XPost: news.software.nntp

Path: tcpreset/net
Server: news/tcpreset/net
Onion: peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion
Port: 119
accept from: news-out tcpreset net
feed to: news-in tcpreset net
Location: Nuremberg (DE)
Software: Ubuntu-22.04, INN2.6.4, Cleanfeed, Spamassassin
Contact: info(a)tcpreset.net
Abuse: abuse(a)tcpreset.net
IPv4: 94.130.76.71
ipv6: 2a01:4f8:c0c:2f94::1
Hierarchies: Only Text
Article size: <65536

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

On Thu, 3 Apr 2025 07:11:42 +0200
Gabx <info@tcpreset.invalid> wrote:

Onion: peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion

Hmm, I didn't know about this. Being on an anonymous network leaves it
well open to abuse. Do you limit public posting to people you know and
have approved accounts?


--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Nigel Reed wrote:

On Thu, 3 Apr 2025 07:11:42 +0200
Gabx <info@tcpreset.invalid> wrote:

Onion: peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion

Hmm, I didn't know about this. Being on an anonymous network leaves it
well open to abuse. Do you limit public posting to people you know and
have approved accounts?

No,
our server intentionally operates as an open-access system: we do not
require registration or explicitly limit posting privileges only to
known users or pre-approved accounts.

However, to prevent abuse and spam effectively, we've implemented strong automated anti-abuse measures, including Cleanfeed, SpamAssassin, and a Hashcash-based proof-of-work mechanism.

A Hashcash token generation mechanism is designed to prevent automated
spam by requiring users to perform computational work (proof-of-work).
The higher the bits value, the greater the effort needed, significantly deterring spammers.

We are currently evaluating PyClean https://github.com/crooks/PyClean/tree/master and NoCeM to further
enhance these protections.

Additionally, we will soon implement secure NNTP connections via port
563, supporting TLS v1.2 and v1.3 with mandatory authentication.

Additionally, we actively monitor and moderate public postings to
maintain high standards without sacrificing user privacy or openness.

I understand your suggestion about requiring, for example, email-based authentication and registration as a means of identifying potential
abusers.

However, relying solely on email addresses doesn't necessarily guarantee
a clear or reliable identification of malicious users.

Email addresses are trivially easy for abusers to obtain anonymously or
through disposable services, and thus cannot unequivocally distinguish legitimate users from abusers.

Consequently, our technical anti-abuse strategies and active moderation policies offer more practical, robust, and privacy-respecting protection against spam and malicious activities than email-based identification alone.

Moreover, I believe there's a fundamental misunderstanding regarding the
Onion network and spam: spam activities typically rely heavily on
clearnet due to the ease of automated bulk distribution and openness to
mass harvesting techniques.

Conversely, the Onion network, by design, introduces *latency* and complexity—conditions fundamentally incompatible with large-scale spam operations.
Far from facilitating abuse, Tor's nature often discourages spam and
mass attacks by making automated, high-volume transmissions costly and impractical.

I'd be happy to further discuss alternative strategies or enhancements
to address your concerns effectively.

I apologize for my lengthy explanations; however, i anticipated concerns
being raised about the onion address and wanted to address them clearly.

Best regards
Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

On 03.04.2025 07:11 Uhr Gabx wrote:

ipv6: 2a01:4f8:c0c:2f94::1

Connection refused from my system. Please investigate.

--
kind regards
Marco

Send spam to 1743657102muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Marco Moock wrote:

On 03.04.2025 07:11 Uhr Gabx wrote:

ipv6: 2a01:4f8:c0c:2f94::1

Connection refused from my system. Please investigate.

It should work now!

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

* Gabx wrote:

Nigel Reed wrote:

On Thu, 3 Apr 2025 07:11:42 +0200
Gabx <info@tcpreset.invalid> wrote:

Onion: peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion

Hmm, I didn't know about this. Being on an anonymous network leaves it
well open to abuse. Do you limit public posting to people you know and
have approved accounts?

No,
our server intentionally operates as an open-access system: we do not
require registration or explicitly limit posting privileges only to
known users or pre-approved accounts.

However, to prevent abuse and spam effectively, we've implemented strong automated anti-abuse measures, including Cleanfeed, SpamAssassin, and a Hashcash-based proof-of-work mechanism.

