Results of a test of mixmin posts, comparing the past few years with today's results

[Andy Burnelli]

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nos...@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1...@news.mixmin.net>
References: <tsqtni$2ar0$1...@dont-email.me> <180220231127060887%nos...@nospam.invalid> <tsqusa$vsp5$1...@paganini.bofh.team> <tsr0sq$2pii$1...@dont-email.me> <tsrcrn$48ja$1...@dont-email.me> <180220231913479333%nos...@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="ab...@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in my
morning feed until this morning. The time stamps don't show that though,
where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?
B. What is aioe doing in that PATH if the server is supposedly down?

Thank you in advance, where I will not reply to the inevitable child-like
responses from the kindergarten mentality idiots who infest this newsgroup.

NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet scripts.

[Ed Rhodes]

On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nos...@nospam.net>
wrote:

>1. I've been using Mixmin via telnet scripts for many years.
>2. These telnet scripts were written by Marek Novotny years ago.
>3. They make use of Stunnel for Mixmin encryption on port 563.
>4. In seconds they would show up as posted (as witnessed using a
> <http://groups.google.com/g/[insert-ng-here]> URI to check)
>
>Obviously, recently, the posts were severely delayed, where the delay
>was roughly about 8 hours based on the timestamps sent versus received.
>
>But some took longer, so it's not all messages getting the same delay.
>More to the point of the question, _look_ at the path below.
>
>Huh?
>Do you see "aioe" in that path?
>How did it get there?

You replied to a post that was originally posted through aioe.

See above.

>Thank you in advance, where I will not reply to the inevitable child-like
>responses from the kindergarten mentality idiots who infest this newsgroup.

Speaking!

--

Die Juden sind unser Unglück.
- Heinrich Gotthard Freiherr von Treitschke (1834-1896)

[Andy Burnelli]

Ed Rhodes wrote:

>>Do you see "aioe" in that path?
>>How did it get there?
>
> You replied to a post that was originally posted through aioe.

Thanks for hazarding a guess as I know that answering a question
on Usenet opens all of us up to all sorts of potential insults.

I appreciate the guess but aioe has been "down" for a while
but the thread I had replied to is "brand new" in recent time.

This is the thread I had replied to:
<https://groups.google.com/g/comp.mobile.android/c/rzXt4soq9zY>
Google says it was opened on February 19th, 2023.

This is the message I sent from my "newsreader" on Sunday Feb 19th.
<https://groups.google.com/g/comp.mobile.android/c/rzXt4soq9zY/m/ji96cFipBQAJ>

That message did not show up until Wednesday morning (3 days later).
This huge delay is typical for mixmin for the past few weeks.

I've been keeping watch on all mixmin posts from me, and it takes
from 8 hours to about 3 days, where that one took 3 days even
though the Google record "says" it's dated on Feb 20, 2023 (and
note that even that is wrong as I sent it on the 19th in the morning).

How did "aioe" get in the path?
>> Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

>>B. What is aioe doing in that PATH if the server is supposedly down?
>
> See above.

Here's the data as I know it, which may not be fully accurate.
a. AIOE went down long before that thread was started
b. So there's no way AIOE could have been in my reply path

And yet it is.
WTF?

Anyone else seeing "aioe" in their PATH when sending through mixmin?
How did it get there in the path for new threads if AIOE is down?

[Morse]

On 22 Feb 2023, Andy Burnelli <nos...@nospam.net> posted some
news:tt5gee$2le7n$1...@paganini.bofh.team:

This is your post from paganini,

Path: paganini.bofh.team!eternal-september.org!reader01.eternal-
september.org!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe

.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nos...@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay
with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On
Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1...@news.mixmin.net>
References: <tsqtni$2ar0$1...@dont-email.me>
<180220231127060887%nos...@nospam.invalid>
<tsqusa$vsp5$1...@paganini.bofh.team> <tsr0sq$2pii$1...@dont-email.me>
<tsrcrn$48ja$1...@dont-email.me> <180220231913479333%nos...@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-
host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083";
mail-complaints-to="ab...@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB

Xref: paganini.bofh.team misc.phone.mobile.iphone:176203
comp.mobile.android:101089

netfront

Path:
news.netfront.net!news.endofthelinebbs.com!newsfeed.xs3.de!callisto.xs3.de
!gandalf.srv.welterde.de!eternal-september.org!reader01.eternal-
september.org!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe

.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nos...@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay
with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On
Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1...@news.mixmin.net>
References: <tsqtni$2ar0$1...@dont-email.me>
<180220231127060887%nos...@nospam.invalid>
<tsqusa$vsp5$1...@paganini.bofh.team> <tsr0sq$2pii$1...@dont-email.me>
<tsrcrn$48ja$1...@dont-email.me> <180220231913479333%nos...@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-
host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083";
mail-complaints-to="ab...@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB

Xref: news.netfront.net misc.phone.mobile.iphone:37219
comp.mobile.android:31403

cheese server

Path: eternal-september.org!reader01.eternal-
september.org!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe

.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
From: Andy Burnelli <nos...@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay
with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On
Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1...@news.mixmin.net>
References: <tsqtni$2ar0$1...@dont-email.me>
<180220231127060887%nos...@nospam.invalid>
<tsqusa$vsp5$1...@paganini.bofh.team> <tsr0sq$2pii$1...@dont-email.me>
<tsrcrn$48ja$1...@dont-email.me> <180220231913479333%nos...@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-
host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083";
mail-complaints-to="ab...@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB

Xref: reader01.eternal-september.org misc.phone.mobile.iphone:171879
comp.mobile.android:101050

Look at the path for each post.

A server always inserts itself at the begining of an article path when
received. The path doesn't necessarily reflect the exact sequence the
post traveled to get there, it's a listing of peers.

[Russ Allbery]

Andy Burnelli <nos...@nospam.net> writes:

> Huh?
> Do you see "aioe" in that path?
> How did it get there?

> Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

Everything I say here comes with the substantial caveat that the Path
header is generally not authenticated by peers and thus can be easily
forged, so any analysis of the Path header is guesswork and could be
tricked by someone in the right position in the article propagation
chain.

That said, the !.POSTED! marker is generally inserted by the server that
first accepts your message, and you said you posted through mixmin.net, so
that's consistent. That means (assuming no forgery) everything after the
!.POSTED! was either inserted by you or by mixmin.net. I'm assuming you
didn't preload your own Path header, so I would assume it was inserted by
mixmin.net.

