
Cyrus NNTP
**********


Overview
========

Note: The NNTP support in Cyrus is still relatively young in the
  grand scheme of things, and has not been tested under a heavy Usenet
  load. That being said, the code appears to be stable and is
  currently running in production serving 50-60 newsgroups with a
  volume of about 6000 messages per day.

Cyrus includes a NNTP server. The NNTP works a lot like the IMAP
server, it uses the same authentication and authorization. It also
stores messages like IMAP. This means the messages are stored in one
file per post.

Cyrus has the ability to export Usenet via IMAP and/or export shared
IMAP mailboxes via NNTP.

This "diagram" shows how the various NNTP components interact.


NNTP Setup
==========

Decide where the newsgroup mailboxes will reside: either at the
toplevel of the hierarchy (eg, comp.mail.imap) or rooted elsewhere
(eg, netnews.comp.mail.imap). If the newsgroup mailboxes are not at
the toplevel of the hierarchy, then the parent must be specified using
**newsprefix** in imapd.conf(5).

1. Make sure that Cyrus is built with NNTP support using the "--
   enable-nntp" switch. This builds nntpd and the associated
   utilities.

      In many pre-packaged versions of Cyrus, the NNTP server is in
      its own package (Example: Debian has a cyrus-nntpd-2.2 package
      that must be installed in addition to the rest of Cyrus).

2. Edit "/etc/cyrus.conf".

      In order to receive usenet articles, make sure that the Cyrus
      nntpd service is enabled in cyrus.conf. The
      master/conf/normal.conf and master/conf/prefork.conf sample
      configs both include entries for nntpd (disabled by default).

      Add a new line in the SERVICES section with something like this:

         nntp: cmd="nntpd"  listen="nntp" prefork="0"

      This defines a new service that will run the nntpd command (man
      nntpd for more info) on the nntp port (defined in
      /etc/services). Since the prefork is listed as 0, Cyrus will not
      start a new process for this.

3. Edit "/etc/imapd.conf".

      There are many directives for news that can be placed in
      /etc/imapd.conf. Check out imapd.conf(5) to learn more.

      At minimum, something like this:

         # News:
         partition-news: /var/spool/cyrus/news
         newsprefix: ournews

      This tells Cyrus:

      * Where the news partition should be stored (should be similar
        to the value in **partition-default**)

      * What part of the Cyrus tree should be treated as the
        location for news groups.

      The **newsprefix** is a path in the IMAP directory hierarchy
      (that is, the hierarchy used with cyradm). User accounts, for
      instance, are often in the "users" hierarchy. Here, we are
      telling it to put the news in the "ournews" hierarchy.

4. Restart your server.


Defining Newsgroups
===================

Create a mailbox for each newsgroup to receive/export. If some groups
are private, be sure to set the ACLs accordingly. The mknewsgroups(8)
script can be used to help facilitate mass creation of newsgroup
mailboxes. When using this script, be sure to add posting rights for
'anyone' (eg. "mknewsgroups -a 'anyone +p' ...") so that articles can
be fed/posted.

News groups can be defined in two ways:

1. Use mknewsgroups(8), which is a very simple wrapper for creating
   groups

2. Use cyradm(8), and create a new mailbox for news.

Some distributions such as debian do not include mknewsgroups.


Using Cyradm
------------

Create a new group like creating a new mailbox:

   $ cm ournews/mynewsgroup

Next, set some permissions. (See cyradm(8) for more info on the cm and
sam commands.)

   $ sam ournews/mynewsgroup anyone lrsp

The above gives **L** Lookup, **R** Read, **S** Seen, and **P** Post
permissions (basically read/write -- see the man page for more) to
anyone logged into the server. More restrictive permissions are
possible. (Note: This example assumes *unixhierarchysep* is being used
in imapd.conf(5))


Configuration
=============


Push (traditional) feeds
------------------------

If the usenet peer will be pushing articles to the server, no further
configuration is necessary, beyond providing peer access to the Cyrus
server on port 119 (nntp).


Pull (suck) feeds
-----------------

If pulling articles from the peer is preferred (and the provider
allows it), then use the "fetchnews" utility which will retrieve
articles from the peer and feed them to the Cyrus server. If supported
by the peer, fetchnews will use the NEWNEWS command, otherwise it will
fallback to keeping track of the high water mark of each group.
Configure fetchnews as an EVENT in cyrus.conf(5) to be called
periodically (eg, once an hour, every 15 minutes, etc).


imapfeed
--------

Alternatively, if there is an INN v2.3 server in-house use the
included "imapfeed" utility (written by the authors of Cyrus) to feed
articles to the Cyrus server via LMTP. Consult the INN documentation
for further details.


