Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 86 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
86
Dung lượng
277,45 KB
Nội dung
you don't need to set up the news user or create the spool directories. As INN is installed, you need only edit a few configuration files to get it going and turn on the service. (Though there isn't much configuration needed at first, you will find yourself tuning it over time.) Note One thing you might need to do is run the makehistory command to create a history.hash file. This initializes the INN history database. Rich Salz created the INN software package. In recent years, its development was taken over by the Internet Software Consortium (at www.isc.org/products/INN). From ISC’s home page, you can get other documentation and the latest software updates for INN. Starting with INN Because so much of the INN software package that comes with Red Hat Linux is already set up for you, it helps to find out first what you are starting with. Here is a quick rundown of how INN is set up for you after you install it from the Red Hat Linux distribution: • News user: A news user is created in your /etc/passwd file. Ownership of news components (configuration files, spool files, and commands) is assigned to this user. The group name is also news. Its home directory is the news user's spool directory (/var/spool/news). • Configuration directory: Configuration files for INN are contained in the /etc/news directory. Sample files that you can use with INN are contained in /usr/share/doc/inn•/samples. • Spool directories: The INN spool directory structure, created in /var/spool/news, contains these directories: archive, articles, incoming, innfeed, outgoing, and overview. • cron: Three entries exist for cron (two daily and one hourly). The two daily entries, in /etc/cron.daily, clean up the news service (remove old entries) and check that the news service is working once a day. The one hourly cron entry checks that the news service is running and then sends news articles to other NNTP sites. • Mail command: The Mail Transfer Agent (MTA) used by news is set to the sendmail command in the inn.conf file. • Reading access: As delivered, INN enables only users from the local host to read and post articles through your news server. Other hosts would have to be added to definitions in the INN server's /etc/news/readers.conf file. Although a lot of the INN configuration is preset for you, some configuration is required before you can use the server. In particular, you must make some changes to the inn.conf (for general news server information), newsfeeds (to decide where your news articles are sent), and incoming.conf (where the articles you receive come from). If you use nontraditional storage methods (discussed later), some other files must also be configured. The inn.conf file is discussed in the next section, "Configuring the INN server." Where your news articles are sent (newsfeeds) and where the articles you receive come from (incoming.conf) are discussed in "Setting Up News Feeds" later in the chapter. The information in these files is used by the innd daemon to manage incoming news feeds and by the nnrpd daemon to control which users can access the news server. This chapter frequently refers to headers that appear in the news articles. A news server often reacts to the information in these headers or puts information in these headers. The following is an example of some of the headers that can be contained in a news article: Path: news.cwix.com!newsfeed.cwix.com!192.252.116.205! From: Caleb Hollatz <news.handsonhistory.com> Newsgroups: comp.os.linux.misc,comp.os.linux.networking Subject: Re: Getting a newsgroup server working Date: 15 Jun 2000 18:37:16 +0100 Organization: Hands on History Message−ID: <x6k8t5s6ur.fsf@handsonhistory.com> References: <7k2lad$llu$1@whatever.com> NNTP−Posting−Host: crafts.handsonhistory.com X−Complaints−To: abuse@handsonhistory.net Content−Type: text/plain; charset=us−ascii NNTP−Posting−Date: 15 Jun 2000 17:37:19 GMT Note In most newsreaders, you see only the contents of some of the headers, such as the From and Subject headers. To see all the headers, you would have to open the news article in a text editor or choose some sort of view header function. See Chapter 9 for discussions of newsreaders. Of the headers shown in the preceding example, several should be of interest to a news server administrator. The Path: header indicates where the article has already been sent. This lets your news server know that it doesn't need to forward an article to a host that appears there. The Newsgroups: header shows the newsgroup or newsgroups that the article is posted to. The Organization: is something that you need to set in your inn.conf file to identify your organization. Likewise, you need to set an X−Complaints−To value so that problems encountered by users of your server can be forwarded to you (or to whomever's e−mail the complaints related to your server are to be forwarded). Configuring the INN server The inn.conf file is where most of the general news server information is configured. For your INN news server to work, you must make several changes to this file. Most of the required changes are associated with identifying your server. However, you