PDA

View Full Version : Newsgroups YENC-POWER-POST-A&A, Upload Using Secure SSL Server Connections



SonsOfLiberty
02-18-2009, 04:24 AM
Hi ya :)

All credits go to who wrote the tutorial, I ripped it from a site some time ago, and can't find the link...all props to the author! If you have the link, go ahead and post it so I can give proper credit :)

With the entire world going more paranoid, not to mention ISP's jumping on anything that can seem like file sharing
and many/most premium usenet providers now offering SSL encrypted connections I tought it was time to write a simple
guide as to how to enable SSL encyrption when using Yenc PowerPost A&A wich I assume most people use to post to newsgroups.

Software Needed, please have them installed before continuing.

YENC-POWER-POST-A&A (http://powerpost.cjb.net/)

sTunnel (http://www.stunnel.org/)



The Guide

This guide is unfortunately only for Windows users, I have no idea about how to do the same thing on a Mac, under Linux,
BSD or other operating systems.


Step 1:
Go to the Stunnel install directory (usualy c:\Program Files\stunnel\) and open the stunnel.conf file in notepad or
whatever other favorite text editor you might use.

In that file look for a line that says:
;client = yes

Remove the ; from the start of that line so it now reads
client = yes

Then add the following lines to the bottom of the file:
[nntp]
accept = 119
connect = address.for.your.ssl.enabled.newsservers:port.number

The accept line indicates what port the Stunnel software should listen for traffic on and this should be 119 as that is the
standard usenet port. Don't worry if you have changed that to something else for whatever reason since this is going on
inside your firewall, just keep it as 119.

The address is exactly what it sounds like, the address you usually connect to when downloading using your download client
and the port number is the port number used for the ssl connection, usualy 563.

So, just for the example, my lines, when using Usenetserver as my provider lookes like this:

[nntp]
accept = 119
connect = secure.usenetserver.com:563

Save the file and close notepad.

Step 2:
Now open PowerPost and under View/Program Settings set the NNTP News server to:
127.0.0.1
This is your own computer, meaning you will basicly connect to yourself (remember the funny t-shirts witht he text
"There is nowhere like 127.0.0.1"?)

Set the port to
119

User Name and Password is the same as you normaly use.

Step 3:
Now, just run Stunnel, it will open with a small icon in the notification area on the bottom right of your screen.
It will try to make internet connections so your firewall might complain, just allow it whatever it wants. If it was
blocked by a firewall when you launched it it will sit and say something about not beeing able to connect to any servers.
Just right click the icon, hit exit and start it again after you have enabled it in your firewall.

Step 4:
Start PowerPost and post as normal.
You are now making a secure encrypted connection to your usenet provider using a SSL tunnel.


That's it, have fun posting with SSL in Powerpost


:D

sassan
02-20-2009, 07:32 AM
Mine connects and dissconects.

Any reason why it's doing that?

SonsOfLiberty
02-20-2009, 05:30 PM
Hmmm, I cannot deduce why...I set mine using Astraweb just like it says and works fine..

What type of firewall do you use? Did you set it up just like shown?

Also, who's you usenet provider? It could also be related to the number of connections..how many of those are you using?

sassan
02-20-2009, 05:44 PM
I'm using Astraweb, I tried 4 connection and less.

I got the same result every time. I did add it to my windows firewall.

Followed everything in the tut.

Is there hope?

SonsOfLiberty
02-20-2009, 05:47 PM
I use Comodo firewall, I have no experience with the built in firewall. Try this, disable Windows firewall and try it again...and see if it works, keep posting back I'll try to figure it out, or maybe someone else knows the answer as well :)

David-Bretz
02-21-2009, 04:03 AM
Thank you very much!

darkstate01
02-21-2009, 09:28 PM
Paste what STunnel has to say in its log in the channel,maybe that will throw some light on the problem. You can use STunnel for other programs like wrapping your emails into a ssl/tls if the client isn't ssl/tls enabled,mighty fine bit of kit.