So I believe aioe.org is in there because the mixmin.net server put it
there.

Obviously that prompts the question why. I don't know why, but one common
reason to insert other people's Path identities in your Path header is
because the Path is used by most servers to deduplicate feeds, so they
won't send an article to a server whose path identity already appears in
the Path. Therefore, a long-standing tactic for preventing your post from
showing up at some server (for whatever reason) is to add its path
identity to your Path header before posting, or during posting.

Could the mixmin.net server operator want to prevent messages posted
through that server from propagating to aioe.org? I have no idea, and
have negative interest in peering drama (and this sounds like peering
drama), but it's one reasonably obvious possible explanation.

There are other possible explanations. For example, notice that sewer is
in there twice, and appears to be the server you read the message from.
In that case, sewer is presumably part of the mixmin.net server network,
and preloading that entry is presumably some optimization to avoid making
duplicate article offers. Maybe the same thing is true for aioe.org;
maybe mixmin.net and aioe.org have a special peering relationship and
mixmin.net preloads the aioe.org path entry to prevent the messages from
propagating via normal channels because they'll be sent via some other
channel that's configured to ignore Path entries. I have done things like
that before to solve complex peering configuration issues.

I don't think there's any way of knowing for sure why it's there without
the mixmin.net server operator telling you. Without that, we can only
speculate based on reasons why people have done such things in the past.

> Two questions for those who know more about this than I do and who are
> purposefully helpful people, are the following data driven queries:

> A. How can I tell when this arrived in any given news feed?

You can't. The netnews protocols do not track that information in any way
that is available to you. You'd have to ask each individual server
operator to check their logs, or ask someone who has read access to that
server to try to put a time bound around when it showed up.

--
Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

[Russ Allbery]

Ed Rhodes <ejay...@yahoo.con> writes:

> Andy Burnelli <nos...@nospam.net> wrote:

>> Huh?
>> Do you see "aioe" in that path?
>> How did it get there?

> You replied to a post that was originally posted through aioe.

The Path header has nothing to do with replies and no part of the Path
header is constructed based on the article to which you are replying.

[21364]

On 22 Feb 2023, Russ Allbery <ea...@eyrie.org> posted some
news:87k009n...@hope.eyrie.org:

> Andy Burnelli <nos...@nospam.net> writes:
>
>> Huh?
>> Do you see "aioe" in that path?
>> How did it get there?
>
>> Path:
>> sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org
>> !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
>
> Everything I say here comes with the substantial caveat that the Path
> header is generally not authenticated by peers and thus can be easily
> forged, so any analysis of the Path header is guesswork and could be
> tricked by someone in the right position in the article propagation
> chain.
>
> That said, the !.POSTED! marker is generally inserted by the server
> that first accepts your message, and you said you posted through
> mixmin.net, so that's consistent. That means (assuming no forgery)
> everything after the !.POSTED! was either inserted by you or by
> mixmin.net. I'm assuming you didn't preload your own Path header, so
> I would assume it was inserted by mixmin.net.
>
> So I believe aioe.org is in there because the mixmin.net server put it
> there.

Along with others who peer with it.

> Obviously that prompts the question why. I don't know why, but one
> common reason to insert other people's Path identities in your Path
> header is because the Path is used by most servers to deduplicate
> feeds, so they won't send an article to a server whose path identity
> already appears in the Path. Therefore, a long-standing tactic for
> preventing your post from showing up at some server (for whatever
> reason) is to add its path identity to your Path header before
> posting, or during posting.

A server is supposed to check the path to see if a peer is already in the
list before sending to prevent loops.

> Could the mixmin.net server operator want to prevent messages posted
> through that server from propagating to aioe.org? I have no idea, and
> have negative interest in peering drama (and this sounds like peering
> drama), but it's one reasonably obvious possible explanation.

aioe and mixmin have been peering for some time.

> There are other possible explanations. For example, notice that sewer
> is in there twice, and appears to be the server you read the message
> from. In that case, sewer is presumably part of the mixmin.net server
> network, and preloading that entry is presumably some optimization to
> avoid making duplicate article offers. Maybe the same thing is true
> for aioe.org; maybe mixmin.net and aioe.org have a special peering
> relationship and mixmin.net preloads the aioe.org path entry to
> prevent the messages from propagating via normal channels because
> they'll be sent via some other channel that's configured to ignore
> Path entries. I have done things like that before to solve complex
> peering configuration issues.
>
> I don't think there's any way of knowing for sure why it's there
> without the mixmin.net server operator telling you. Without that, we
> can only speculate based on reasons why people have done such things
> in the past.
>
>> Two questions for those who know more about this than I do and who
>> are purposefully helpful people, are the following data driven
>> queries:
>
>> A. How can I tell when this arrived in any given news feed?
>
> You can't. The netnews protocols do not track that information in any
> way that is available to you. You'd have to ask each individual
> server operator to check their logs, or ask someone who has read
> access to that server to try to put a time bound around when it showed
> up.

https://www.rfc-editor.org/rfc/rfc5536

3.2.7. Injection-Date

The Injection-Date header field contains the date and time that the
article was injected into the network. Its purpose is to enable news
servers, when checking for "stale" articles, to use a <date-time>
that was added by a news server at injection time rather than one
added by the user agent at message composition time.

This header field MUST be inserted whenever an article is injected.
However, software that predates this standard does not use this
header, and therefore agents MUST accept articles without the
Injection-Date header field.

injection-date = "Injection-Date:" SP date-time CRLF

[Russ Allbery]

21364 <e...@once.org> writes:

> A server is supposed to check the path to see if a peer is already in
> the list before sending to prevent loops.

Yes. Well, sort of. It's not an important loop prevention mechanism;
loop prevention is done based on the Message-ID and Date headers and the
Path header isn't reliable enough for loop prevention. It's more of a
feed optimization; it saves you all the CHECK commands for message IDs
that the peer almost certainly already has since they appear in the Path
header.

> Russ Allbery <ea...@eyrie.org> posted:

>> Could the mixmin.net server operator want to prevent messages posted
>> through that server from propagating to aioe.org? I have no idea, and
>> have negative interest in peering drama (and this sounds like peering
>> drama), but it's one reasonably obvious possible explanation.