need to consider other changes that will have a major impact on how your server performs, what and how information is logged and stored, and the location of the directories that have newsgroup information. You add or change parameters in this file to configure INN. After making a backup copy of the /etc/news/inn.conf file, open it in any text editor and make changes based on the following descriptions. Tip In general, you shouldn't remove parameters from the inn.conf file. If you aren't sure how to set a parameter, leave the default value, if one is given. More than 100 parameters are in the inn.conf file. For more information about inn.conf parameters, see the inn.conf man page (type man inn.conf). General parameters The inn.conf parameters described in this section identify your news server. They define the names of your organization and news server that appear in the header of local posts, the host path name that identifies how to get to your computer on the network, and the domain your computer is in. The following is a list of the inn.conf parameters along with a description of the values that you can set for each of these parameters: • The mta parameter sets the particular mail transfer agent that is used by your news server to transfer messages. The following default setting causes the sendmail command to be used: mta: /usr/sbin/sendmail −oi −oem %s • The organization parameter identifies the name of your organization. When someone in your organization sends a news article, this name appears in the Organization: header of the article. The organization may be something similar to Customer of Hands on History, or Member of the Salt Lake Bird Club, or simply an organization name, such as Acme Realtors. Here is an example: organization: Hands on History • The ovmethod parameter sets the type of overview storage method to use, if enableoverview is true (which it is by default). The default is tradindexed, a method that is fast for reading news and slow for writing it. Each newsgroup is stored in two files (a data file and an index file). A value of buffindexed causes data and index information to be stored in buffers (based on values set in the /etc/news/buffindexed.conf file). A value of ovdb causes newsgroups to be stored in a Berkeley DB database format. Here is the default setting of ovmethod: ovmethod: tradindexed • The pathhost parameter must be set to a name that represents the local site. Each article that passes through your INN server has this name added to its Path header. The fully−qualified host name of the computer is a good choice to use at the pathhost. A value for pathhost is required; there is no default value. Here is an example: pathhost: news.handsonhistory.com • The pathnews parameter sets the root of the news storage hierarchy as well as the news user's home directory. By default, the pathnews parameter is set to /usr as follows: pathnews: /usr • The domain parameter determines the domain name used for your news server. Usually, this parameter is blank, and your computer's domain name is picked up automatically. You can set this option manually if your computer doesn't use an FQDN for other services. Here is an example: domain: handsonhistory.com • The innflags parameter lets you add flags to pass to the innd daemon process when the server starts up. The flags are the options to the innd daemon. (Type man innd 8 to see available flags.) • The mailcmd parameter indicates the command that is used by the INN server to send messages. The default value is as follows: mailcmd: /usr/bin/innmail • The server parameter identifies the name of your news server. It can be a fully qualified domain name (FQDN) or an IP address. The server name is added to the Path: header, so that other news servers know not to forward the message to your server again. You can override the server parameter by setting the NNTPSERVER environment variable. Here is an example of a server parameter: server: news.handsonhistory.com News feed parameters This set of parameters relates to how INN allocates resources to handle news feeds. • To limit how long an article can be stored on your server, set the artcutoff parameter. By default, it is set to 10 days. Articles older than that are dropped. Here is an example of the artcutoff parameter with a cutoff date of 14 days: artcutoff: 14 • The bindaddress parameter sets which interface (IP address) the INN server listens on. The default is to listen on all network interfaces on the computer. Setting bindaddress to All also results in INN listening on all interfaces. • The hiscachesize parameter can be used to set the amount of memory to make available (in kilobytes) to store message IDs. Storing these incoming messages can speed up history lookup. The default is 0 (no memory allocated) as follows: hiscachesize: 0 • The ignorenewsgroups parameter can be used to control routing of newsgroup creation control messages. By default, this feature is off (false) as follows: ignorenewsgroups: false • If the immediatecancel parameter is set to true, it can be used to immediately cancel articles (and not just set them in cache to be cancelled). This option is only available for timecaf storage methods. By default, the feature is off as follows: immediatecancel: false • With