iStix
02-22-2009, 09:57 AM
Ok, I'm trying to use usenet-news.net SSL service, but I get error, when trying to do so. I entered this to stunnel.conf:


[nntp]
accept = 119
connect = nntps.eu.Usenet-News.net:563


After adding 127.0.0.1 to PowerPost I try to upload files, but I get error:
"441 Posting Failed (SSL Posting not available)"

sTunnel log says:

2009.02.22 11:50:59 LOG5[488:628]: nntp accepted connection from 127.0.0.1:3177
2009.02.22 11:50:59 LOG5[488:2508]: nntp accepted connection from 127.0.0.1:3179
2009.02.22 11:50:59 LOG5[488:2512]: nntp accepted connection from 127.0.0.1:3178
2009.02.22 11:50:59 LOG5[488:3156]: nntp accepted connection from 127.0.0.1:3180
2009.02.22 11:50:59 LOG5[488:2508]: nntp connected remote server from xxx.xxx.xxx.xx:3182
2009.02.22 11:50:59 LOG5[488:628]: nntp connected remote server from xxx.xxx.xxx.xx:3181
2009.02.22 11:50:59 LOG5[488:3156]: nntp connected remote server from xxx.xxx.xxx.xx:3184
2009.02.22 11:50:59 LOG5[488:2512]: nntp connected remote server from xxx.xxx.xxx.xx:3183
2009.02.22 11:51:02 LOG3[488:2508]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:02 LOG5[488:2508]: Connection reset: 396773 bytes sent to SSL, 201 bytes sent to socket
2009.02.22 11:51:02 LOG3[488:3156]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:02 LOG5[488:3156]: Connection reset: 396710 bytes sent to SSL, 201 bytes sent to socket
2009.02.22 11:51:03 LOG3[488:2512]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:03 LOG5[488:2512]: Connection reset: 396636 bytes sent to SSL, 201 bytes sent to socket
2009.02.22 11:51:03 LOG3[488:628]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:03 LOG5[488:628]: Connection reset: 396810 bytes sent to SSL, 201 bytes sent to socket

xxx.xxx.xxx.xx - is my static IP....

Anyone knows how to solve this?

SonsOfLiberty
02-22-2009, 05:10 PM
Does you news server allow SSL postings? Double check and makes sure that is you usenet providers SSL server, Astraweb has 2 one for normall connections and one for SSL...

sassan
02-22-2009, 10:32 PM
Ok, I'm trying to use usenet-news.net SSL service, but I get error, when trying to do so. I entered this to stunnel.conf:


After adding 127.0.0.1 to PowerPost I try to upload files, but I get error:
"441 Posting Failed (SSL Posting not available)"

sTunnel log says:

2009.02.22 11:50:59 LOG5[488:628]: nntp accepted connection from 127.0.0.1:3177
2009.02.22 11:50:59 LOG5[488:2508]: nntp accepted connection from 127.0.0.1:3179
2009.02.22 11:50:59 LOG5[488:2512]: nntp accepted connection from 127.0.0.1:3178
2009.02.22 11:50:59 LOG5[488:3156]: nntp accepted connection from 127.0.0.1:3180
2009.02.22 11:50:59 LOG5[488:2508]: nntp connected remote server from xxx.xxx.xxx.xx:3182
2009.02.22 11:50:59 LOG5[488:628]: nntp connected remote server from xxx.xxx.xxx.xx:3181
2009.02.22 11:50:59 LOG5[488:3156]: nntp connected remote server from xxx.xxx.xxx.xx:3184
2009.02.22 11:50:59 LOG5[488:2512]: nntp connected remote server from xxx.xxx.xxx.xx:3183
2009.02.22 11:51:02 LOG3[488:2508]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:02 LOG5[488:2508]: Connection reset: 396773 bytes sent to SSL, 201 bytes sent to socket
2009.02.22 11:51:02 LOG3[488:3156]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:02 LOG5[488:3156]: Connection reset: 396710 bytes sent to SSL, 201 bytes sent to socket
2009.02.22 11:51:03 LOG3[488:2512]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:03 LOG5[488:2512]: Connection reset: 396636 bytes sent to SSL, 201 bytes sent to socket
2009.02.22 11:51:03 LOG3[488:628]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2009.02.22 11:51:03 LOG5[488:628]: Connection reset: 396810 bytes sent to SSL, 201 bytes sent to socket

xxx.xxx.xxx.xx - is my static IP....