Control Messages
----------------

Control messages are accepted, parsed and delivered to the
corresponding "control.*" pseudo-group (eg, control.newgroup,
control.cancel, etc) if it exists, so that they may be reviewed by an
administrator.

Automatic execution of control messages is only performed if the
newsmaster (default = "news") user has the proper access control for
the given mailbox. For example, to allow cancel control messages to be
performed for "misc.test" articles, give the "news" user the 'd' right
on "misc.test". To allow newgroup, rmgroup and mvgroup control
messages to be performed on the "misc" hierarchy, give the "news" user
the 'c' right on "misc".

NOTE: No sender or PGP verification of control messages is currently
implemented.


Reading/Posting articles
------------------------

In order to have articles posted by your local users propagate to the
outside world, you must specify the name of your usenet peer(s) with
the newspeer option in imapd.conf(5). This is the host(s) that nntpd
contacts to feed outgoing articles. Depending on the configuration of
the newspeer option, articles will be fed to the upstream server(s)
using either the POST or IHAVE command. Also note that you may specify
an optional wildmat to filter which groups will be fed (see
imapd.conf(5) for details).

Newsgroups can also be gatewayed to email by setting "/vendor/cmu
/cyrus-imapd/news2mail" mailbox annotations to the corresponding email
addresses.


News clients
------------

If anonymous logins are disabled (default) in imapd.conf(5), then your
news clients will have to be configured to login with a username and
password, otherwise they will not be allowed to post. Furthermore, if
plaintext logins are disabled in imapd.conf, then you might have to
configure your news clients to use SSL/TLS and enable the nntps
service in cyrus.conf(5).

If you want to allow your news clients to use the NNTP NEWNEWS
command, you will have to enable the **allownewnews** option in
imapd.conf.


Email clients
-------------

If you are exporting Usenet via IMAP, and your users' messaging
clients are not savvy enough to reply to and post articles via NNTP,
then you will have to configure your server so your users can reply to
and post articles via SMTP.

To help facilitate this, you can set the **newspostuser** option to a
pseudo user which will be used to construct email delivery addresses
for each incoming article. These addresses are inserted into a Reply-
To: in the article. For example, if set to "post", an article posted
to comp.mail.imap will have an address of "post+comp.mail.imap"
inserted into the Reply-To: header. This will allow a user to easily
reply to an article via email. Otherwise, the users will have to learn
the correct email address format for posting and replying to articles.

In order for these email messages to be fed into your news server (and
subsequently to the outside world) you need to use an email to news
gateway, such as lmtp2nntp. You need to configure your MTA (Sendmail,
Postfix, etc) so that lmtp2nntp is used as the local mailer whenever
it receives a news article. A simple rule for doing this in Sendmail
is shown below:

   # mail addressed to post+ goes to lmtp2nntp@localhost
   LOCAL_RULE_0
   Rpost + $+ < @ $=w . >              $#lmtp2nntp $@ localhost $: $1

For other configurations, consult the lmtp2nntp and documentation and
your MTA documentation.

NOTE: If anonymous logins are disabled (default) in imapd.conf(5),
then you should configure lmtp2nntp to use its "feed" operation mode.


Expiring articles
-----------------

Expiration of articles is done by the cyr_expire(8) utility. Control
over when articles are expunged is accomplished with the "/vendor/cmu
/cyrus-imapd/expire" mailbox annotation. This annotation sets the
number of days that messages should be kept in the mailbox before they
expire. All entries in the duplicate deliver database that correspond
to these messages are also kept for the same number of days before
they are purged (overriding the "cyr_expire -E" option).

Setting the expire time to 0 (zero) for a mailbox will ensure that
neither the messages nor the corresponding database entries will ever
be expired. This can be useful for shared mailboxes (e.g. mailing list
archives) which are being exported via NNTP. Note that this will cause
the duplicate delivery database to consistently grow in proportion to
the number of messages in such mailboxes.

If a mailbox does not have an expire time set on it, then the messages
will never be expunged, but the corresponding database entries WILL be
expired after the default number of days ("cyr_expire -E" option).

Note that the "/vendor/cmu/cyrus-imapd/expire" mailbox annotation is
inherited by child mailboxes, so that you may control expiration on an
entire mailbox/newsgroup hierarchy simply by setting the annotation on
the root of the hierarchy. For example, if you set the annotation on
"comp", then ALL of the newsgroups in the "comp" hierarchy will be
expired at the same time. Similarly, if you set the annotation on
"alt.binaries", all of the binary newsgroups under "alt" will be
expired at the same time (independently from "comp").


Further information
===================

This thread from the info-cyrus mailing list may be of use: Cyrus and
Usenet