the maxartsize parameter, you can limit the size of the articles that are accepted by your news server. By default, this value is 1,000,000 bytes. To make the value half that size, you could set the parameter as follows: maxartsize: 500000 • Use the maxconnection parameter to limit the number of incoming NNTP connections that are allowed from your server at the same time. NNTP connections, which enable users to read articles from and post articles to your news server, are handled by the nnrpd daemon. Limiting NNTP connections is one way to reduce demand on your server, but it can also prevent people from using it effectively. By default, maxconnections is set to 50. To set it to 40, use the following line: maxconnections: 40 • You can use the pathalias parameter to prepend a name to the front of the pathhost value that appears on a news article's Path: line. No value is required. • The port parameter lets you indicate which TCP/IP port to listen on. The default is 119, which is the standard news port. port: 119 • By setting refusecybercancels to true, you can automatically refuse any article that has a message ID that begins with <cancel. This is one method, though an inefficient one, of refusing cancelled spam messages. This is off by default: refusecybercancels: false • The rememertrash parameter lets your INN server keep a record of rejected articles so that further copies of messages it has received can be refused before they are sent. This is on by default, as follows: remembertrash: true • The sourceaddress parameter sets which interface (IP address) the INN server binds to for outgoing traffic. The default is for the INN server to choose which interface to use from the available interfaces. Setting sourceaddress to all also results in INN listening on all interfaces. Other parameters related to news feeds can also help limit unwanted news items. The linecountfuzz parameter lets you reject mail messages where the line count doesn't match the value of the Lines header. The pgpverify parameter lets you choose if you want to verify control messages (other than cancel messages). The usecontrolchan parameter lets you choose to handle non−cancel control messages with an external program. The verifycancels parameter lets you verify that a cancel message came from the same person that originated the post. The wanttrash parameter, if true, causes messages posted to unknown newsgroups to be sorted into the junk newsgroup. The wipcheck parameter sets a time limit (5 seconds by default) in which the server will wait to receive a promised article from a news server peer before accepting the article from another news server. The wipexpire parameter sets how long (10 seconds by default) to keep a message ID for an article that was offered but not yet sent. Article storage parameters Use these storage−related parameters to set how newsgroup messages are stored on your hard disk. • The cnfscheckfudgesize parameter causes the size of CNFS cycbuffs articles to be checked against the value plus the value of maxartsize parameter. If the value is larger, the CNF cycbuff is assumed to be corrupt. This parameter is off by default, based on the following value: cnfscheckfudgesize: 0 • If the enableoverview parameter is true (default), overview data is written out for articles. When this parameter is true, the ovmethod parameter must be set as well (as described earlier). Here is an example of the default enableoverview parameter: enableoverview: true • As the groupbaseexpiry parameter is set to true, expiration of newsgroup messages is done based on newsgroup name. If you change it to false, expiration is done based on the storage method class being used. Here is how the parameter is set by default: groupbaseexpiry: true • The mergetogroups parameter can be set to true if you want to file articles posted to .to* groups to pseudonewsgroups "to". If true, this parameter requires that the to newsgroup exist in the active file to allow INN to start. This feature is off (false) by default: mergetogroups: false • The overcachesize parameter sets the number of cache slots that are set aside to hold open overview files. INN will store and open overview files just in case articles are received for those newsgroups. This parameter is used only if enableoverview is true and ovmethod is defined as tradindexed. By default, overcachesize is set to 15, as shown below: overcachesize: 15 • The ovgrouppat parameter can be used to limit overview information stored by the INN server. With the value set to true, overview information is only stored for newsgroups that match a comma−separated list of expressions (in wildmat format).This option is not set by default. • To have the INN server store articles based on newsgroup name in the Xref header, the storeonxref parameter should be true (it is false by default). If this value is false, newsgroup articles are stored by newsgroup name in the Newsgroups header. storeonxref: false • The useoverchan parameter can be used to turn on a feature where overview data are stored internally using the libstorage function. If false, which it is by default, the INN server will handle creation of overview data on its own. Here is how useoverchan is set by default: useoverchan: false • You can turn on