.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "NNRPD 8" .TH NNRPD 8 "2024-05-19" "INN 2.7.2" "InterNetNews Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" nnrpd \- NNTP server for reader clients .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBnnrpd\fR [\fB\-BDfnoSt\fR] [\fB\-4\fR \fIaddress\fR] [\fB\-6\fR \fIaddress\fR] [\fB\-b\fR \fIaddress\fR] [\fB\-c\fR \fIconfigfile\fR] [\fB\-i\fR \fIinitial\fR] [\fB\-I\fR \fIinstance\fR] [\fB\-p\fR \fIport\fR] [\fB\-P\fR \fIprefork\fR] [\fB\-r\fR \fIreason\fR] [\fB\-s\fR \fIpadding\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBnnrpd\fR is an \s-1NNTP\s0 server for newsreaders. It accepts commands on its standard input and responds on its standard output. It is normally invoked by \fBinnd\fR\|(8) with those descriptors attached to a remote client connection. \fBnnrpd\fR also supports running as a standalone daemon. .PP Unlike \fBinnd\fR\|(8), \fBnnrpd\fR supports all \s-1NNTP\s0 commands for user-oriented reading and posting. \fBnnrpd\fR uses the \fIreaders.conf\fR file to control who is authorized to access the Usenet database. .PP On exit, \fBnnrpd\fR will report usage statistics through \fBsyslog\fR\|(3). .PP \&\fBnnrpd\fR is run from \fBinnd\fR (the default) or from \fBinetd\fR\|(8), \fBxinetd\fR\|(8), or some equivalent. As often as not, it is also run as a daemon, with the \fB\-D\fR option, to provide \s-1TLS\s0 support on a dedicated port. .PP \&\fBnnrpd\fR only reads config files (\fIreaders.conf\fR, \fIinn.conf\fR and \&\fIinn\-secrets.conf\fR) when it is spawned. You can therefore never change the behaviour of a client that's already connected. As a new \fBnnrpd\fR process is spawned for every connection, any changes to these configuration files will be immediately effective for all new connections. There's only one exception: when \fBnnrpd\fR is run as a daemon with the \fB\-D\fR option, any configuration changes in \fIinn.conf\fR won't take effect until \fBnnrpd\fR is restarted. .PP The \fIinn.conf\fR setting \fInnrpdflags\fR can be used to pass any of the options below to instances of \fBnnrpd\fR that are spawned directly from \&\fBinnd\fR. Many options only make sense when \fB\-D\fR is used, so these options should not be used with \fInnrpdflags\fR. See also the discussion of \fInnrpdflags\fR in \fBinn.conf\fR\|(5). .PP When \fInnrpdloadlimit\fR in \fIinn.conf\fR is not \f(CW0\fR, it will also reject connections if the load average is greater than that value (typically \&\f(CW16\fR). \fBnnrpd\fR can also prevent high-volume posters from abusing your resources. See the discussion of exponential backoff in \fBinn.conf\fR\|(5). .PP \&\fBnnrpd\fR injects articles into the local server running \fBinnd\fR through a \&\s-1UNIX\s0 domain socket, or an \s-1INET\s0 domain socket if not supported. If another server should be used for injection, you can set it with the \fInnrpdposthost\fR parameter in \fIinn.conf\fR. In case authentication credentials are requested during the injection, \fBnnrpd\fR will use the \fIpasswd.nntp\fR file in \fIpathetc\fR. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-4\fR \fIaddress\fR" 4 .IX Item "-4 address" The \fB\-4\fR parameter instructs \fBnnrpd\fR to bind to the specified IPv4 address when started as a standalone daemon using the \fB\-D\fR flag. This has to be a valid IPv4 address belonging to an interface of the local host. It can also be \f(CW0.0.0.0\fR, saying to bind to all addresses (this is the default). .IP "\fB\-6\fR \fIaddress\fR" 4 .IX Item "-6 address" The \fB\-6\fR parameter instructs \fBnnrpd\fR to bind to the specified IPv6 address when started as a standalone daemon using the \fB\-D\fR flag. This