> aioe and mixmin have been peering for some time.

This makes me lean towards the second explanation that it's some sort of
optimization.

>>> A. How can I tell when this arrived in any given news feed?

>> You can't. The netnews protocols do not track that information in any
>> way that is available to you. You'd have to ask each individual server
>> operator to check their logs, or ask someone who has read access to
>> that server to try to put a time bound around when it showed up.

> https://www.rfc-editor.org/rfc/rfc5536

> 3.2.7. Injection-Date

> The Injection-Date header field contains the date and time that the
> article was injected into the network. Its purpose is to enable news
> servers, when checking for "stale" articles, to use a <date-time>
> that was added by a news server at injection time rather than one
> added by the user agent at message composition time.

The "injected into the network" part is important. There's only one
Injection-Date header and it's added by the server to which you post the
message. This doesn't tell you when the article has arrived in any given
news feed, since no other server adds that header. It can only tell you
when it was accepted by the first server.

Email provides this information in Received headers, but netnews doesn't
keep track of it.

[Andy Burnelli]

Russ Allbery wrote:

>> You replied to a post that was originally posted through aioe.
>
> The Path header has nothing to do with replies and no part of the Path
> header is constructed based on the article to which you are replying.

I agree with you that it's "impossible" (although it happened!) for me to
have replied to _anyone_ with aioe in the "References:" header, simply
based on my assumption that AIOE went down weeks before this thread occurred.

However...

I would also say that if AIOE is still down, then it "should" also be
"impossible" for aioe to be in the "PATH:" header, right?

Somehow, the message went from mixmin to aioe and then to me even as
I was using dizum at the time to retrieve the messages.

Here's the "PATH:" header again, where it seems something 'funny' is
going on if AIOE is in the "PATH:" header, which anyone can reproduce.

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail


I am NOT a PATH: header expert, as all I know is you work backword from the bangs.
a. !not-for-mail
b. !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED
c. !aioe.org <=== how'd that get there?????
d. !news.uzoreto.com
e. !alphared
f. !sewer
g. !.POSTED
h. !news.mixmin.net
i. sewer

Again, I'm not an expert decomposing the path where I doubt the message took
9 hops but I'm not sure which of those bang-servers to double up on.

The issue is HOW did AIOE get into that PATH: when AIOE is supposedly down?

[Russ Allbery]

Andy Burnelli <nos...@nospam.net> writes:

> However... I would also say that if AIOE is still down, then it "should"
> also be "impossible" for aioe to be in the "PATH:" header, right?

No, any news server can put anything that it wants into the Path header.
There isn't anything in the Usenet protocol to stop it.

The next server may add some diagnostic characters to say that it doesn't
trust that Path header entry (although most servers do not currently
implement it), but unless someone writes some sort of custom filter (and
I'm not aware of any off-hand), nothing stops a server from inserting
anything it wants.

> Somehow, the message went from mixmin to aioe and then to me even as I
> was using dizum at the time to retrieve the messages.

I don't believe this is the case. I think you posted the message to
mixmin.net and then read it from a server called sewer (presumably this is
"dizum"), and the aoie.org entry was added by mixmin.net.

[RonTheGuy]

On Feb 23, 2023, Morse wrote
(in article<news:tt6l18$2tpi1$1...@paganini.bofh.team>):

> netfront

Netfront is alive?
I thought it was dead.

Is netfront only alive for no-registration reading?
Or is netfront back again alive for no-registration posting too?

Ron, the humblest guy in town.

[Andy Burnelli]

Russ Allbery wrote:

>> Somehow, the message went from mixmin to aioe and then to me even as I
>> was using dizum at the time to retrieve the messages.
>
> I don't believe this is the case. I think you posted the message to
> mixmin.net and then read it from a server called sewer (presumably this is
> "dizum"), and the aoie.org entry was added by mixmin.net.

OK. That makes sense. Thank you for that clarification. Much appreciated.
And yes, I think "sewer" is dizum's terminology as I read it with dizum.

But be advised I am no expert in PATH: headers.
So anything I say can and will be used against me. :)

All I know is they are in reverse separated by a bang and that's about it.

BTW, another guy posted what _he_ saw in the PATH: headers, and AIOE is all
over the place in his headers too.

I think it's "likely" reasonable (maybe) that mixmin inserted the aioe
parts (but of course, I have no way of knowing if that's the situation).

I think anyone can reproduce what I found out by sending a test message to
this newsgroup using the server news.mixmin.net:563 using their newsreader.

[Andy Burnelli]

Russ Allbery wrote:

> So I believe aioe.org is in there because the mixmin.net server put it
> there.

I didn't mess with the PATH: header, and, anyway, it can be tested easily
by others given only two newsservers were involved (as far as I am aware).

1. I posted to news.mixmin.net:563 (no username/password is needed)
2. I read using news.dizum.net:119 (no username/password is needed)

Given no username or password is needed, anyone should be able to reproduce
this by posting a test message to this newsgroup using those free servers.

> Obviously that prompts the question why. I don't know why, but one common
> reason to insert other people's Path identities in your Path header is
> because the Path is used by most servers to deduplicate feeds, so they
> won't send an article to a server whose path identity already appears in
> the Path. Therefore, a long-standing tactic for preventing your post from
> showing up at some server (for whatever reason) is to add its path
> identity to your Path header before posting, or during posting.

Thanks for hazarding an answer which I appreciate since I know every post
to Usenet extracts its pound of flesh no matter how heartfelt the response.

> Could the mixmin.net server operator want to prevent messages posted
> through that server from propagating to aioe.org? I have no idea, and
> have negative interest in peering drama (and this sounds like peering
> drama), but it's one reasonably obvious possible explanation.

Interesting... (I should probably check the headers from Steve's mixmin
server from _before_ Paolo's aioe server went down to see if maybe this
is just Steve's reaction to Paolo's server going down)....

> There are other possible explanations. For example, notice that sewer is
> in there twice, and appears to be the server you read the message from.

I did notice that "sewer" was there twice so thank you for pointing it out.
As a quick test, I just ran this command which anyone else can test too:
C:\> telnet news.dizum.net 119
200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)

So that's a confirmation that "sewer" is a Dizum thing.
I couldn't test mixmin the same way as I don't know how to add encryption.

C:\> telnet news.mixmin.net 119
400 Interrupted system call writing creating overview file -- throttling
Connection to host lost.