A Hashcash token generation mechanism is designed to prevent automated
spam by requiring users to perform computational work (proof-of-work).
The higher the bits value, the greater the effort needed, significantly deterring spammers.

Given that you provide access via TOR and anonymous remailers using a
mail2news gateway, how and where would you implement your "hashcash
proof of work", when there is no direct interaction between the users
and your server infrastructure?

--
Пу́тін — хуйло́
https://www.eternal-september.org

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Marco Moock wrote:

On 03.04.2025 22:10 Uhr Gabx wrote:

It should work now!

Still doesn't.

nmap -6 -sS 2a01:4f8:c0c:2f94::1
Starting Nmap 7.92 ( https://nmap.org ) at 2025-04-04 08:36 CEST
Nmap scan report for 2a01:4f8:c0c:2f94::1
Host is up (0.024s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
143/tcp open imap
993/tcp open imaps

Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds


--
Пу́тін — хуйло́
https://www.eternal-september.org

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

On 03.04.2025 22:10 Uhr Gabx wrote:

It should work now!

Still doesn't.

--
kind regards
Marco

Send spam to 1743711027muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* nobody wrote:

Full quote removed

Thanks!

| Injection-Info: news.tcpreset.net; posting-host="localhost:127.0.0.1";
^^^^^^^^^^^^^^^^^^^
logging-data="389427"; mail-complaints-to="usenet@news.tcpreset.net"

Does news.tcpreset.net offer shell accounts for exteral users?

--
Пу́тін — хуйло́
https://www.eternal-september.org

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

On 4/3/2025 7:57 AM, Gabx wrote:

Nigel Reed wrote:

On Thu, 3 Apr 2025 07:11:42 +0200
Gabx <info@tcpreset.invalid> wrote:

Onion: peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion

Hmm, I didn't know about this. Being on an anonymous network leaves it
well open to abuse. Do you limit public posting to people you know and
have approved accounts?

No,
our server intentionally operates as an open-access system: we do not
require registration or explicitly limit posting privileges only to
known users or pre-approved accounts.

However, to prevent abuse and spam effectively, we've implemented strong automated anti-abuse measures, including Cleanfeed, SpamAssassin, and a Hashcash-based proof-of-work mechanism.

A Hashcash token generation mechanism is designed to prevent automated
spam by requiring users to perform computational work (proof-of-work).
The higher the bits value, the greater the effort needed, significantly deterring spammers.

We are currently evaluating PyClean https://github.com/crooks/PyClean/tree/master and NoCeM to further
enhance these protections.

Additionally, we will soon implement secure NNTP connections via port
563, supporting TLS v1.2 and v1.3 with mandatory authentication.

Additionally, we actively monitor and moderate public postings to
maintain high standards without sacrificing user privacy or openness.

I understand your suggestion about requiring, for example, email-based authentication and registration as a means of identifying potential
abusers.

However, relying solely on email addresses doesn't necessarily guarantee
a clear or reliable identification of malicious users.

Email addresses are trivially easy for abusers to obtain anonymously or through disposable services, and thus cannot unequivocally distinguish legitimate users from abusers.

Consequently, our technical anti-abuse strategies and active moderation policies offer more practical, robust, and privacy-respecting protection against spam and malicious activities than email-based identification
alone.

Moreover, I believe there's a fundamental misunderstanding regarding the Onion network and spam: spam activities typically rely heavily on
clearnet due to the ease of automated bulk distribution and openness to
mass harvesting techniques.

Conversely, the Onion network, by design, introduces *latency* and complexity—conditions fundamentally incompatible with large-scale spam operations.
Far from facilitating abuse, Tor's nature often discourages spam and
mass attacks by making automated, high-volume transmissions costly and impractical.

I'd be happy to further discuss alternative strategies or enhancements
to address your concerns effectively.

I apologize for my lengthy explanations; however, i anticipated concerns being raised about the onion address and wanted to address them clearly.

Best regards
Gabx

Thanks!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Does news.tcpreset.net offer shell accounts for exteral users?

It's the Tor connection on peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion:119

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Ray Banana wrote:

Given that you provide access via TOR and anonymous remailers using a mail2news gateway, how and where would you implement your "hashcash
proof of work", when there is no direct interaction between the users
and your server infrastructure?

Currently, the code shown only generates the Hashcash token; however, to properly implement this as an anti-spam tool, we still need to integrate server-side verification and force users to include it in messages they
send.
Work in progress.