has to be a valid IPv6 address belonging to an interface of the local host. It can also be \f(CW\*(C`::0\*(C'\fR, saying to bind to all IPv6 addresses. .Sp By default, \fBnnrpd\fR in daemon mode listens to both IPv4 and IPv6 addresses. With this option, it will listen only to the specified IPv6 addresses. On some systems however, a value of \f(CW\*(C`::0\*(C'\fR will cause it to listen to all IPv4 addresses as well. .IP "\fB\-b\fR \fIaddress\fR" 4 .IX Item "-b address" Similar to the \fB\-4\fR flag. \fB\-b\fR is kept for backwards compatibility. .IP "\fB\-B\fR" 4 .IX Item "-B" If specified, \fBnnrpd\fR will report login attempts to \fBblacklistd\fR\|(8) for automatic blocking after a number of failed attempts. To use this flag, the blacklist library must have been found at configure time, or \&\fB\-\-with\-blacklist\fR specified at configure time. For more information, see \&\*(L"\s-1BLACKLISTD SUPPORT\*(R"\s0 below. .IP "\fB\-c\fR \fIconfigfile\fR" 4 .IX Item "-c configfile" By default, \fBnnrpd\fR reads the \fIreaders.conf\fR configuration file to determine how to authenticate connections. The \fB\-c\fR flag specifies an alternate file for this purpose. If the file name isn't fully qualified, it is taken to be relative to \fIpathetc\fR in \fIinn.conf\fR. (This is useful to have several instances of \fBnnrpd\fR running on different ports or \s-1IP\s0 addresses with different settings.) .IP "\fB\-D\fR" 4 .IX Item "-D" If specified, this parameter causes \fBnnrpd\fR to operate as a daemon. That is, it detaches itself and runs in the background, forking a process for every connection. By default, \fBnnrpd\fR listens on the \s-1NNTP\s0 port (119), so either \fBinnd\fR\|(8) has to be started on another port or the \fB\-p\fR parameter used. Note that with this parameter, \fBnnrpd\fR continues running until killed. This means that it reads \fIinn.conf\fR once on startup and never again until restarted. \fBnnrpd\fR should therefore be restarted if \&\fIinn.conf\fR is changed. .Sp When started in daemon mode, \fBnnrpd\fR will write its \s-1PID\s0 into a file in the \fIpathrun\fR directory. The file will be named \fInnrpd.pid\fR if \fBnnrpd\fR listens on port 119 (default), or \fInnrpd\-%d.pid\fR, where \f(CW%d\fR is replaced with the port that \fBnnrpd\fR is configured to listen on (\fB\-p\fR option is given and its argument is not \f(CW119\fR). .Sp You may also want to use \fB\-s\fR when running \fBnnrpd\fR as a daemon. .IP "\fB\-f\fR" 4 .IX Item "-f" If specified, \fBnnrpd\fR does not detach itself and runs in the foreground when started as a standalone daemon using the \fB\-D\fR flag. .IP "\fB\-i\fR \fIinitial\fR" 4 .IX Item "-i initial" Specify an initial command to \fBnnrpd\fR. When used, \fIinitial\fR is taken as if it were the first command received by \fBnnrpd\fR. After having responded, \fBnnrpd\fR will close the connection. .IP "\fB\-I\fR \fIinstance\fR" 4 .IX Item "-I instance" If specified, \fIinstance\fR is used as an additional static portion within Message-IDs generated by \fBnnrpd\fR, when \fIvirtualhost\fR is set in access groups in \fIreaders.conf\fR; typically this option would be used where a cluster of machines exist with the same virtual hostname and must be disambiguated during posts. .IP "\fB\-n\fR" 4 .IX Item "-n" The \fB\-n\fR flag turns off resolution of \s-1IP\s0 addresses to names. If you only use IP-based restrictions in \fIreaders.conf\fR and can handle \s-1IP\s0 addresses in your logs, using this flag may result in some additional speed. .IP "\fB\-o\fR" 4 .IX Item "-o" The \fB\-o\fR flag causes all articles to be spooled instead of sending them to \fBinnd\fR\|(8). \fBrnews\fR with the \fB\-U\fR