Cyrus and Netnews
Note that the NNTP support in Cyrus is still relatively young in the
grand scheme of things, and has not been tested under a heavy Usenet
load. That being said, the code appears to be stable and is currently
running in production serving 50-60 newsgroups with a volume of about
6000 messages per day.
Introduction
Cyrus has the ability to export Usenet via IMAP and/or export shared
IMAP mailboxes via NNTP. This is made possible by a new NNTP daemon
which is included with Cyrus.
This document assumes that you have successfully been able to setup
your Cyrus IMAP server. If you have not already done so, please refer
to the rest of the documentation. This document also assumes that you
are familiar with Usenet and shared IMAP mailboxes.
There is a diagram that shows the interactions of the various
components of the NNTP support in Cyrus which may be helpful in
understanding the "big picture".
Installation
You will need to build Cyrus IMAPd with the --enable-nntp configure
option. This builds nntpd and the associated utilities.
Requirements
Obviously you must have a newsfeed or news reader access from your ISP
or Usenet provider.
Configuration
The first thing that must be done is to decide where your newsgroup
mailboxes will reside, either at the toplevel of your hierarchy (eg,
comp.mail.imap) or rooted elsewhere (eg, netnews.comp.mail.imap). If
your newsgroup mailboxes are not at the toplevel of your hierarchy,
then you must specify the parent with the newsprefix in imapd.conf.
Using the example above, newsprefix would be set to netnews.
You must create a mailbox for each newsgroup that you would like to
receive/export before the newsgroups can be used. If some groups are
private, be sure to set the ACLs accordingly. The tools/mknewsgroups
script can be used to help facilitate mass creation of newsgroup
mailboxes. When using this script, be sure to add posting rights for
'anyone' (eg. mknewsgroups -a 'anyone +p' ...) so that articles can be
fed/posted.
Receiving articles
In order to receive usenet articles, you must make sure that the Cyrus
nntpd service is enabled in cyrus.conf. The master/conf/normal.conf and
master/conf/prefork.conf sample configs both include entries for nntpd
(disabled by default).
Push (traditional) feeds
If your usenet peer will be pushing articles to you, no further
configuration is necessary, beyond letting your peer access your Cyrus
server on port 119 (nntp).
Pull (suck) feeds
If you prefer to pull articles from your peer (and your provider allows
it), then you can use the fetchnews utility which will retrieve
articles from your peer and feed them to your Cyrus server. If
supported by your peer, fetchnews will use the NEWNEWS command,
otherwise it will fallback to keeping track of the high water mark of
each group. You will probably want to configure fetchnews as an EVENT
in cyrus.conf to be called periodically (eg, once an hour, every 15
minutes, etc).
As an alternative to fetchnews, you can also use the suck program to
pull articles from your peer.
imapfeed
Alternatively, if you already have an INN v2.3 server in-house you can
use the included imapfeed utility (written by the authors of Cyrus) to
feed articles to your Cyrus server via LMTP. Consult the INN
documentation for further details.
Control Messages
Control messages are accepted, parsed and delivered to the
corresponding control.* pseudo-group (eg, control.newgroup,
control.cancel, etc) if it exists, so that they may be reviewed by an
administrator.
Automatic execution of control messages is only performed if the
newsmaster (default = "news") user has the proper access control for
the given mailbox. For example, to allow cancel control messages to be
performed for "misc.test" articles, give the "news" user the 'd' right
on "misc.test". To allow newgroup, rmgroup and mvgroup control messages
to be performed on the "misc" hierarchy, give the "news" user the 'c'
right on "misc".
NOTE: No sender or PGP verification of control messages is currently
implemented.
Reading/Posting articles
In order to have articles posted by your local users propagate to the
outside world, you must specify the name of your usenet peer(s) with
the newspeer option in imapd.conf. This is the host(s) that nntpd
contacts to feed outgoing articles. Depending on the configuration of
the newspeer option, articles will be fed to the upstream server(s)
using either the POST or IHAVE command. Also note that you may specify
an optional wildmat to filter which groups will be fed (see
imapd.conf(5) for details).
Newsgroups can also be gatewayed to email by setting
/vendor/cmu/cyrus-imapd/news2mail mailbox annotations to the
corresponding email addresses.
News clients
If anonymous logins are disabled (default) in imapd.conf, then your
news clients will have to be configured to login with a username and
password, otherwise they will not be allowed to post. Furthermore, if
plaintext logins are disabled in imapd.conf, then you might have to
configure your news clients to use SSL/TLS and enable the nntps service
in cyrus.conf.
If you want to allow your news clients to use the NNTP NEWNEWS command,
you will have to enable the allownewnews option in imapd.conf.
Email clients
If you are exporting Usenet via IMAP, and your users' messaging clients
are not savvy enough to reply to and post articles via NNTP, then you
will have to configure your server so your users can reply to and post
articles via SMTP.
To help faciliate this, you can set the newspostuser option to a
"pseudo" user which will be used to construct email delivery addresses
for each incoming article. These addresses are inserted into a
Reply-To: in the article. For example, if set to "post", an article
posted to comp.mail.imap will have an address of "post+comp.mail.imap"
inserted into the Reply-To: header. This will allow a user to easily
reply to an article via email. Otherwise, the users will have to learn
the correct email address format for posting and replying to articles.
In order for these email messages to be fed into your news server (and
subsequently to the outside world) you need to use an email to news
gateway, such as lmtp2nntp. You need to configure your MTA (Sendmail,
Postfix, etc) so that lmtp2nntp is used as the local mailer whenever it
receives a news article. A simple rule for doing this in Sendmail is
shown below:
# mail addressed to post+ goes to lmtp2nntp@localhost
LOCAL_RULE_0
Rpost + $+ < @ $=w . > $#lmtp2nntp $@ localhost $: $1
For other configurations, consult the lmtp2nntp and documentation and
your MTA documentation.
NOTE: If anonymous logins are disabled (default) in imapd.conf, then
you should configure lmtp2nntp to use its "feed" operation mode.
Expiring articles
Expiration of articles is done by the cyr_expire utility. Control over
when articles are expunged is accomplished with the
/vendor/cmu/cyrus-imapd/expire mailbox annotation. This annotation sets
the number of days that messages should be kept in the mailbox before
they expire. All entries in the duplicate deliver database that
correspond to these messages are also kept for the same number of days
before they are purged (overriding the cyr_expire -E option).
Setting the expire time to 0 (zero) for a mailbox will ensure that
neither the messages nor the corresponding database entries will ever
be expired. This can be useful for shared mailboxes (e.g. mailing list
archives) which are being exported via NNTP. Note that this will cause
the duplicate delivery database to consistently grow in proportion to
the number of messages in such mailboxes.
If a mailbox does not have an expire time set on it, then the messages
will never be expunged, but the corresponding database entries WILL be
expired after the default number of days (cyr_expire -E option).
Note that the /vendor/cmu/cyrus-imapd/expire mailbox annotation is
inherited by child mailboxes, so that you may control expiration on an
entire mailbox/newsgroup hierarchy simply by setting the annotation on
the root of the hierarchy. For example, if you set the annotation on
comp, then ALL of the newsgroups in the comp hierarchy will be expired
at the same time. Similarly, if you set the annotation on alt.binaries,
all of the binary newsgroups under alt will be expired at the same time
(independently from comp).