WendzelNNTPd
About
||| Current release: 2.0.0, Current SVN/CVS version: 2.0.x |||
WendzelNNTPd -- an open source Usenet server software for Linux, BSD (and - in the past - Windows).
The WendzelNNTPd is a very tiny Usenet server. While being very secure it only supports the most important NNTP commands. It is IPv6-ready, runs on *nix-like systems, supports different databases, ACL and RBAC, invisible newsgroups and can prevent double-postings in newsgroups.
News
Jun-20-2011: WendzelNNTPd-2.0.0-stable released!
Feb-26-2011: WendzelNNTPd-2.0.0-beta available.
May-08-2010: WendzelNNTPd-1.9.1-pre-alpha snapshot available (without GUI, Linux only).
Features
- Commercial support is available by VeoVes Ltd. & Co. KG (please contact us at support@veoves.com)
- Free & Open
- GPLv3 Licensed Open Source Software
- Portability
- runs on Linux
- runs on BSD
- runs on OpenSolaris
- ACL and Role Based Access Control
- Supports "invisible newsgroups"
- Supports simple Access Control Lists (ACLs) but also ...
- Supports advanced role based access control!
- Database abstraction
- MySQL
- SQlite3
- Tiny
- does only implement the most important NNTP commands + authentication commands
- only about 7.500 lines of C code
- designed for small and medium size environments (at home, small/medium size companies up to 500 server users, workgroups, customer support)
- based on SQLite3 (MySQL or PostgreSQL support for medium/big size environments in planing)
- Easy to Use
- Other Features
- IPv6-ready (not the Windows version since Microsoft has no real IPv6 support)
- Auto-prevention of double newsgroup posts: If a user sends a posting to two equal newsgroups, the server will add it only once to save memory of the server and the time of readers.
Download WendzelNNTPd
Stable Releases
Linux/*nix/BSD: Version 2.0.0-stable
DOWNLOAD Source Code for Linux/BSD/*nix
Win32: Version 1.4.6-stable:
DOWNLOAD Setup.exe for Windows
DOWNLOAD Source Code for Windows
Development Releases
--
Development Snapshots / SVN Access
Note: Snapshot versions are created without developer interaction and do not work in many cases nor do they contain a complete documentation. Never use them on production systems!
Current snapshot tarball:
wendzelnntpd.tar.gz (latest v. 2.x.y)
Misc Information
Getting Support
Support of WendzelNNTPd is available using the SourceForge.net WendzelNNTPd forums.
Documentation for WendzelNNTPd 2.0.0-stable
Online version of the WendzelNNTPd 2.0.0 documentation.
OLD Documentation for the old version 1.4.6-stable
Introduction
Note: This documentation is for version 1.4.x only..
Note: The documentation is also awailable in german.
Quickstart
If WendzelNNTPd is already installed, you more or less only need to know the binarys and how they're used for. More details about everything and about the configuration are described later in this documentation.
The Binaries
wendzelnntpd - the server program
wendzelnntpadm - the console admin tool
wendzelnntpgui - the graphical admin tool (not required)
Other Files
wendzelnntpd.conf - the server configuration (located in /usr/local/etc or /etc under *nix-like systems)
Installation and Upgrades
Windows
The installation under Windows systems is quite easy. Just download the setup programm, start it and follow it's instructions on the screen.
The upgrade under Windows is easy too. Save a copy of 'usenet.db' and 'wendzelnntpd.conf' before running the installer. After the installation is done, copy both files back to the WendzelNNTPd directory.
To start the server (under Unix it is called a "daemon process"), you should run the start_daemon script what makes it possible to view error messages if an error occured on startup.
To administrate the server, you can use the WendzelNNTPGUI programm what is very easy to use. But you can also use the console version of this programm (wendzelnntpadm).
Linux/BSD (Please also read the file 'INSTALL')
Under Linux/BSD systems you have to make sure that all needed libraries and development tools are installed on your system (sqlite3, bison, flex, gcc, glibc, pthreads, binutils, header files and optional Qt4 for the GUI). Now extract the downloaded tar.gz file.
$ tar -xzvf wendzelnntpd-(version).tar.gz
Now change in the new directory of WendzelNNTPd and run these commands:
$ ./configure
$ make (you need to use gmake under OpenSolaris instead)
If you also want to compile the GUI: Follow the instructions in the 'INSTALL' file.
Now you need super user access to the system. This means that you need to become the root user (if you're not already root). This is normaly done by running su or executing the following command line input with the command sudo.
HINT: If you want to upgrade you need to do two additional tasks: Make a copy of your existing wendzelnntpd.conf and copy it back after the installation. Also copy the "usenet.db.TIMESTAMP.bkp" backup file (generated by 'make install') back to the original position after you ran 'make install'.