Looking up how to test to see the PATH: in mixmin I found this:
C:\> openssl s_client -showcerts -connect news.mixmin.net:563
Which spit out a lot of stuff but I didn't know what to do with it.

But at least it showed the mixmin server was alive.

> In that case, sewer is presumably part of the mixmin.net server network,
> and preloading that entry is presumably some optimization to avoid making
> duplicate article offers. Maybe the same thing is true for aioe.org;
> maybe mixmin.net and aioe.org have a special peering relationship and
> mixmin.net preloads the aioe.org path entry to prevent the messages from
> propagating via normal channels because they'll be sent via some other
> channel that's configured to ignore Path entries. I have done things like
> that before to solve complex peering configuration issues.
> I don't think there's any way of knowing for sure why it's there without
> the mixmin.net server operator telling you. Without that, we can only
> speculate based on reasons why people have done such things in the past.

It's strange that "sewer" would be used both by Steve Crook at Mixmin
and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp keyword?

>> Two questions for those who know more about this than I do and who are
>> purposefully helpful people, are the following data driven queries:
>
>> A. How can I tell when this arrived in any given news feed?
>
> You can't. The netnews protocols do not track that information in any way
> that is available to you. You'd have to ask each individual server
> operator to check their logs, or ask someone who has read access to that
> server to try to put a time bound around when it showed up.

Thanks for explaining that the date that mixmin used is all that we've got.
I did find some of these commands below that others may make use of
but I don't know enough about them to say whether they're useful or not.

C:\> echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
C:\> echo q | openssl s_client -connect news.eternal-september.org:563 | openssl x509 -noout -enddate | findstr "notAfter"
C:\> echo q | openssl s_client -connect news.dizum.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
etc.

What I was hoping was to find a way to see what the "PATH:" injected
by the nntp server would be; but none of those commands told me that.

They were just shots in the dark, but I included them in case someone
who knows how to make them report the injected PATH: could do so.

[Jesse Rehmer]

On Feb 22, 2023 at 9:20:17 PM CST, "Russ Allbery" <ea...@eyrie.org> wrote:

> I have no idea, and
> have negative interest in peering drama (and this sounds like peering
> drama), but it's one reasonably obvious possible explanation.

My first thought when reading the original post with the Path header, and
checking that I see the same Path on my server, is that some fuckery is going
on. Whether malicious intent, misconfiguration, or maybe a mixture of both,
I'm not sure, but am kind of curious.

[Russ Allbery]

Andy Burnelli <nos...@nospam.net> writes:

> Russ Allbery wrote:

>> There are other possible explanations. For example, notice that sewer
>> is in there twice, and appears to be the server you read the message
>> from.

> I did notice that "sewer" was there twice so thank you for pointing it out.
> As a quick test, I just ran this command which anyone else can test too:
> C:\> telnet news.dizum.net 119
> 200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)

Yeah, I was wrong about this. It used to be a common pattern for larger
news servers to have a variety of internal servers and to use unqualified
path entries for those internal servers, so I jumped to that conclusion
about sewer. But it appears to just be a path entry used by a different
server (news.dizum.net) that you are reading from.

It's not recommended to use unqualified names like that as path entries
because they're confusing if one is trying to track down a problem and
there's a higher chance of conflicts, but as with everything else about
Path, nothing enforces that and people do it anyway. (And some servers
have been doing it for a very long time. Back in the UUCP days,
unqualified names were standard, and there may be some remnant sites that
are that old.)

> It's strange that "sewer" would be used both by Steve Crook at Mixmin
> and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp
> keyword?

It's not. I think it's a path preload just like the aioe.org entry, and
probably added for the same reason.

Given the other information on this thread, I'm leaning towards mixmin.org
using some sort of configuration where for local posts it preloads the
path entries [*] for several peers and then sets up special feeds to those
peers that ignore the path entries. I'm not sure *why* it's set up that
way (I can speculate about a few problems that it might solve, but none of
the explanations are that satisfying), but that's what it's looking like
to me.

[*] "Preloading" is the old Usenet term for adding path entries that
aren't your own to new posts when they're injected at your server.

> Thanks for explaining that the date that mixmin used is all that we've
> got. I did find some of these commands below that others may make use
> of but I don't know enough about them to say whether they're useful or
> not.

> C:\> echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"

This is printing out the expiration date of the TLS certificate for that
server. I don't think this is useful for the question you're trying to
investigate.

> What I was hoping was to find a way to see what the "PATH:" injected by
> the nntp server would be; but none of those commands told me that.

Yeah, servers are not required to tell you. *Usually*, as with the
example above from news.dizum.net, the first word in the 200 response is
the same as the path entry for that server, but this does not have to be
the case, and indeed I don't remember off-hand which configuration setting
INN uses as the first word after 200.

If a server is preloading extra path entries, there isn't any NNTP command
that's going to tell you that; you'd have to make a post and then look at
its Path header.

[gene]

Russ Allbery <ea...@eyrie.org> wrote in
news:87v8js6...@hope.eyrie.org:

> Andy Burnelli <nos...@nospam.net> writes:
>> Russ Allbery wrote:
>
>>> There are other possible explanations. For example, notice that
>>> sewer is in there twice, and appears to be the server you read the
>>> message from.
>
>> I did notice that "sewer" was there twice so thank you for pointing
>> it out. As a quick test, I just ran this command which anyone else
>> can test too: C:\> telnet news.dizum.net 119
>> 200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)
>
> Yeah, I was wrong about this. It used to be a common pattern for
> larger news servers to have a variety of internal servers and to use
> unqualified path entries for those internal servers, so I jumped to
> that conclusion about sewer. But it appears to just be a path entry
> used by a different server (news.dizum.net) that you are reading from.

I run a Windows NNTP server where I can alter the host name and make it
appear as something else. When I configure a peer server, it appears in
the path and gets appended after the server name. I can also add a
nonexistent peer.

So Path: servername|peer1|peer2|nopeer1|nopeer2 etc.

> It's not recommended to use unqualified names like that as path
> entries because they're confusing if one is trying to track down a
> problem and there's a higher chance of conflicts, but as with
> everything else about Path, nothing enforces that and people do it
> anyway. (And some servers have been doing it for a very long time.
> Back in the UUCP days, unqualified names were standard, and there may
> be some remnant sites that are that old.)
>
>> It's strange that "sewer" would be used both by Steve Crook at Mixmin
>> and by Alex deJoode at Dizum, but maybe "sewer" is some kind of nntp
>> keyword?