the wireformat parameter, if you are using the tradspool storage method, to write articles in wire format. With wire format, messages are stored with a \r\n ending each line and periods at the beginning of lines doubled. Articles formatted in this way require no conversion. The INN server can operate more efficiently with wireformat set to true. By default, the value is false as indicated below: wireformat: false • The xrefslave parameter indicates that the INN server should be a slave to another server. In this arrangement, each INN server should have the same article numbering so that the two servers could be used interchangeably. If this value is set to true, you must set the host name of the other server using the nnrpdposthost parameter (described later). By default, this value is false as shown below: xrefslave: false Reading parameters • This set of parameters is used to validate news readers and features related to the news readers. • If the allownewnews parameter is set to true, your users can request the NEWNEWS feature from their newsreaders. The NEWNEWS feature enables a user of a newsreader to request all articles that were posted or received for a particular newsgroup since a particular date. By default, this value is on (true), as recommended by the Network News Transfer Protocol RFC (RFC977). However, overuse of this feature can result in serious performance problems for the server. If you want to turn off NEWNEWS, set the value of the allownewnews parameter to false, as follows: allownewnews: false • With the articlemmap parameter on, articles can be mapped into memory using the mmap function. By default, this parameter is off (false) and articles are read into memory before going to the newsreader. articlemmap: false • The clienttimeout parameter sets the number of seconds a connection to a client can be idle before it is dropped. By default, the value is set to 1800 (30 minutes) as follows: clienttimeout: 1800 • The nnrpdcheckart parameter sets whether or not the INN server daemon should check if an article is on the server before listing it as so. By default, this value is on as follows: nnrpdcheckart: true • The nnrpperlauth parameter can be used to cause the INN server to use "Perl hook" to check that readers are valid. If nnrpperlauth is true, then the connection is not authenticated using the readers.conf file, as it would be otherwise. This value is false by default, as shown here: nnrpperlauth: false • The nnrppythonauth parameter can be used to cause the INN server to use "Python hook" to check that readers are valid. If nnrppythonauth is true, then the connection is not authenticated using the readers.conf file, as it would be otherwise. This value is false by default, as shown here: nnrppythonauth: false • With the noreader parameter set to true, incoming connections from unknown hosts (that is, those not listed in incoming.conf), will be rejected. With this value set to false, an additional INN server daemon is launched to handle incoming connections from hosts not listed in incoming.conf. The default is false, as follows: noreader: false • The readerswhenstopped parameter can be used to allow newsreaders to connect to the INN server, even if the server is in a paused or throttled state. This feature is only available if the server is spawned from the innd daemon process (which it is not by default in Red Hat Linux). The default is false, as follows: readerswhenstopped: false • The readertrack parameter can be used to enable a system that tracks client reading and posting of articles. Client tracking is off by default (false), as follows: readertrack: false The INN server supports the feature of creating keyword databases from the body of news articles. For large feeds, this could cause a substantial performance hit on the INN server. Before you set any of these parameters, you should stop the INN server (innd) and remove the current overview database. • The keywords parameter sets whether or not keyword generation should be done at all. By default, a keyword database is not generated based on the following line: keywords: false • The keyartlimit parameter limits the maximum size of news articles for which keywords are added to the keyword database. The default is 100000, which represents about 100KB maximum size, as follows: keyartlimit: 100000 • The keylimit parameter sets the maximum amount of space that can be used to store keyword data. The default value is 512 bytes. It that limit is exceeded, further keyword data is discarded. Here is the default value: keylimit: 512 • The keymaxwords parameter indicates the maximum amount of keywords that can be used from any one article. The default value is 250 words. (Some words that are not significant, such as the or and, are not generated and will not be counted in reaching this maximum.) keymaxwords: 250Posting parameters Parameters in this section help define how programs that generate and accept postings behave. Many of these parameters relate particularly to how local postings are handled. • The addnntppostingdate parameter indicates whether or not to add the following header to local posts: NNTP−Posting−Date. This is on (true) by default, as follows: addnntppostingdate: true • The addnntppostinghost parameter indicates