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Stefan Claas wrote:

I would suggest that you take a closer look at hashcash implementations, because they can slightly differ from the original. Maybe also useful for you, if you check how Omnimix does it.

https://www.danner-net.de/omom/tutorremailhashcash.htm

BTW. I guess you changed something. My article was quoted at the beginning
and shows now only the last paragraph. It also seems that you changed something with the Newsgroups: header, so that it must appears first.

Before these changes, everything worked perfectly.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

I would suggest that you take a closer look at hashcash implementations, because they can slightly differ from the original. Maybe also useful for
you, if you check how Omnimix does it.

https://www.danner-net.de/omom/tutorremailhashcash.htm

Regards
Stefan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Stefan Claas wrote:

Stefan Claas wrote:

I would suggest that you take a closer look at hashcash implementations, because they can slightly differ from the original. Maybe also useful for you, if you check how Omnimix does it.

https://www.danner-net.de/omom/tutorremailhashcash.htm

BTW. I guess you changed something. My article was quoted at the beginning and shows now only the last paragraph. It also seems that you changed something
with the Newsgroups: header, so that it must appears first.

Before these changes, everything worked perfectly.

And there is a typo for the Web Interface. It sends as MIME UTF-8 7bit,
instead of 8bit.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.privacy.anon-server, news.software.nntp

Ray Banana <rayban@raybanana.net> wrote in news:slrnvuuss4.2m3fj.rayban@raybanana.net:

* Gabx wrote:

Nigel Reed wrote:

On Thu, 3 Apr 2025 07:11:42 +0200
Gabx <info@tcpreset.invalid> wrote:

Onion:
peannyjkqwqfynd24p6dszvtchkq7hfkwymi5by5y332wmosy5dwfaqd.onion

Hmm, I didn't know about this. Being on an anonymous network leaves
it well open to abuse. Do you limit public posting to people you
know and have approved accounts?

No,
our server intentionally operates as an open-access system: we do not
require registration or explicitly limit posting privileges only to
known users or pre-approved accounts.

However, to prevent abuse and spam effectively, we've implemented
strong automated anti-abuse measures, including Cleanfeed,
SpamAssassin, and a Hashcash-based proof-of-work mechanism.

A Hashcash token generation mechanism is designed to prevent
automated spam by requiring users to perform computational work
(proof-of-work). The higher the bits value, the greater the effort
needed, significantly deterring spammers.

Given that you provide access via TOR and anonymous remailers using a mail2news gateway, how and where would you implement your "hashcash
proof of work", when there is no direct interaction between the users
and your server infrastructure?

Pardon the intrusion.

The same place you have yours for that jerk idiot sporger/forger using
your server that has ruined public access for the surviving usenet base
today. His style is unmistakable. You can pluck it out like an AI forged
term paper.

These are some of the servers he has helped ruin or caused public access restrictions.

news.albasani.net
news.dns-netz.com
freenews.netfront.net
open-news
freedyne
neodome
tula
There's more.

You're a good guy Ray, and we do appreciate your contributions and
services. If we [ytiw] ever get our hands on this character, he'll finish
life typing with his toes and penis.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ray Banana wrote:

* nobody wrote:

Full quote removed

Thanks!

| Injection-Info: news.tcpreset.net; posting-host="localhost:127.0.0.1";
^^^^^^^^^^^^^^^^^^^
logging-data="389427"; mail-complaints-to="usenet@news.tcpreset.net"

Does news.tcpreset.net offer shell accounts for exteral users?

No.
Strange things happening.

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ray Banana wrote:

-6 -sS 2a01:4f8:c0c:2f94::1

root@news:/var/www/usenet# netstat -anptl|grep 119
tcp 0 0 0.0.0.0:119 0.0.0.0:*
LISTEN 1875963/innd
tcp 0 0 94.130.76.71:119 5.161.55.171:55241
ESTABLISHED 1875963/innd
tcp 0 0 94.130.76.71:119 5.161.41.9:38666
ESTABLISHED 1875963/innd
tcp 0 0 94.130.76.71:119 144.172.126.95:48126
ESTABLISHED 1875963/innd
tcp 0 0 94.130.76.71:119 168.119.53.7:53102
ESTABLISHED 1875963/innd
tcp 0 0 127.0.0.1:49870 127.0.0.1:119
TIME_WAIT -
tcp6 0 0 2a01:4f8:c0c:2f94:25356 2602:fe64:8::7:119
ESTABLISHED 1948154/innfeed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

Marco Moock wrote:

On 03.04.2025 07:11 Uhr Gabx wrote:

ipv6: 2a01:4f8:c0c:2f94::1

Connection refused from my system. Please investigate.