Steve dosen't use "sewer" except for peering.

True and there is still room for obfuscation.

[Ivo Gandolfo]

On 23/02/2023 04:20, Russ Allbery wrote:

> So I believe aioe.org is in there because the mixmin.net server put it
> there.

Right

> Could the mixmin.net server operator want to prevent messages posted
> through that server from propagating to aioe.org? I have no idea, and
> have negative interest in peering drama (and this sounds like peering
> drama), but it's one reasonably obvious possible explanation.

Or quite simply it's not a peering-drama, but Mixmin started using
Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
the standard configuration Postfilter adds the path aioe.org to Path:
and not your server, me to beginning I had the same problem, before I
figured it out), and then here is the reason for the presence of "aioe"
in the path: without aioe being "alive".


--
Ivo Gandolfo

[Ray Banana]

On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli wrote:

> Huh?
> Do you see "aioe" in that path?
> How did it get there?
>
> Path:

> sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!
uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
> From: Andy Burnelli <nos...@nospam.net>

> Injection-Info: news.mixmin.net;
> posting-host="297e06ba09fa1546708017b06624236cbc5371ad";
> logging-data="1859083"; mail-complaints-to="ab...@mixmin.net"
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
> Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-GB Xref: sewer
> misc.phone.mobile.iphone:116151 comp.mobile.android:98520
>
> I can tell you that showed up in my morning feed but it was _not_ in my
> morning feed until this morning. The time stamps don't show that though,
> where I sent it on Sunday at 6am local time.

I just checked all articles received from mixmin during the last 10 days
(167 in total) and the only post showing this anomaly in the Path: header
is yours. All other articles are correct:

Path: eternal-september.org!reader01.eternal-september.org!
news.mixmin.net!.POSTED!not-for-mail.

--
Too many ingredients in the soup, no room for a spoon

[lark]

In article <tt75ca$2vfhi$1...@paganini.bofh.team>

You let the cat out of the bag.

[Tom Furie]

On 2023-02-22, Andy Burnelli <nos...@nospam.net> wrote:
> Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

According to my logs, the only posts through mixmin which have those
unexpected components to the right of news.mixmin.net!.POSTED, are
yours.

Cheers,
Tom

[hookenstan]

On 22 Feb 2023, Ed Rhodes <ejay...@yahoo.con> posted some
news:5aedvh9eq4853uici...@4ax.com:

No, it wasn't. You think you can read headers but you flunked path class.

[Andy Burnelli]

(this is the duplicate sent via mixmin moments later)

1. I've been using Mixmin via telnet scripts for many years.
2. These telnet scripts were written by Marek Novotny years ago.
3. They make use of Stunnel for Mixmin encryption on port 563.
4. In seconds they would show up as posted (as witnessed using a
<http://groups.google.com/g/[insert-ng-here]> URI to check)

Obviously, recently, the posts were severely delayed, where the delay
was roughly about 8 hours based on the timestamps sent versus received.

But some took longer, so it's not all messages getting the same delay.
More to the point of the question, _look_ at the path below.

Huh?
Do you see "aioe" in that path?
How did it get there?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

From: Andy Burnelli <nos...@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android
Subject: Re: T-Mobile is Ending $5 Per Line Autopay Discount if You Pay with a Credit Card <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi>
Date: Sun, 19 Feb 2023 13:30:29 +0000
Organization: Mixmin
Message-ID: <tst896$1ongb$1...@news.mixmin.net>

References: <tsqtni$2ar0$1...@dont-email.me> <180220231127060887%nos...@nospam.invalid> <tsqusa$vsp5$1...@paganini.bofh.team> <tsr0sq$2pii$1...@dont-email.me> <tsrcrn$48ja$1...@dont-email.me> <180220231913479333%nos...@nospam.invalid>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Injection-Date: Sun, 19 Feb 2023 13:30:15 -0000 (UTC)

Injection-Info: news.mixmin.net; posting-host="297e06ba09fa1546708017b06624236cbc5371ad"; logging-data="1859083"; mail-complaints-to="ab...@mixmin.net"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
Xref: sewer misc.phone.mobile.iphone:116151 comp.mobile.android:98520

I can tell you that showed up in my morning feed but it was _not_ in my
morning feed until this morning. The time stamps don't show that though,
where I sent it on Sunday at 6am local time.

I don't know how to tell when it arrived to the newsgroup, but if we
assume it arrived at 6am today (Wednesday), it took 3 elapsed days.

Two questions for those who know more about this than I do and who
are purposefully helpful people, are the following data driven queries:

A. How can I tell when this arrived in any given news feed?

B. What is aioe doing in that PATH if the server is supposedly down?

Thank you in advance, where I will not reply to the inevitable child-like
responses from the kindergarten mentality idiots who infest this newsgroup.

NOTE: As an experiment, I will send the _exact_ message, moments after
I send this message, using "news.mixmin.net:563" via my telnet scripts.

(this is the duplicate sent via mixmin moments later)

[Andy Burnelli]

Jesse Rehmer wrote:

> My first thought when reading the original post with the Path header, and
> checking that I see the same Path on my server, is that some fuckery is going
> on. Whether malicious intent, misconfiguration, or maybe a mixture of both,
> I'm not sure, but am kind of curious.

Regarding the test, I still haven't seen the original message in the mixmin
feed yet, but I expected it to be delayed over that of the paganini copy.

Regarding the PATH: header with "aioe" in it when aioe can't be in the loop
I posted to news.mixmin.net:563 & read from news.dizum.net:119

This is the resulting PATH: header.
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

What would be useful to everyone, certainly to me, I think, would be if
someone can take apart the path and tell the rest of us what it's saying.