whether or not to add the following header to local posts: NNTP−Posting−Host. The information in this header is either the IP address or the fully−qualified domain name of the INNserver. This is on (true) by default, as follows: addnntppostinghost: true • The checkincludedtext parameter restricts how much included text can appear in a news article that is posted from your server. Included text is text from an article the user is responding to (indicated by a > character) that is copied into the current article. By default, this parameter is set to false, so there is no restriction on included text. If you set it to true, however, less than half of the text in a message can contain include lines. Turning this parameter on can result in better performance by not allowing articles that simply repeat previously sent text. Here is an example of having this parameter turned on to restrict articles containing too much included text: checkincludedtext: true • The value of the complaints parameter can be set to define an e−mail address that is placed in the X−Complaints−To: line in articles that originate from your server. Newsgroup participants can use this e−mail address to complain about something your users did. If no value is set, your newsmaster e−mail address is used. Common e−mail addresses are postmaster@domainname.com or abuse@domainname.com. Here is an example: complaints: abuse@handsonhistory.com • The fromhost parameter can be used to indicate a domain name to use when the INN server constructs e−mail addresses. If there is no value set for fromhost (which is true by default), than the local host computer's fully−qualified domain name is used. • To limit the size of locally posted articles that your news server accepts, use the localmaxartsize parameter. The default is the same as for maxartsize (1,000,000 bytes). To set that value to half the default, use the following: localmaxartsize: 500000 • The moderatormailer parameter sets the default machine containing aliases for moderated newsgroups. By default, the values in the /etc/news/moderators file are used to identify the list of all public moderated newsgroups as being available from moderators.isc.org, with the newsgroup name prepended (*.%s@moderators.isc.org). No value is entered for this parameter by default. • The nnrpdauthsender parameter indicates whether or not a Sender header is generated after the reader is authenticated. The Sender header would contain the reader's host name and authenticated user name. By default, this parameter is off (false) as shown here: nnrpdauthsender: false • If the nnrpdposthost parameter is set to a host name, all locally posted articles are sent to that host instead of being saved locally. This parameter must be set if xrefslave is true. By default, there is no value set for this parameter. • If your INN server is being used as a slave server, the nnrpdpostport parameter can be set to indicate which port on the master server to connect to. This parameter is only valid if the xrefslave and nnrpdposthost parameters are set. The default port value is 119, as shown in the following line: nnrpdpostport: 119 • The spoolfirst parameter can be used to cause articles to be spooled instead of having them sent to the INN server daemon. The default (false) is to only spool articles when an error is received from sending an article to the INN server daemon. This is how the default value is set: spoolfirst: false • The strippostcc parameter can be used to cause To, Cc, and Bcc lines to be removed from locally posted articles. The default is to not strip them out (false), as indicated by the following line: strippostcc: false Posting exponential backoff parameters A set of backoff parameters is used to control high−volume news posters. This feature works by indexing news clients by either user name or IP number. After the number of posts from the user or IP number reaches the limit set for the time period you set, posting backoff occurs, which is when your server sleeps for a period of time before posting anything. In this way, posts get through at an increasingly slower rate. The backoff feature is off by default. To turn it on, you need to set the backoffauth parameter to true. The time between postings is used to determine the sleep time. By default, no location is defined for storing backoff information. A common place to put the database of backoff information is in /var/lib/news/backoff (set by backoffdb parameter). The backoffk parameter lets you set how sleep time is multiplied. If it were set to 3, the sleep time will triple the sleep time for each subsequent post. The backoffpostfast can be used to increase the backoff sleep time when posts from the same identity arrive in less than the backoff time. The backoffpostslow parameter, by default, allows up to 86,400 postings from the same identity (because it is set to 1). Divide 86,400 by the value of backoffpostslow to allow fewer posts per day. The number of postings that are allowed before the backoff feature kicks in is set to 10,000 by the backofftrigger parameter. The following lines are examples of the default settings for the set of backoff commands. backoffauth: false backoffdb: backoffk: 1 backoffpostfast: 0 backoffpostslow: 1 backofftrigger: 10000 Monitoring parameters The innwatch program can be set up to log INN server activities. The doinnwatch parameter indicates whether or not to have the innwatch program started from the /etc/rc.news script (which starts automatically when the innd script starts the INN server at boot time). The logging service is off (false) by default. Other monitoring−related parameters set thresholds for a variety of INN server attributes that the monitoring service looks out for. These include watching for free space running out in the batch (innwatchbatchspace) [...]