whitelist syntax

Discussion:

whitelist syntax

(too old to reply)

jdd

2022-12-13 07:44:48 UTC

Hello,
I'm back to postfilter fine tuning and I wonder what is the syntax of
the access.conf postfilter file for whitelisting

for example, I see in the file the line:

# "NNTP-Posting-Host", "46.165.242.91"

but there is no "NNTP-Posting-Host" header on messages source, only
posting-host="cu...". What is allowed in the left part of the line?

on the "Path" header, IP is written in reverse order. I see in one of
the aioe post the IP "46.165.242.75", so if I filter by IP, do I have to
use direct or reverse IP notation?

thanks
jdd

--
mon serveur usenet: dodin.fr.nf
c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet

Aioe

2022-12-13 08:52:53 UTC

Permalink

Post by jdd
but there is no "NNTP-Posting-Host" header on messages source,

NNTP-Posting-Host was an old header (removed by INN 2.6) that showed the
sender's IP address of each post.

Nowadays another header (Injection-Info) is used.

Whitelist allows two parameters: an *HEADER* and a REGULAR EXPRESSION so
you are able to whitelist almost everything

In example

"Injection-info", "posting\-host\=\"127\.0\.0\.1"

whitelist every local messages

Post by jdd
on the "Path" header, IP is written in reverse order

are you sure?

i read: Path:
aioe.org!k4i88jDV7S/S/OfVCyT4Dg.user.46.165.242.75.POSTED!not-for-mail

host 46.165.242.75
75.242.165.46.in-addr.arpa domain name pointer aioe.org

jdd

2022-12-13 09:22:49 UTC

Permalink

Post by Aioe

Post by jdd
but there is no "NNTP-Posting-Host" header on messages source,

NNTP-Posting-Host was an old header (removed by INN 2.6) that showed the
sender's IP address of each post.
Nowadays another header (Injection-Info) is used.

OK, thanks

Post by Aioe
Whitelist allows two parameters: an *HEADER* and a REGULAR EXPRESSION so
you are able to whitelist almost everything
In example
"Injection-info", "posting\-host\=\"127\.0\.0\.1"

this I don't understand :-(, this one on the same line?

on your very article source I read

Injection-Info: gioia.aioe.....

and

posting-host="mUQk....

that looks as two headers, not one

or do "Injection-info" mean all the regular headers?

Post by Aioe

Post by jdd
on the "Path" header, IP is written in reverse order

are you sure?

of course not, but there it's not the user IP but your server's one. On
my server, using what I think is the default INN behavior (but I'm not
really sure of anything :-() I get, for example

!.POSTED.167.XX.YY.77.rev.sfr.net and as I know my users IP I'm sure
it's reversed

anyway I suppose postfilter uses anything it can read in the headers :-)

thanks
jdd

--
mon serveur usenet: dodin.fr.nf
c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet

yamo'

2022-12-13 09:34:47 UTC

Permalink

Hi,

Post by jdd
!.POSTED.167.XX.YY.77.rev.sfr.net and as I know my users IP I'm sure
it's reversed

It's not an IP it is a DNS name.

--
Stéphane

jdd

2022-12-13 10:46:14 UTC

Permalink

Post by yamo'
Hi,

Post by jdd
!.POSTED.167.XX.YY.77.rev.sfr.net and as I know my users IP I'm sure
it's reversed

It's not an IP it is a DNS name.

sure but the IP is part of it :-)

the postfilter search is a text one, so the search target have to be the
same as in Path (I guess)

and if I get the IP, I can as well ban this IP in readers.conf

jdd

--
mon serveur usenet: dodin.fr.nf
c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet

yamo'

2022-12-14 10:41:16 UTC

Permalink

Hi,

Post by jdd

Post by yamo'

Post by jdd
!.POSTED.167.XX.YY.77.rev.sfr.net and as I know my users IP I'm sure
it's reversed

It's not an IP it is a DNS name.

sure but the IP is part of it :-)

usually xx.yy.zz.tt.rec.truc.example match IP : tt.zz.yy.xx
For wanadoo/orange it differ...

--
Stéphane 🔗<http://pasdenom.info/fortune/>
Les écarts où nous entraîne notre imagination... sont les preuves
certaines de notre esprit.
-+- Marquis de Sade, Histoire de Juliette -+-

jdd

2022-12-14 11:23:20 UTC

Permalink

Post by yamo'
usually xx.yy.zz.tt.rec.truc.example match IP : tt.zz.yy.xx

yes

Post by yamo'
For wanadoo/orange it differ...

odd :-(

jdd

--
mon serveur usenet: dodin.fr.nf
c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet

jdd

2022-12-18 08:43:02 UTC

Permalink

Whitelist allows two parameters: an *HEADER* and a REGULAR EXPRESSION so you
are able to whitelist almost everything
In example
"Injection-info", "posting\-host\=\"127\.0\.0\.1"
whitelist every local messages

Hello :-)

sorry for asking again, but I'm not sure of the meaning of your message
:-(

first, on your example, after the comma, you write a header
"posting\-host\=

does it mean that "Injection-info" means the complete header list?

then

"Injection-info", "u+UaaVXmxxxxxxo7PYQ.user.ns507557.dodin.fr.nf"

do not give syntax error but does it give access to the user with this
identity?

"Injection-info", "Path=!alphanet.ch!miakibot!"

or

"Injection-info",
"posting\-host\=\"634ce6c9682d817d72f6177875e2bb4f\.nnrp\.alphanet\.ch"

give sybntax error, whatever I do escaping things with \ :-(

thanks
jdd

Aioe

2022-12-28 07:55:00 UTC

Permalink

Post by jdd
"Injection-info", "Path=!alphanet.ch!miakibot!"

it should be:

"Path", "miakibot"