flag should be invoked from cron on a regular basis to take care of these articles. This flag is useful if \fBinnd\fR is accepting articles and \fBnnrpd\fR is started standalone or using \fBinetd\fR\|(8). .IP "\fB\-p\fR \fIport\fR" 4 .IX Item "-p port" The \fB\-p\fR parameter instructs \fBnnrpd\fR to listen on \fIport\fR when started as a standalone daemon using the \fB\-D\fR flag. .IP "\fB\-P\fR \fIprefork\fR" 4 .IX Item "-P prefork" The \fB\-P\fR parameter instructs \fBnnrpd\fR to prefork \fIprefork\fR children awaiting connections when started as a standalone daemon using the \&\fB\-D\fR flag. .IP "\fB\-r\fR \fIreason\fR" 4 .IX Item "-r reason" If the \fB\-r\fR flag is used, then \fBnnrpd\fR will reject the incoming connection giving \fIreason\fR as the text. This flag is used by \fBinnd\fR\|(8) when it is paused or throttled. \fIreason\fR should be encoded in \s-1UTF\-8.\s0 .IP "\fB\-s\fR \fIpadding\fR" 4 .IX Item "-s padding" As each command is received from a client, \fBnnrpd\fR tries to change its \&\f(CW\*(C`argv\*(C'\fR array containing the process title so that commands like \fBps\fR\|(1) will print out the hostname of the connected client and the command being executed. To get a full display, the \fB\-s\fR flag may be used with a long string as its argument, which will be overwritten when \fBnnrpd\fR changes its title. .Sp When \fBinnd\fR spawns \fBnnrpd\fR, this flag is used with an argument made of 48 spaces. .IP "\fB\-S\fR" 4 .IX Item "-S" If specified, \fBnnrpd\fR will start a negotiation for a \s-1TLS\s0 session as soon as connected. To use this flag, the OpenSSL \s-1SSL\s0 and crypto libraries must have been found at configure time, or \fB\-\-with\-openssl\fR specified at configure time. For more information on running \fBnnrpd\fR with \s-1TLS\s0 support, see \*(L"\s-1TLS SUPPORT\*(R"\s0. .IP "\fB\-t\fR" 4 .IX Item "-t" If the \fB\-t\fR flag is used, then all client commands and initial responses will be traced by reporting them in syslog. This flag is set by \fBinnd\fR\|(8) under the control of the \fBctlinnd\fR\|(8) \f(CW\*(C`trace\*(C'\fR command, and is toggled upon receipt of a \s-1SIGHUP\s0; see \fBsignal\fR\|(2). .SH "TLS SUPPORT" .IX Header "TLS SUPPORT" If \s-1INN\s0 is built with \fB\-\-with\-openssl\fR or if the OpenSSL \s-1SSL\s0 and crypto libraries are found at configure time, \fBnnrpd\fR will support news reading over \s-1TLS\s0 (also known as \s-1SSL\s0). For clients that use the \s-1STARTTLS\s0 command, no special configuration is needed beyond creating a \s-1TLS/SSL\s0 certificate for the server. You should do this in exactly the same way that you would generate a certificate for a web server. .PP If you're happy with a self-signed certificate (which will generate warnings with some news reader clients), you can create and install one in the default path by running \f(CW\*(C`make cert\*(C'\fR after \f(CW\*(C`make install\*(C'\fR when installing \s-1INN,\s0 or by running the following commands: .PP .Vb 7 \& umask 077 \& openssl req \-new \-x509 \-nodes \-out /cert.pem \e \& \-days 366 \-keyout /key.pem \& chown news:news /cert.pem \& chmod 640 /cert.pem \& chown news:news /key.pem \& chmod 600 /key.pem .Ve .PP Replace the paths with something appropriate to your \s-1INN\s0 installation. This will create a self-signed certificate that will expire in a year. The \fBopenssl\fR program will ask you a variety of questions about your organization. Enter the fully qualified domain name of your news service (either the server canonical name or a dedicated alias for the news service) as the name the certificate is for. .PP You then have to set these \fIinn.conf\fR parameters with the right