????

gabriel1@victor:~$ ping6 2a01:4f8:c0c:2f94::1
PING 2a01:4f8:c0c:2f94::1(2a01:4f8:c0c:2f94::1) 56 data bytes
64 bytes from 2a01:4f8:c0c:2f94::1: icmp_seq=1 ttl=53 time=5.16 ms
64 bytes from 2a01:4f8:c0c:2f94::1: icmp_seq=2 ttl=53 time=2.85 ms
64 bytes from 2a01:4f8:c0c:2f94::1: icmp_seq=3 ttl=53 time=3.20 ms

ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination


Chain OUTPUT (policy ACCEPT)
target prot opt source destination

root@news:/var/www/usenet# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2a01:4f8:c0c:2f94::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 proto static metric 1024 onlink pref medium

root@news:/var/www/usenet# sysctl net.ipv6.conf.all.disable_ipv6 net.ipv6.conf.all.disable_ipv6 = 0

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp

On 05.04.2025 09:26 Uhr Gabx wrote:

Marco Moock wrote:

On 03.04.2025 07:11 Uhr Gabx wrote:

ipv6: 2a01:4f8:c0c:2f94::1

Connection refused from my system. Please investigate.

????

gabriel1@victor:~$ ping6 2a01:4f8:c0c:2f94::1
PING 2a01:4f8:c0c:2f94::1(2a01:4f8:c0c:2f94::1) 56 data bytes
64 bytes from 2a01:4f8:c0c:2f94::1: icmp_seq=1 ttl=53 time=5.16 ms
64 bytes from 2a01:4f8:c0c:2f94::1: icmp_seq=2 ttl=53 time=2.85 ms
64 bytes from 2a01:4f8:c0c:2f94::1: icmp_seq=3 ttl=53 time=3.20 ms

Ping is something entirely different than TCP.

Run ss -tl
and check if NNTP and SMTP are listed for [::].

--
kind regards
Marco

Send spam to 1743838002muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 04.04.2025 21:22 Uhr Gabx wrote:

Ray Banana wrote:

* nobody wrote:

Full quote removed

Thanks!

| Injection-Info: news.tcpreset.net;
posting-host="localhost:127.0.0.1"; ^^^^^^^^^^^^^^^^^^^
logging-data="389427";
mail-complaints-to="usenet@news.tcpreset.net"

Does news.tcpreset.net offer shell accounts for exteral users?

No.
Strange things happening.

If you have a TOR hidden service configured to connect to localhost
(127.0.0.1 and ::1), it will also connect from this IP to the NNTP
server.

The NNTP server can't distinguish such traffic from traffic initiated
by local users.

--
kind regards
Marco

Send spam to 1743794535muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 05.04.2025 09:29 Uhr Gabx wrote:

tcp 0 0 0.0.0.0:119 0.0.0.0:*
LISTEN 1875963/innd

Here is the problem. inn doesn't listen on the IPv6 general socket (::)
at all. Check the INN settings.

--
kind regards
Marco

Send spam to 1743838161muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marco Moock wrote:

On 05.04.2025 09:29 Uhr Gabx wrote:

tcp 0 0 0.0.0.0:119 0.0.0.0:*
LISTEN 1875963/innd

Here is the problem. inn doesn't listen on the IPv6 general socket (::)
at all. Check the INN settings.

You are right,
i had this commented #sourceaddress6:
i have added the ip 2a01:4f8:c0c:2f94::1

root@news:/var/www/usenet# systemctl restart inn2.service
Job for inn2.service failed because the control process exited with error code.
See "systemctl status inn2.service" and "journalctl -xeu inn2.service" for details.

What do i do of wrong?

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 05.04.2025 09:50 Uhr Gabx wrote:

Marco Moock wrote:

On 05.04.2025 09:29 Uhr Gabx wrote:

tcp 0 0 0.0.0.0:119 0.0.0.0:*
LISTEN 1875963/innd

Here is the problem. inn doesn't listen on the IPv6 general socket
(::) at all. Check the INN settings.