... maps are accessible No need to restart the NIS service You can now go through and change any of the files listed in the /etc/nsswitch file so that it is configured to let our system access the NIS maps being shared Setting Up Red Hat Linux as an NIS Master Server To configure your Red Hat Linux system as an NIS master server, you should first configure it as an NIS client (That is, set the NIS domain... server Setting Up Red Hat Linux as an NIS Client If your network uses NIS centrally to administer users, groups, network addresses, and other information, you can set up your Red Hat Linux system to use that information as an NIS client To configure Red Hat Linux as an NIS client, you need to get the following information from your NIS administrator: • NIS Domain Name — This is a keyword used to describe... subnetwork that is used to route data to other networks from the local LAN is 10.0.0.24 That address may represent a DSL modem or a Red Hat Linux system configured as a router between your LAN and the Internet The IP addresses that are dynamically assigned to clients are defined in the range declaration In this case, numbers between 10.0.0.10 and 10.0.0.100 are assigned The domain name servers, used to resolve... to do this What I did was add the command line (domainname trident) to a run−level script that runs before the ypbind daemon is started I edited the /etc/init.d/network file and added the following lines just after the first set of comment lines (about line number 9) # Set the NIS domain name domainname trident This caused my NIS domain name to be set each time my Red Hat Linux system booted When you... protocols for supported network services that are used with Internet protocols • /etc/netgroup — Used to define users (from particular hosts and domains) for permission−checking associated with remote mounts, remote shells, and remote logins • /etc/netid — Contains information that maps RPC network names to UNIX credentials Note Some of the files just shown may not be applicable to your Red Hat Linux system... time • cnfs: Articles are stored in buffer files that are configured before articles arrive In this arrangement, when a new article arrives and the buffer is full, the new article replaces the oldest article This is referred to as cyclical storage When buffers are used instead of the file system, articles can be stored and served much faster The downside to this method is that, because articles are overwritten... (probably eth0) ♦ c Click Edit ♦ d Click the Protocols tab ♦ e Click on TCP/IP ♦ f Select Edit 4 From the TCP/IP settings window, click “Automatically Obtain IP Address Settings With:” and select dhcp Then, from a Terminal window, type: # /etc/init.d/network restart By default, a Red Hat Linux client will not accept all information passed to it from the DHCP server The way that the Red Hat Linux client handles... that is sent to a particular user name to be directed to a different user (or set of users) On some systems, this file may be /etc/mailaliases instead • /etc/ethers — Used by the RARP to map Ethernet addresses into IP numbers This file is optional (By default, RARP support is not configured into Red Hat Linux. ) • /etc/bootparams — Contains entries needed to start diskless workstations (typically used... commands are enabled (true or false) • password: Assigns a string to this key that must be used by the host as a password before it can connect By default, no password is required • noresendid: Causes the innd daemon to send a 431 RESENDID response to an article that has already been received from another peer Configuring hosts that you feed The entries that you place in the /etc/news/newsfeeds file define... the news spool directory (such as /var/spool/news), each article was stored under a subdirectory named after the newsgroup For example, articles for the comp.os .linux. x newsgroup would be stored in the directory comp/os /linux/ x in the news spool directory Each article would be named by its unique message number and placed in that directory Unfortunately, the traditional way of storing news articles . can be contained in a news article: Path: news.cwix.com!newsfeed.cwix.com!1 92 . 2 52. 116 .20 5! From: Caleb Hollatz <news.handsonhistory.com> Newsgroups: comp.os .linux. misc,comp.os .linux. networking Subject:. of space that can be used to store keyword data. The default value is 5 12 bytes. It that limit is exceeded, further keyword data is discarded. Here is the default value: keylimit: 5 12 • The keymaxwords. entries in that file can be used as your default expiration times. With the remember entry, an article (even if it is expired) is remembered for 10 days. In this way, if the article is offered from