paths: .PP .Vb 3 \& tlscapath: \& tlscertfile: /cert.pem \& tlskeyfile: /key.pem .Ve .PP If you want to use a complete certificate chain, you can directly put it in \fItlscertfile\fR (like Apache's \fISSLCertificateFile\fR directive). Alternately, you can put a single certificate in \fItlscertfile\fR and use \&\fItlscafile\fR for additional certificates needed to complete the chain, like a separate authority root certificate. .PP More concretely, when using Let's\ Encrypt certificates, Certbot's files can be installed as follows: .PP .Vb 3 \& tlscapath: /etc/letsencrypt/live/news.server.com \& tlscertfile: /etc/letsencrypt/live/news.server.com/fullchain.pem \& tlskeyfile: /etc/letsencrypt/live/news.server.com/privkey.pem .Ve .PP or: .PP .Vb 4 \& tlscapath: /etc/letsencrypt/live/news.server.com \& tlscafile: /etc/letsencrypt/live/news.server.com/chain.pem \& tlscertfile: /etc/letsencrypt/live/news.server.com/cert.pem \& tlskeyfile: /etc/letsencrypt/live/news.server.com/privkey.pem .Ve .PP Make sure that the permission rights are properly set so that the news user or the news group can read these directories and files (typically, he should access \fI/etc/letsencrypt/live/news.server.com\fR and \&\fI/etc/letsencrypt/archive/news.server.com\fR where the real keys are located, and the private key should not be world-readable). .PP If you prefer to point to files outside the directory of Let's\ Encrypt, you may add a post-renewal hook for Let's\ Encrypt to copy the generated files to another location, and give them the expected rights. .PP There are two common ways for a news client to negotiate a \s-1TLS\s0 connection: either via the use of a dedicated port (usually 563) on which \s-1TLS\s0 is immediately negotiated upon connection, or via the now discouraged way (per \s-1RFC\s0\ 8143) to use the \s-1STARTTLS\s0 command on the usual \s-1NNTP\s0 port (119) to dynamically upgrade from unencrypted to TLS-protected traffic during an \s-1NNTP\s0 session. \fBinnd\fR does not, however, know how to listen for connections to that separate port (563). You will therefore need to arrange for \fBnnrpd\fR to listen on that port through some other means. This can be done with the \fB\-D\fR flag along with \f(CW\*(C`\-p 563\*(C'\fR and put into your init scripts: .PP .Vb 1 \& su news \-s /bin/sh \-c \*(Aq/nnrpd \-D \-p 563 \-S\*(Aq .Ve .PP but the easiest way is probably to add a line like: .PP .Vb 1 \& nntps stream tcp nowait news /nnrpd nnrpd \-S .Ve .PP to \fI/etc/inetd.conf\fR or the equivalent on your system and let \fBinetd\fR run \fBnnrpd\fR. (Change the path to \fBnnrpd\fR to match your installation.) You may need to replace \f(CW\*(C`nntps\*(C'\fR with \f(CW563\fR if \f(CW\*(C`nntps\*(C'\fR isn't defined in \&\fI/etc/services\fR on your system. You may also want to use the lowercase \fB\-s\fR flag with a long string as its argument to see more information about incoming connections in \fBps\fR\|(1) output. .PP Optionally, you may set the \fItlsciphers\fR, \fItlsciphers13\fR, \&\fItlscompression\fR, \fItlseccurve\fR, \fItlspreferserverciphers\fR, and \&\fItlsprotocols\fR parameters in \fIinn.conf\fR to fine-tune the behaviour of the \s-1TLS/SSL\s0 negotiation whenever a new attack on the \s-1TLS\s0 protocol or some supported cipher suite is discovered. .SH "BLACKLISTD SUPPORT" .IX Header "BLACKLISTD SUPPORT" \&\fBblacklistd\fR\|(8) is a FreeBSD/NetBSD daemon for preventing brute force attacks by blocking attackers after a number of failed login attempts. When \fBnnrpd\fR is built with blacklistd support, it will report login attempts to the blacklistd daemon for potential blocking. .PP Adding the configuration below to \fI/etc/blacklistd.conf\fR