1. Forum
  2. Usenet
  3. NEWS.ADMIN.MISC

  • Poster's IP in headers

    From Adam W.@21:1/5 to All on Thu Mar 14 14:56:00 2024
    Hi,

    This is not the most active group out there, but maybe someone will be
    able to give their insights...

    Traditionally, at least in Polish part of Usenet, servers always added NNTP-Posting-Host, and later Injection-Info, with poster's IP address or revDNS. This was in times when:

    - there were restrictions on IPs per server (ISPs had their own servers
    that allowed only their customers, some other servers allowed only
    Polish IPs)

    - there were virtually no servers requiring registration prior to posting
    (restrictions were put only on IPs)

    - there were no EU laws about personal data

    - anonymizing servers were used mostly by trolls and abusers and some
    Polish servers refused to accept posts sent from them

    Back to 2024. There are much less servers able to serve Polish users, mine (news.chmurka.net) became the dominant one. It requires registration and I approve accounts manually (it has always been this way). So maybe it would
    be a good idea to abandon the NNTP-Posting-Host and restrict
    Injection-Info to username? I have IPs and source ports in logs, if
    they're ever needed for handling requests from LEA.

    What do you think? Are there servers out there that refuse posts from anonymizing servers, even if these servers require registration (and
    there's manual verification of accounts)? Are there any drawbacks of
    abandoning NNTP-Posting-Host?

    Some different ideas:

    - provide only first three octets of the IP

    - hash the IP (or only first three octets of it) with secret salt
    and provide this hash instead (as another verification that the poster
    is who they claim they are -- everyone can steal someone else's
    password...)

    - encrypt it with some key and provide the encrypted part in headers (so
    I'm able to decrypt it even if I lose the logs)

    What do you think?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thomas Hochstein@21:1/5 to Adam W. on Thu Mar 14 20:09:24 2024
    Adam W. wrote:

    So maybe it would
    be a good idea to abandon the NNTP-Posting-Host and restrict
    Injection-Info to username?

    Yes. Most (all?) larger non-commercial servers here in Germany (news.individual.net, news.eternal-september.org) drop or encrypt not only posting-host, but also posting-account. That makes all posts pseudonymous,
    but but still enables abuse management, even if relevant log files have
    already expired.

    What do you think? Are there servers out there that refuse posts from anonymizing servers, even if these servers require registration (and
    there's manual verification of accounts)?

    I don't think so, and if there are, they already miss quite a lot of
    Usenet traffic (as both news.individual.net and news.eternal-september.org
    have many international users).

    Are there any drawbacks of abandoning NNTP-Posting-Host?

    As long as you can reliable connect a posting to an account, no.

    - encrypt it with some key and provide the encrypted part in headers (so
    I'm able to decrypt it even if I lose the logs)

    Yes, that seems to be the usual way it's done:

    | Injection-Info: dont-email.me; posting-host="e6f4fdaeb1993510e7a7ff2ec7e2da2c";
    | logging-data="1575502"; mail-complaints-to="abuse@eternal-september.org";
    | posting-account="U2FsdGVkX18Y8QLNhoe7CQWt2YZRnhF9"

    | Injection-Info: paganini.bofh.team; logging-data="66671"; posting-host="Q3L9UIlFyMxrk9jCqyDbug.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";

    news.individual.net already had a custom system in place, but also uses encryption:

    | X-Trace: individual.net UMDzOdHeM50jCB6O774fvAe8JeOpQ4XDKv9MsG9WuZG50iIBud

    -thh

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Grant Taylor on Thu Mar 14 21:28:46 2024
    On 3/14/24 21:26, Grant Taylor wrote:
    But does anyone other than you / your organization have any legitimate
    need for that in the open?

    This is why I have the following in the Received: header of emails that
    pass through my MSA:

    Received: from Contact-TNet-Consulting-Abuse-for-assistance ...

    If someone needs to know where my servers got the message from, they can contact me and request the information.

    N.B. My understanding is that what I've done is perfectly RFC compliant
    in that it's a really weird host name, but still technically a host
    name. }:-)



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Adam W. on Thu Mar 14 21:26:32 2024
    On 3/14/24 09:56, Adam W. wrote:
    What do you think?

    Pause for a moment and think about who needs access to what information.

    You as the newsmaster need to be able to identify the offending account
    if / when a problem occurs.

    Law enforcement, they can get it from you with proper court orders.

    But does anyone other than you / your organization have any legitimate
    need for that in the open?

    I would suggest either encrypting the data and sending the encrypted
    blob in a header. -- Put it in a header so that you don't need to
    store it locally.

    You can probably even rotate keys occasionally and state that you can
    only decrypt something from the last X days / weeks / etc. in a comment.

    Or you could use something pseudo-anonymous that you have the ability to identify who the offending account is.



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Timo@21:1/5 to All on Wed Mar 20 19:02:34 2024
    Am 14.03.2024 um 15:56 schrieb Adam W.:

    Back to 2024. There are much less servers able to serve Polish users, mine (news.chmurka.net) became the dominant one. It requires registration and I approve accounts manually (it has always been this way). So maybe it would
    be a good idea to abandon the NNTP-Posting-Host and restrict
    Injection-Info to username? I have IPs and source ports in logs, if
    they're ever needed for handling requests from LEA.

    What do you think? Are there servers out there that refuse posts from anonymizing servers, even if these servers require registration (and
    there's manual verification of accounts)? Are there any drawbacks of abandoning NNTP-Posting-Host?

    Some different ideas:

    - provide only first three octets of the IP

    - hash the IP (or only first three octets of it) with secret salt
    and provide this hash instead (as another verification that the poster
    is who they claim they are -- everyone can steal someone else's
    password...)

    - encrypt it with some key and provide the encrypted part in headers (so
    I'm able to decrypt it even if I lose the logs)

    What do you think?

    Hi,

    I've disabled the Injection Info and am using the X-Trace header to
    store the username encrypted. Many servers do it this way. If an
    authority wants the data, they have to request it from me. For this
    purpose, I have the X-Abuse-Contact in the header.

    Should I lose the key for the X-Trace header, I simply generate a new
    one. The key changes monthly and is generated from a fixed scheme where
    only one keyword related to the month changes each month.

    What sometimes happens to me, however, is that the user's client sets additional headers, which I then don't completely filter out.

    I am not aware of any server that filters these articles.
    I don't set the NNTP-Posting-Host header myself.

    --
    Best regards,
    Timo

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Schlomo Goldberg@21:1/5 to Adam W. on Thu Oct 10 18:11:54 2024
    aw@somewhere.invalid (Adam W.) writes:

    Are there servers out there that refuse posts from
    anonymizing servers, even if these servers require registration (and
    there's manual verification of accounts)?

    I doubt it.

    Are there any drawbacks of
    abandoning NNTP-Posting-Host?

    No.

    - encrypt it with some key and provide the encrypted part in headers (so
    I'm able to decrypt it even if I lose the logs)

    That will work, but don't forget to regularly (ideally, once a day)
    rotate the key, and delete old keys once you're sure you don't need
    them.

    Remember, you are not legally obligated to keep logs or anything
    forever.

    What do you think?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)