On distributions that use sudo by default (like Ubuntu) run:
$ sudo make install
On all other distributions (Debian, Slackware, ...) run these command:
$ su
# make install (you need to use gmake install under OpenSolaris instead)
Configuration
The WendzelNNTPd is configured via the config file wendzelnntpd.conf. You can edit this file by using a normal text editor (or by using the GUI administration tool wendzelnntpgui).
For *nix users: If the wendzelnntpgui tool prints out many errors on startup, you should run it as root user since it needs write access to the config file and to the database.
The configuration is quite easy:
- All characters from a ';' up to the end of a line are only comments.
- The TCP port to listen on is specified by the command port. It is important to specify the port before using the listen command. If you don't specify a port in the configuration file, WendzelNNTPd uses the default NNTP port 119. (Yes, should be possible to listen on different ports ...)
- IPv4/IPv6 addresses to listen on are specified by the keyword listen, for example listen 10.0.0.1
- If you want to use authentication you have to enable it by using the command use-authentication
- If you don't want to have users host names included in the message ID field you can also simply use 'enable-anonym-mids'.
- If you want to use XML output (what means that the server will write the 10 latest postings into an xml file you can use for the integration in websites and such things), you have to activate the xml output by adding the use-xml-output (up to v.1.4.2 this feature was named use-rss-output) command to your config file.
- If you have activated XML output but you want to use a custom filename and path
for this file, you can specify this path by adding a xml-file FILENAME (up to
v.1.4.2 this was named rss-file FILENAME) line to your config file. The
default xml output files are:
- In v. 1.4.3 or newer:
- Win32: wendzelnntpd.xml
- *nix/Linux/BSD: /var/log/wendzelnntpd.xml
- Up to v. 1.4.2:
- Win32: output.xml in the current working directory of the server
- *nix/Linux/BSD: /var/log/wendzelnntpd.rss.xml
- In v. 1.4.3 or newer:
- If you need detailed debug information (maybe because you want to submit a bug report) you should use the keyword verbose-mode. The sample config file includes more information about this feature.
Here is a sample configuration file:
; wendzelnntpd.conf
; port to listen on (default is 119, if no port command is used)
port 119
; network addresses to listen on
listen 127.0.0.1 ; listen on IPv4 localhost
listen ::1 ; listen on IPv6 localhost
listen 192.168.0.1 ; listen on IP 192.168.0.1
; activate authentication
use-authentication
; activate xml output
use-xml-output
; if you want to use your own file location (not the default one)
; you can uncomment this:
xml-file /my/path/myfile.xml
; Uncomment 'verbose-mode' if you want to find errors or if you
; have problems with the logging subsystem. All log strings are
; written to stderr too, if verbose-mode is set. Additionaly all
; commands sent by clients are written to stderr too (but not to
; logfile)
;verbose-mode
; This prevents that IPs or Hostnames will become part of the
; Message-ID generated by WendzelNNTPd what is the default case.
; Uncomment it to enable this feature.
; enable-anonym-mids
Starting WendzelNNTPd
Run wendzelnntpd. In some cases (depends on your $PATH and the installation destrination you choosed) you should start it by running /usr/local/sbin/wendzelnntpd.
Setting up Newsgroups
To create/delete a newsgroup, you simply run the programm wendzelnntpadm with the wanted command ("create" or "delete") followed by the newsgroup name and a 'y' (what currently takes no real effect).
Create a new group:
# wendzelnntpadm create news.software.wendzelnntpd y
Remove an existing group:
# wendzelnntpadm delete news.software.wendzelnntpd
Listing newsgroup information
wendzelnntpadm is able to print out a list of all created newsgroups by using the listgroups parameter. The output comes in this order: newsgroup, posting allowed flag, number of postings.
# wendzelnntpadm listgroups
Authentication
If you enable use-authentication in the configuration file, you need to create some users in the database. You can do this by using the command 'wendzelnntpadm adduser [username]'.
# wendzelnntpadm adduser Steffen.Wendzel
Enter new password for this user:
done.
Security Note: The Windows version includes a security hole: The usenet.db file is readable by all users on the system. Since this file includes the password information too, you should remove read-access for all other users than the user that runs the Usenet server.
For Developers/Administrators only: If you want to create users using a script you can pass the password of a user account as a 3rd parameter too: 'wendzelnntpadm adduser [username] [password]'.
To delete an existing user, you can use the command 'wendzelnntpadm deluser [username]' instead.
You can take a look in the list of available users by using the command 'wendzelnntpadm listusers'.
Hardening
To have a secure WendzelNNTP installation you can use the authentication mechanism described above.
But you can also do additional hardening like putting WendzelNNTPd in a chroot environment or letting it run under an unpriviledged user account (the user than needs write access to /var/spool/news/wendzelnntpd and read access to /etc/wendzelnntpd.conf!). An unpriviledged user under Unix-like systems is also not able to create a listen socket on the default NNTP port (119) since all ports up to 1023 are reserved. This means that the server should use a port >= 1024 if it is started by a non-root user. Note: Some Unix systems may have another priviledged port configuration.