under the \f(CW\*(C`[local]\*(C'\fR section, assuming \fBnnrpd\fR is listening on port 563, would lead to attackers being blocked for 10 minutes after 5 failed login attempts. .PP .Vb 2 \& # adr/mask:port type proto owner name nfail disable \& 563 stream * * * 5 10m .Ve .PP See the \fBblacklistd\fR\|(8) documentation for more information. .SH "PROTOCOL DIFFERENCES" .IX Header "PROTOCOL DIFFERENCES" \&\fBnnrpd\fR implements the \s-1NNTP\s0 commands defined in \s-1RFC\s0\ 3977 (\s-1NNTP\s0), \&\s-1RFC\s0\ 4642 updated by \s-1RFC\s0\ 8143 (\s-1TLS/NNTP\s0), \s-1RFC\s0\ 4643 (\s-1NNTP\s0 authentication), \s-1RFC\s0\ 6048 (\s-1NNTP LIST\s0 additions) and \s-1RFC\s0\ 8054 (\s-1NNTP\s0 compression) with the following differences: .IP "1." 4 The \s-1XGTITLE\s0 [\fIwildmat\fR] command is provided. This extension is used by ANU-News and documented in \s-1RFC\s0\ 2980. It returns a \f(CW282\fR reply code, followed by a one-line description of all newsgroups that match the pattern. The default is the current group. .Sp Note that \s-1LIST NEWSGROUPS\s0 should be used instead of \s-1XGTITLE.\s0 .IP "2." 4 The \s-1XHDR\s0 \fIheader\fR [\fImessage-ID\fR|\fIrange\fR] command is implemented. It returns a \f(CW221\fR reply code, followed by specific header fields for the specified range; the default is to return the data for the current article. See \s-1RFC\s0\ 2980. .Sp Note that \s-1HDR\s0 should be used instead of \s-1XHDR.\s0 .IP "3." 4 The \s-1XOVER\s0 [\fIrange\fR] command is provided. It returns a \f(CW224\fR reply code, followed by the overview data for the specified range; the default is to return the data for the current article. See \s-1RFC\s0\ 2980. .Sp Note that \s-1OVER\s0 should be used instead of \s-1XOVER.\s0 .IP "4." 4 A new command, \s-1XPAT\s0 \fIheader\fR \fImessage-ID\fR|\fIrange\fR \fIpattern\fR [\fIpattern\fR ...], is provided. The first argument is the case-insensitive name of the header field to be searched. The second argument is either an article range or a single message-ID, as specified in \s-1RFC\s0\ 2980. The third argument is a \fIuwildmat\fR\-style pattern; if there are additional arguments, they are joined together separated by a single space to form the complete pattern. This command is similar to the \s-1XHDR\s0 command. It returns a \f(CW221\fR response code, followed by the text response of all article numbers that match the pattern. .IP "5." 4 A newsgroup name is case-sensitive for \fBnnrpd\fR. .IP "6." 4 If \s-1IHAVE\s0 has been advertised, it will not necessarily be advertised for the entire session (contrary to section 3.4.1 of \s-1RFC\s0\ 3977). \fBnnrpd\fR only advertises the \s-1IHAVE\s0 capability when it is really available. .IP "7." 4 \&\fBnnrpd\fR allows a wider syntax for wildmats and ranges (especially \f(CW\*(C`\-\*(C'\fR and \f(CW\*(C`\-\f(CIarticle\-number\f(CW\*(C'\fR). .IP "8." 4 When keyword generation is used, an experimental feature enabled with the \&\fIkeywords\fR parameter in \fIinn.conf\fR, \f(CW\*(C`Keywords:full\*(C'\fR is advertised in \&\s-1LIST OVERVIEW.FMT\s0 even though overview information is computed and does not necessarily come from Keywords header fields. .SH "HISTORY" .IX Header "HISTORY" Written by Rich \f(CW$alz\fR for InterNetNews. Overview support added by Rob Robertston and Rich in January, 1993. Exponential backoff (for posting) added by Dave Hayes in Febuary 1998. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBblacklistd\fR\|(8), \fBctlinnd\fR\|(8), \fBinnd\fR\|(8), \fBinn.conf\fR\|(5), \fBinn\-secrets.conf\fR\|(5), \&\fBlibinn_uwildmat\fR\|(3), \fBnnrpd.track\fR\|(5), \fBpasswd.nntp\fR\|(5), \fBreaders.conf\fR\|(5), \&\fBsignal\fR\|(2).