For example, what IP address is that in the PATH: header?
It's not what a ping shows me of news.mixmin.net anyway.
C:\> ping news.mixmin.net
Pinging fleegle.mixmin.net [144.76.182.167] with 32 bytes of data:
C:\> tracert news.mixmin.net
With the last few hops not having anything near 46.165.242.75 in them...
17 253 ms 185 ms 190 ms ae4.cs1.ams17.nl.eth.zayo.com [64.125.28.36]
18 186 ms 191 ms 215 ms ae2.cs1.fra6.de.eth.zayo.com [64.125.29.58]
19 199 ms 198 ms * ae0.cs1.fra9.de.eth.zayo.com [64.125.29.55]
20 193 ms 236 ms 202 ms ae1.mcs1.fra9.de.eth.zayo.com [64.125.29.65]
21 199 ms 207 ms 189 ms as24940.frankfurt.megaport.com [62.69.146.15]
22 198 ms 200 ms * hos-tr3.ex3k4.dc4.fsn1.hetzner.com [213.239.224.69]
23 196 ms 178 ms 191 ms ex9k1.dc11.fsn1.hetzner.com [213.239.203.142]
24 182 ms 189 ms 176 ms fleegle.mixmin.net [144.76.182.167]

A google for 46.165.242.75 shows https://www.whois.com/whois/46.165.242.75
inetnum: 46.165.240.0 - 46.165.247.255
netname: Leaseweb
descr: Leaseweb Deutschland GmbH
person: RIPE Mann
address: Kleyerstrasse 75-87
address: 60326 Frankfurt am Main
address: Germany

Does that point to anything that makes sense to you why/how it's there?

And maybe can someone who knows how a PATH: works tell us how many hops it took
and who injected which bang-section into that specific nntp PATH: header?

1. !not-for-mail
2. !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED
3. !aioe.org <=== how'd that get there?????
4. !news.uzoreto.com
5. !alphared
6. !sewer
7. !.POSTED
8. !news.mixmin.net
9. sewer

[mike]

On 23-02-2023 07:41 Ivo Gandolfo <use...@bofh.team> wrote:

> Or quite simply it's not a peering-drama, but Mixmin started using
> Postfilter 9.3 by Paolo Amoroso

Did Paolo Amoroso of aioe fame write the "Postfilter" application?

I googled for those two words in combination and only this came up.
https://www.paoloamoroso.com/about

It's creepy to google someone I don't know but that guy wrote a book
https://leanpub.com/spaceappsforandroid

And he has a web page & journal on the net so he's not shy about himself.
https://journal.paoloamoroso.com/

But still, I didn't see any mention of nntp servers or aioe specifically.
Nor any mention that he wrote the Postfilter 9.3 code.

[Andy Burnelli]

lark wrote:

>> Or quite simply it's not a peering-drama, but Mixmin started using
>> Postfilter 9.3 by Paolo Amoroso (Aioe) _without_ configuring it (with
>> the standard configuration Postfilter adds the path aioe.org to Path:
>> and not your server, me to beginning I had the same problem, before I
>> figured it out), and then here is the reason for the presence of "aioe"
>> in the path: without aioe being "alive".
>
> You let the cat out of the bag.

Since I had posted to news.mixmin.net:563 and read from news.dizum.net:119
is this how the nntp PATH: header got to where it happened to get to?

Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

1. Steve Crook's mixmin server injected this into the PATH: header...
!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

2. Alex deJoode's dizum server injected this into the PATH: header...
sewer!news.mixmin.net!.POSTED!sewer

[no microwave required]

Andy Burnelli <nos...@nospam.net> wrote in
news:tt99ur$3b541$1...@paganini.bofh.team:

Dude, you've ben told multiple times by multiple different posters how the
path functions and you refuse to accept it.

It doesn't matter how many times you rehash and ask, it's not going to
change.

[Andy Burnelli]

Tom Furie wrote:

> According to my logs, the only posts through mixmin which have those
> unexpected components to the right of news.mixmin.net!.POSTED, are
> yours.

Now _that_ is interesting!
As far as I know, I'm "normal" to any of these nntp servers, so to speak.

I just saw that Wolfang said the same thing as you, so I checked what I
could in the three newsgroups I post most to, which are, for the record:
<http://news.google.com/g/comp.mobile.android>
<http://news.google.com/g/misc.phone.mobile.iphone>

If I filter those newsgroups on message id's containing mixmin, I can see
I'm not the only one posting to those newsgroups using the mixmin server.

But I pretty much see what you are saying looking at the PATH: headers.
Listed in short-to-long order to eliminate duplicates in the results
there are only about a dozen different PATH: headers in those newsgroups.

Path: sewer!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!news.mixmin.net!news.neodome.net!mail2news
Path: sewer!news2.arglkargh.de!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!weretis.net!feeder8.news.weretis.net!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!alphared!news.uzoreto.com!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail
Path: sewer!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!news2.arglkargh.de!news.karotte.org!news.szaf.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!alphared!news2.arglkargh.de!news.karotte.org!news.szaf.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader01.eternal-september.org!news.mixmin.net!.POSTED!not-for-mail
Path: sewer!alphared!2.eu.feeder.erje.net!3.us.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!news.ausics.net!news.mixmin.net!.POSTED!not-for-mail

And only mine have the "aioe" in that Path: header.
I agree that's rather odd.

Why would my PATH: show up any differently than anyone else's does?

[Andy Burnelli]

Ray Banana wrote:

> I just checked all articles received from mixmin during the last 10 days
> (167 in total) and the only post showing this anomaly in the Path: header
> is yours. All other articles are correct:
>
> Path: eternal-september.org!reader01.eternal-september.org!
> news.mixmin.net!.POSTED!not-for-mail.

That's it. You're the second person to say that, so, it must be me.
I think I need to look at those telnet scripts again.

Maybe something messed up somewhere somehow someway.
For example, the scripts mess with some headers, but not normally the PATH:
header. They just scramble the VPN and the TZONE on purpose for privacy.

Nothing fancy.
Just basic privacy.

The scripts were originally written by Marek Novotny, who has passed away.
I ported them from CentOS to Windows years ago with his expert Linux help.

Then I left them alone unless/until something broke.
Which rarely happens.

Looks like perhaps something broke.

It's either that or Steve is adding PATH: stuff just for me.
And I very much doubt that's the situation since I'm not that interesting.

Given that, I will dig into the scripts which I hadn't thought was the
issue until Wolfgang and Tim told me what they saw, and I confirmed that.

Sigh.

I apologize for what appears to be a false alarm on my part.
I'm embarrassed if that's the case, and it's looking like it indeed is.

Mea culpa.
I am sorry.