Anyone knows how to solve this?

I get the same exact log... I'm on the unlimited 11$ astraweb plan. I checked my windows firewall and stunnel is allowed.

I have no idea why this is not working.

SonsOfLiberty
02-23-2009, 02:35 AM
This is you "news server address?" For Astraweb it would look like this: they have 3 secure servers, and the lines below would be added to the end of sTunnel..just making sure the server setup part is right, and well go step by step.

(US)
[nntp]
accept = 119
connect = us.secure.news.astraweb.com:563

(Europe)
[nntp]
accept = 119
connect = eu.secure.news.astraweb.com:563

(just secure server)
[nntp]
accept = 119
connect = secure.news.astraweb.com:563

Also, is port 119, 443, and 563 allowed in your firewall?

sassan
02-23-2009, 04:57 PM
Added the ports to UDP and TCP and still the same issue.

Could it be caus I have a router? Maybe I need to add the ports that way.

I will report back when I try that.

SonsOfLiberty
02-24-2009, 04:21 AM
I have a router too, I've not forwarded any ports or opened any besides the what came default.

darkstate01
02-24-2009, 02:02 PM
It seems your News server doesn't accept uploading in SSL/Tls,my secure news service is the same,i can download using there ssl/tls server service but they don't accept the uploading in ssl/tls ,they only allow normal connection uploading. You need to email them and ask them the question,can you upload in ssl/tls to there servers.

SonsOfLiberty
02-24-2009, 07:30 PM
It seems your News server doesn't accept uploading in SSL/Tls,my secure news service is the same,i can download using there ssl/tls server service but they don't accept the uploading in ssl/tls ,they only allow normal connection uploading. You need to email them and ask them the question,can you upload in ssl/tls to there servers.

Umm, no because we "both" have Astraweb and I've been uploading using SSL and using the very guide I posted :rolleyes:

darkstate01
02-24-2009, 08:13 PM
I was replying to what iStiks was saying with "After adding 127.0.0.1 to PowerPost I try to upload files, but I get error: "441 Posting Failed (SSL Posting not available)" " Thats simply the server doesn't accept uploading,downloading will be fine via ssl/tls. I had that problem, I tried to upload noramlly(without ssl)and it worked fine,when i contacted my newsgroup they said they didn't have ssl/tls upstream enabled.

iStix
02-24-2009, 08:15 PM
Yeah, I gave up on that SSL thing... Support said, that they doesn't have Secure Upstream.

darkstate01
02-24-2009, 08:32 PM
Thought so, It was the same as me,spent hours trying to suss it out what the problem was and it was as simple as ...They didn't support upstream ssl

sassan
02-24-2009, 10:31 PM
SonsOfLiberty which astraweb server are you connecting to? Are you using the defult ssl port?

SonsOfLiberty
02-25-2009, 03:29 AM
I was replying to what iStiks was saying with "After adding 127.0.0.1 to PowerPost I try to upload files, but I get error: "441 Posting Failed (SSL Posting not available)" " Thats simply the server doesn't accept uploading,downloading will be fine via ssl/tls. I had that problem, I tried to upload noramlly(without ssl)and it worked fine,when i contacted my newsgroup they said they didn't have ssl/tls upstream enabled.

Sorry bout' that, should've used quotes so I knew who ya was talking about :blink:


SonsOfLiberty which astraweb server are you connecting to? Are you using the defult ssl port?

us.secure.news.astraweb.com:563

As of a few minutes I'm starting to get those erros now, have no idea why, uploaded over 5GB using this method. I did just recieve a new windows update, but I think the 'cause is the sockets not closing correctly which stunnel doesn't do correctly sometimes. Or Astraweb's server could just be overloaded right now, or my router needs unplugged and plugged back in, or for that matter my modem.