You are right,
i had this commented #sourceaddress6:
i have added the ip 2a01:4f8:c0c:2f94::1

root@news:/var/www/usenet# systemctl restart inn2.service
Job for inn2.service failed because the control process exited with
error code. See "systemctl status inn2.service" and "journalctl
-xeu inn2.service" for details.

What do i do of wrong?

Check the logs

sudo journalctl -t inn2



--
kind regards
Marco

Send spam to 1743839459muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Es schrieb einmal Stefan Claas:

And there is a typo for the Web Interface. It sends as MIME UTF-8 7bit, instead of 8bit.

7bit or 8bit depends on whether 8-bit characters appear in the body or not.
The charset is irrelevant.

_ __
(1(1¢)
Alfred
X'Post
--
🀣🀈🀚🀌🀌 25258.9
🀨🀚 🀔🀈🀃
🀝🀨🀍
🀞🀝🀍🀔🀣🀃🀞

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Alfred Peters wrote:

Es schrieb einmal Stefan Claas:

And there is a typo for the Web Interface. It sends as MIME UTF-8 7bit, instead of 8bit.

7bit or 8bit depends on whether 8-bit characters appear in the body or not. The charset is irrelevant.

In the Web Interface it displays UTF-8 characters properly but then the
Usenet posting does not display the charaters correctly in a News Reader.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 05 Apr 2025 09:50:59 +0200, Gabx wrote:

What do i do of wrong?

2a01:4f8:c0c:2f94::1 296.838 ms !<4-1> 296.597 ms !<4-1> 296.303 ms !
<4-1>


You have a filter dropping packets, or more likely hetzner has.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

noel wrote:

2a01:4f8:c0c:2f94::1 296.838 ms !<4-1> 296.597 ms !<4-1> 296.303 ms ! <4-1>

You have a filter dropping packets, or more likely hetzner has.

It's not a filter, but it's hetzner:

root@news:~# cat /etc/netplan/50-cloud-init.yaml
network:
version: 2
ethernets:
eth0:
addresses:
- 2a01:4f8:c0c:2f94::1/64
dhcp4: true
match:
macaddress: 52:54:a2:02:2c:94
nameservers:
addresses:
- 2a01:4ff:ff00::add:2
- 2a01:4ff:ff00::add:1
routes:
- on-link: true
to: default
via: fe80::1
set-name: eth0

Is dhcp6 and/or gateway6 missing?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 05.04.2025 23:25 Uhr noel wrote:

Surely hetzner has an FAQ on how to configure ipv6 to suite their
network if they dont auto configure it (which they should)

It is NOT Hetzner's fault.

<vsqnd4$228r4$1@news.tcpreset.net> clearly indicated that the daemon
only listens on 0.0.0.0, which means IPv4 only.
[::] is all addresses on IPv6 and IPv4.

It is a config issue on INN.

--
kind regards
Marco

Send spam to 1743888350muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 05 Apr 2025 14:27:27 +0200, Gabx wrote:

noel wrote:

2a01:4f8:c0c:2f94::1 296.838 ms !<4-1> 296.597 ms !<4-1> 296.303 ms
!
<4-1>


You have a filter dropping packets, or more likely hetzner has.

It's not a filter, but it's hetzner:

root@news:~# cat /etc/netplan/50-cloud-init.yaml network:
version: 2 ethernets:
eth0:
addresses:
- 2a01:4f8:c0c:2f94::1/64 dhcp4: true match:
macaddress: 52:54:a2:02:2c:94
nameservers:
addresses:
- 2a01:4ff:ff00::add:2 - 2a01:4ff:ff00::add:1
routes:
- on-link: true
to: default via: fe80::1
set-name: eth0

Is dhcp6 and/or gateway6 missing?

I dont and wont use that format, even on the one single debian machine we
have (freepbx requires debian now) (all other servers are slackware and
much simpler to configure networking)

But our pbx uses in /etc/network/interfaces after the ipv4 stuff

iface eth0 inet6 static
address your:servers:six::ip
netmask 64
gateway your:servers:six:range::1
post-up ip -6 route add gwIP::1 dev eth0 (if using fe80::1 not needed)
dns-nameservers ::1
accept_ra 0



but fe80::1 is link-local address used for default gateways, as you are
using, and is acceptable as default route.