[Sn!pe]

Andy Burnelli <nos...@nospam.net> wrote:

> Ray Banana wrote:
>
> > I just checked all articles received from mixmin during the last 10 days
> > (167 in total) and the only post showing this anomaly in the Path: header
> > is yours. All other articles are correct:
> >
> > Path: eternal-september.org!reader01.eternal-september.org!
> > news.mixmin.net!.POSTED!not-for-mail.
>
> That's it. You're the second person to say that, so, it must be me.
> I think I need to look at those telnet scripts again.
>
> Maybe something messed up somewhere somehow someway.
> For example, the scripts mess with some headers, but not normally the PATH:
> header. They just scramble the VPN and the TZONE on purpose for privacy.
>
> Nothing fancy.
> Just basic privacy.
>
> The scripts were originally written by Marek Novotny, who has passed away.
> I ported them from CentOS to Windows years ago with his expert Linux help.
>
> Then I left them alone unless/until something broke.
> Which rarely happens.
>
> Looks like perhaps something broke.
>
> It's either that or Steve is adding PATH: stuff just for me.
> And I very much doubt that's the situation since I'm not that interesting.
>

Could it have anything to do with your copious activities in:-
misc.phone.mobile.iphone; comp.sys.mac.*; etc. ?

>
> Given that, I will dig into the scripts which I hadn't thought was the
> issue until Wolfgang and Tim told me what they saw, and I confirmed that.
>
> Sigh.
>
> I apologize for what appears to be a false alarm on my part.
> I'm embarrassed if that's the case, and it's looking like it indeed is.
>
> Mea culpa.
> I am sorry.

--
^Ï^. – Sn!pe – My pet rock Gordon just is.

If you want peace, prepare for war.

[Paul]

On 2/23/2023 11:27 PM, Andy Burnelli wrote:
> Tom Furie wrote:
>
>> According to my logs, the only posts through mixmin which have those
>> unexpected components to the right of news.mixmin.net!.POSTED, are
>> yours.
>
>

> Why would my PATH: show up any differently than anyone else's does?

The obscurity of your injection methods, is what ends up
finding things like these path preloads.

How many other people, inject messages exactly the way you do ?

The evidence says, none this month.

Paul

[Microsoft 365]

On 23 Feb 2023, Andy Burnelli <nos...@nospam.net> posted some
news:tt9b4f$3b8na$1...@paganini.bofh.team:

So explain this one.

Path:
news.neodome.net!weretis.net!feeder8.news.weretis.net!Andy.Burnelli.is.clu
eless|paganini.bofh.team!not-for-mail

[Julien ÉLIE]

Hi Russ,

>> 200 sewer InterNetNews NNRP server INN 2.6.3 ready (no posting)
>

> *Usually*, as with the example above from news.dizum.net, the first
> word in the 200 response is the same as the path entry for that
> server, but this does not have to be the case, and indeed I don't
> remember off-hand which configuration setting INN uses as the first
> word after 200.

Neither do I off-hand. Just checked: both innd and nnrpd advertise the
path identity after the 200/201 greeting response.
(In the next 2.8.0 major release, nnrpd will advertise instead the new
configurable server name which will also be used in Message-ID and
Injection-Info header fields. If not set, it defaults to innd's path
identity.)

--
Julien ÉLIE

« – On nage dans le lac, on escalade les montagnes…
– Ben quoi ? Nous ne sommes pas en vacances ! » (Astérix)

[Julien ÉLIE]

Hi Russ,

> one common
> reason to insert other people's Path identities in your Path header is
> because the Path is used by most servers to deduplicate feeds, so they
> won't send an article to a server whose path identity already appears in
> the Path. Therefore, a long-standing tactic for preventing your post from
> showing up at some server (for whatever reason) is to add its path
> identity to your Path header before posting, or during posting.

[...]

> maybe mixmin.net and aioe.org have a special peering relationship and
> mixmin.net preloads the aioe.org path entry to prevent the messages from
> propagating via normal channels because they'll be sent via some other
> channel that's configured to ignore Path entries. I have done things like
> that before to solve complex peering configuration issues.

I hope such insertions and preloads are done before adding the path
identity of the news server which actually handles the message.
That is to say, if my.news.server.net inserts preload.net in the Path
header field, and has verified the last entry of the received path is
the expected one, it would be this way:

Path: my.news.server.net!preload.net!!previous.path

By the way, is it wise to add a verified diag match here?
(my.news.server.net!!preload.net) I am unsure, as the article did not
pass through preload.net, and such a syntax would imply that
my.server.net verified it came from preload.net.
Yet, I also wonder if "preload.net!!previous.path" is OK as preload.net
didn't verify previous.path (it was actually verified by
my.news.server.net).

So, maybe there shouldn't be any diagnostic added when preloading at the
right side?

Path: my.news.server.net!preload.net!previous.path


The rationale for preload.net added first is that it would otherwise
mean that the next peer would know that the path identity of
my.news.server.net could be preload.net, so that it does not do
something like:

Path:
next.server.com!.MISMATCH.my.news.server.net!preload.net!my.news.server.net!previous.path



Coming back to how INN deals with additional path identities, we have 2
parameters (pathcluster and pathalias) which preload like:

Path: pathcluster!my.news.server!pathalias!previous.path


Would path diagnostic only be activated between pathcluster and
my.news.server, and never around pathalias?

Path: pathcluster!!my.news.server!pathalias!previous.path

It would imply that when pathalias is set, no verification of the path
identity of the feeding peer is done. (Or maybe a special pathaliasdiag
configuration option should be added to incoming.conf to enable it
anyway? - default would be disabled)

pathalias could indeed have 2 different uses: an internal name (and in
that case, path diag would be OK) or the name of another server (and in
that case, I am not sure path diag is OK to be added here)

--
Julien ÉLIE

« La fin du monde est un sujet sérieux, surtout pour ceux qui s'y
préparent. » (Filiu)

[hookenstan]

On 22 Feb 2023, Ed Rhodes <ejay...@yahoo.con> posted some
news:5aedvh9eq4853uici...@4ax.com:

> On Wed, 22 Feb 2023 16:38:51 +0000, Andy Burnelli <nos...@nospam.net>
> wrote:
>

