the
nntp_access file or they are told that they are not allowed to use
solomon as a news server. Yet, any machine that is in a domain other
than si.kodak.com can read and post as they wish. That is, unless
I have a special entry for the machine, such as
hercules.cci.kodak.com no no.
This will prevent hercules, which is outside my domain, from using
the news-server, but I can't possibly include every machine in this
manner to prevent their accessing my machine.
Any ideas as to what I have set up wrong, or what I am doing wrong?
I know that there has to be a way that I can prevent selected machines
from outside my domain from using my news-server.
Thanks much.
--
Don Cox
Phone (716) 253-7121 KMX (716) 253-7998
INTERNET dcox@ssd.kodak.com
When an eel bites your leg, and the pain makes you beg, that's a moray!huntting@csn.org (Brad Huntting) (12/24/90)
In article <1990Dec11.235258.18616@ssd.kodak.com> dcox@ssd.kodak.com (Don Cox (253-7121)) writes: > I have > a nntp_access file established, with the following default: > default xfer no And your not the only one... Can I just ask one thing: Please dont set `default xfer'. Forgeries are a reality. This just makes them harder to trace. brad