# ip -6 a

should see similar to

inet6 your:six::ip/64 scope global

(scope global is important)

# ip -6 route

should see similar to

::1 dev lo proto kernel metric 256 pref medium
you::six:range::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 metric 1024 pref medium

Surely hetzner has an FAQ on how to configure ipv6 to suite their network
if they dont auto configure it (which they should)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 05 Apr 2025 15:27:53 +0200, Marco Moock wrote:

On 05.04.2025 23:25 Uhr noel wrote:

Surely hetzner has an FAQ on how to configure ipv6 to suite their
network if they dont auto configure it (which they should)

It is NOT Hetzner's fault.

and you know this how? since they already said they fixed that problem

only listens on 0.0.0.0, which means IPv4 only.
[::] is all addresses on IPv6 and IPv4.

really.... well fuck me dead i nneeeeeeevvveeeerrrrrrrrr
kknnnnnnnewwwwwwwww tthhhhaaaaaaaaaaattttttttttt /sigh/

It is a config issue on INN,

maybe, surely its not that hard to configure ipv6 in inn.conf, they
showed it was commented, then stated "fixed", and one does assume they restarted inn and tested to make sure, else one wouldnt state "fixed".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Es schrieb einmal Stefan Claas:

Alfred Peters wrote:

Es schrieb einmal Stefan Claas:

And there is a typo for the Web Interface. It sends as MIME UTF-8 7bit,
instead of 8bit.

7bit or 8bit depends on whether 8-bit characters appear in the body or not. >> The charset is irrelevant.

In the Web Interface it displays UTF-8 characters properly but then the Usenet posting does not display the charaters correctly in a News Reader.

Message-ID?

Alfred
X'Post
--
🀈🀚🀣 25259.4
🀣🀤🀣🀗🀇🀍🀚🀈🀗
🀥🀇🀤🀌🀥
🀌🀍🀣

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Alfred Peters wrote:

Es schrieb einmal Stefan Claas:

Alfred Peters wrote:

Es schrieb einmal Stefan Claas:

And there is a typo for the Web Interface. It sends as MIME UTF-8 7bit, instead of 8bit.

7bit or 8bit depends on whether 8-bit characters appear in the body or not.
The charset is irrelevant.

In the Web Interface it displays UTF-8 characters properly but then the Usenet posting does not display the charaters correctly in a News Reader.

Message-ID?

<vsoprv$pbto$1@news.tcpreset.net>

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 05.04.2025 23:40 Uhr noel wrote:

On Sat, 05 Apr 2025 15:27:53 +0200, Marco Moock wrote:

On 05.04.2025 23:25 Uhr noel wrote:

Surely hetzner has an FAQ on how to configure ipv6 to suite their
network if they dont auto configure it (which they should)

It is NOT Hetzner's fault.

and you know this how? since they already said they fixed that problem

If a TCP RST is the answer, the machine itself generated that. I
haven't seen any case where this was generated by something else.

maybe, surely its not that hard to configure ipv6 in inn.conf, they
showed it was commented, then stated "fixed", and one does assume
they restarted inn and tested to make sure, else one wouldnt state
"fixed".

You can try yourself and you will see:

m@ryz:~$ date
Sa 5. Apr 17:42:31 CEST 2025
m@ryz:~$ LANG=C telnet news.tcpreset.net 119 -6
Trying 2a01:4f8:c0c:2f94::1...
telnet: Unable to connect to remote host: Connection refused
m@ryz:~$

17:45:06.500191 IP6 2a01:170:118f:2:a8f3:10c7:c96:a9ec.49352 > 2a01:4f8:c0c:2f94::1.nntp: Flags [S], seq 2838236642, win 64800, options [mss 1440,sackOK,TS val 2089538635 ecr 0,nop,wscale 7], length 0
17:45:06.512756 IP6 2a01:4f8:c0c:2f94::1.nntp > 2a01:170:118f:2:a8f3:10c7:c96:a9ec.49352: Flags [R.], seq 0, ack
2838236643, win 0, length 0


--
kind regards
Marco

Send spam to 1743889259muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

You are right,
i had this commented #sourceaddress6:
i have added the ip 2a01:4f8:c0c:2f94::1

More precisely I should have shown you this option also commented

#bindaddress6: 2a01:4f8:c0c:2f94::1

and restarting innd:

root@news:/var/www/usenet# systemctl restart inn2.service Job for
inn2.service failed because the control process exited with error code.
See "systemctl status inn2.service" and "journalctl -xeu inn2.service"
for details.