>>1. I've been using Mixmin via telnet scripts for many years.
>>2. These telnet scripts were written by Marek Novotny years ago.
>>3. They make use of Stunnel for Mixmin encryption on port 563.
>>4. In seconds they would show up as posted (as witnessed using a
>> <http://groups.google.com/g/[insert-ng-here]> URI to check)
>>
>>Obviously, recently, the posts were severely delayed, where the delay
>>was roughly about 8 hours based on the timestamps sent versus
>>received.
>>
>>But some took longer, so it's not all messages getting the same delay.
>>More to the point of the question, _look_ at the path below.
>>
>>Huh?
>>Do you see "aioe" in that path?
>>How did it get there?
>

> You replied to a post that was originally posted through aioe.
>
>> Path:
>> sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org

>> !uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail From:
>> Andy Burnelli <nos...@nospam.net> Newsgroups:
>> misc.phone.mobile.iphone,comp.mobile.android Subject: Re: T-Mobile is
>> Ending $5 Per Line Autopay Discount if You Pay with a Credit Card
>> <was: 16.4 Public Beta is Out. Finally enables 5G On Google Fi> Date:
>> Sun, 19 Feb 2023 13:30:29 +0000 Organization: Mixmin
>> Message-ID: <tst896$1ongb$1...@news.mixmin.net>
>> References: <tsqtni$2ar0$1...@dont-email.me>
>> <180220231127060887%nos...@nospam.invalid>
>> <tsqusa$vsp5$1...@paganini.bofh.team> <tsr0sq$2pii$1...@dont-email.me>
>> <tsrcrn$48ja$1...@dont-email.me>

[Andy Burnelli]

Paul wrote:

> The obscurity of your injection methods, is what ends up
> finding things like these path preloads.
>
> How many other people, inject messages exactly the way you do ?
>
> The evidence says, none this month.

Hi Paul,
Thanks. I know you well from the Windows ng and you're a purposefully
helpful guy, like I am, who has helped thousands over the years.

I found the problem which was a syntax error crept into the scripts.

I will send _this_ message via Paganini & Mixmin on Saturday February 26th,
at 11pm via my telnet scripts and at the same time I will ensure my system
time (which changes randomly to foil fingerprinters) will be Pacific Time.

I expect the Mixmin copy to arrive in a few days, sans aioe in the path.

[Andy Burnelli]

Paul wrote:

> The obscurity of your injection methods, is what ends up
> finding things like these path preloads.
>
> How many other people, inject messages exactly the way you do ?
>
> The evidence says, none this month.

[f...@sdf.org]

On 2023-02-22, Andy Burnelli <nos...@nospam.net> wrote:
> 1. I've been using Mixmin via telnet scripts for many years.
> 2. These telnet scripts were written by Marek Novotny years ago.
> 3. They make use of Stunnel for Mixmin encryption on port 563.
> 4. In seconds they would show up as posted (as witnessed using a
> <http://groups.google.com/g/[insert-ng-here]> URI to check)

> Obviously, recently, the posts were severely delayed, where the delay
> was roughly about 8 hours based on the timestamps sent versus received.

> But some took longer, so it's not all messages getting the same delay.
> More to the point of the question, _look_ at the path below.

> Huh?
> Do you see "aioe" in that path?
> How did it get there?
>

> Path: sewer!news.mixmin.net!.POSTED!sewer!alphared!news.uzoreto.com!aioe.org!uC+u+wrvCiJRhswcuU7oWw.user.46.165.242.75.POSTED!not-for-mail

perhaps aioe still has a transit (peering) server running and only its
reader is down.

--
SDF Public Access UNIX System - https://sdf.org

That which does not kill you makes you stranger.
-- Trevor Goodchild - AEon Flux

[Ivo Gandolfo]

On 24/02/2023 04:26, mike wrote:
> But still, I didn't see any mention of nntp servers or aioe specifically.
> Nor any mention that he wrote the Postfilter 9.3 code.
>

https://github.com/Aioe

--
Ivo Gandolfo

[Nomen Nescio]

This message have your User-Agent in Path.

[Nomen Nescio]

Russ Allbery <ea...@eyrie.org> writes:

> Ed Rhodes <ejay...@yahoo.con> writes:

>> Andy Burnelli <nos...@nospam.net> wrote:
>
>>> Huh?
>>> Do you see "aioe" in that path?
>>> How did it get there?
>

>> You replied to a post that was originally posted through aioe.
>
> The Path header has nothing to do with replies and no part of the Path
> header is constructed based on the article to which you are replying.

Check Path header in this message: <ttf01c$1ckpr$1...@news.mixmin.net>

[crazy blackjack]

On 22 Feb 2023, Andy Burnelli <nos...@nospam.net> posted some
news:tt5gh5$3c90k$1...@news.mixmin.net:

Vous êtes un fou du TOC et les gens aiment jouer avec vous.

Sujet : Re: Suprisingly a Peering request
De : mnalis-news (at) *nospam* voyager.hr (Matija Nalis)
Groupes : news.admin.peering
Date : 06. Jan 2022, 17:01:44
Autres entêtes
On Wed, 5 Jan 2022 21:17:31 -0600, R. Holme <hol...@url.invalid> wrote:
$> openssl s_client -ign_eof -connect news.cyber23.de:563
>
Port 119 is MITM spook and blackhat territory. This is why I ask about a
secure connection being available.
>
Posting _anything_ to port 119 that is not cryptographically signed can
allow the blackhats and spooks to interject, change en route your data.

Why do you think there is any difference in security between
"TLS connect to port 563 directly" compared to "plaintext connect to
port 119, issue 'STARTTLS' command, and refuse to proceed unless server
offers TLS" ?

(assuming your client has an option "force use of STARTTLS", of course -
if it does not, that seems like a client bug, if it's interested in
offering transport security).

[Marco Moock]

Am 22.02.2023 um 21:08:23 Uhr schrieb Russ Allbery:

> Andy Burnelli <nos...@nospam.net> writes:
> > Somehow, the message went from mixmin to aioe and then to me even
> > as I was using dizum at the time to retrieve the messages.
>
> I don't believe this is the case. I think you posted the message to
> mixmin.net and then read it from a server called sewer (presumably
> this is "dizum"), and the aoie.org entry was added by mixmin.net.

Why should mixmin do that?

[Marco Moock]

Am 28.02.2023 um 18:06:50 Uhr schrieb f...@sdf.org:

> perhaps aioe still has a transit (peering) server running and only
> its reader is down.

According to E-S, they use newsfeed.aioe.org which points to
46.165.242.75.

I get ICMP dest unreachable.