What do i do of wrong?

I didn't think I would have to use ipv6 so frequently but unfortunately ....

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 05.04.2025 19:34 Uhr Gabx wrote:

Gabx wrote:

You are right,
i had this commented #sourceaddress6:
i have added the ip 2a01:4f8:c0c:2f94::1

More precisely I should have shown you this option also commented

#bindaddress6: 2a01:4f8:c0c:2f94::1

Uncomment it and try to restart.

and restarting innd:

root@news:/var/www/usenet# systemctl restart inn2.service Job for
inn2.service failed because the control process exited with error
code. See "systemctl status inn2.service" and "journalctl -xeu
inn2.service" for details.

What do i do of wrong?

I didn't think I would have to use ipv6 so frequently but
unfortunately ....

As long as your hostname has the AAAA record, it must support it.
Otherwise certain people can't connect (those who have NAT64/DNS64).


--
kind regards
Marco

Send spam to 1743874499muell@stinkedores.dorfdsl.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

I didn't think I would have to use ipv6 so frequently but unfortunately
....

I have found this:

https://freeimage.host/i/37Y5n4

I have corrected it with news tcpreset net.

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.software.nntp, alt.privacy.anon-server

Es schrieb einmal Stefan Claas:

Es schrieb einmal Stefan Claas:

In the Web Interface it displays UTF-8 characters properly but then the
Usenet posting does not display the charaters correctly in a News Reader.

<vsoprv$pbto$1@news.tcpreset.net>

| ???????\u1e9e\u20ac
|
| https://m2usenet.virebent.art/
|
| --
| Gr??e

As I said: there are no 8-bit chars, so 7bit is correct. :*)

The 8-bit chars are obviously smashed beforehand.

Alfred
X'Post
--
🀓🀜🀍🀓🀁 25259.8
🀁🀊
🀃🀃🀦🀦🀊🀍🀎🀎
🀀🀃 🀀🀜🀃

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 05 Apr 2025 19:34:59 +0200, Gabx wrote:

More precisely I should have shown you this option also commented

#bindaddress6: 2a01:4f8:c0c:2f94::1

This in any daemon software is not needed unless you have multiple
addresses and you want to force nntpd to use/repond to just one of them,
if you do not use that settings, inn will just work with all addresses on
your machine, it will not be the source of this problem.

I didn't think I would have to use ipv6 so frequently but unfortunately
....

normally it wouldnt matter, I'm not aware of any ISP anywhere that only
issues ipv6 addresses and no v4 - probably because they know the pain
they will be in when their customers cant get to 90% of the websites out
there.

I dont use ipv6 on my news server, and its run like this since the 90's
and nobody whinges, also, last time I checked, which was last year, ipv6 traffic levels into our hosting and all mail servers, was like a needle
head in an ocean, hrmmm I should dig out my ip6concat script and run it
again, interestig to see if levels have changed, about to sun it up in
the Carribean for a bit so perhaps when I get back.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 05 Apr 2025 20:07:40 +0200, Gabx wrote:

I have found this:

https://freeimage.host/i/37Y5n4

I have corrected it with news tcpreset net.

page not found here

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

also did you check hetzner, I'm told if you checked enable ipv6 filter,
nothing gets through unless you allow it on their cloud

On Mon, 7 Apr 2025, noel wrote:

unless I missed it, I don't recall Gabx confirming above nmap output on
their side of the great firewall. Also don't recall seeing the latest
netstat after they said they fixed it not listening.

I also see tcpreset domain has LE errors - check web redirections,
seems didn't include subdomains on cert generation, but still throws
errors becasue of next point.

DNSSEC conflict, must have upgraded old SHA1 key with 13/2, but not
removed the sha1 key (in most cases since do have a good 13/2 as well,
the sha1 might be ignored, but pedantic test scripts (like one we use
will issue a fail status), as will some services, saying the cert is
not trusted. https://zonecheck.org/zonemaster might be of use

What ports are supposed to be open on ipv6 ?
I only see imap and imaps on ipv6 but you have on ipv4 some 9 services.
if you can shell to that machine lynx https://zonecheck.org (it will
show you your IP, if it gives you an IPv6 display, select port scanner
and run the basic tcp check

I also not sure why you are using inn 2.6.2, thats some 4 years old now
with 2.7.2 current and 2.8 weeks from release IIRC.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)