Here's another poster who uses this method as well.
http://www.dslreports.com/forum/r21362233-SSL-posting

I guess jBinup supports SSL internally so you don't have to use stunnel.

http://jbinup.com/en/

Never messed with it, but I cannot imagine why, my SSL upstream just decides to quit.

Also, I just oredered a new barbones rig, so I'll test this after the fresh install, either Wed or Thu...

dutchmaster420
02-25-2009, 05:25 AM
for all those having 441 errors with astraweb...you need to set default max lines per part to 3000 nothing higher than that

http://helpdesk.astraweb.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25&nav=0,6,9


if you follow the orginal guide plus do what i said ssl posting should work for you

SonsOfLiberty
02-26-2009, 03:09 AM
for all those having 441 errors with astraweb...you need to set default max lines per part to 3000 nothing higher than that

http://helpdesk.astraweb.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25&nav=0,6,9


if you follow the orginal guide plus do what i said ssl posting should work for you

Yeup, was coming to post that exact same thing, I change max lines to an absurd number, hence my connection hiccup, all good now after setting that back to default...

darkstate01
02-26-2009, 02:24 PM
Nice to see a problem answered, And i'm glad for once to see that theres not that 1 guy thats on most forums that always says..."If you don't know how to do that,you shouldn't be using it" Happy days

sassan
02-26-2009, 04:15 PM
Didn't work out. So I decided to use Jbinup and it's easy to use and its uploading at maximum speed.

Thanks for all your help :) I can finally connect to SSL

SonsOfLiberty
02-26-2009, 10:53 PM
How the JBinup compare to Yenc?

sassan
02-28-2009, 12:02 AM
It has a better GUI, no hiccups and includes SSL.

The software has many localised languages. Including English.

I recomend it.

SonsOfLiberty
02-28-2009, 06:12 AM
Yeah I grabbed it the other day...Yenc still working here, and I like old school stuff :)

dutchmaster420
03-06-2009, 11:13 PM
i just started using jbinup and i think im going to stay with it...i like the built in ssl, use as many connections as possible, and the nice gui...i defenitaly reccomend jbin for less experinced users

Ludvig
03-19-2009, 05:28 PM
I have the same pb than Sassan ! I have this error logged in stunnel :
readsocket: Connection reset by peer
> (WSAECONNRESET) (10054)

dutchmaster420
04-06-2009, 11:23 PM
astraweb upped their max lines per part...you can now use 5,000 w/o getting a 441 error

https://helpdesk.astraweb.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25

Ludvig
04-07-2009, 03:17 PM
Sorry...

SonsOfLiberty
04-07-2009, 06:49 PM
yes, don't set your parts above 5000, I leave it at default.

isoman2kx
07-27-2009, 06:44 PM
thanks very much for posting this. I was uploading without SSL for a while there :o

ThunderBolt
08-18-2009, 03:11 PM
Thanks for the tutorial there... And to the author if he/she passes through!

One question though... Why does my upload not show on any NZB sites? :wacko:

SonsOfLiberty
08-18-2009, 05:33 PM
Probably because no one posted it, or you named it funky enough that no one has found it yet, and if you mean search engine, it takes some anywhere between 15 minutes to a couple hours to show.

Thorex
01-05-2010, 07:59 AM
Thank you for this guide, it works like a charm!
I will be uploading a ton of swedish stuff on usenet now for sure ;)

Beck38
04-25-2010, 04:46 AM
I know this thread really dates, but I 'think' I remember someone telling me about it a LONG time ago (the stunnel thingy with powerpost), but I finally got around to trying it out today (!!!)

Worked right off the bat (directions I CAN follow...!)

But it appears to (and I'm using the 'newest' 4.33 version), be chasing its tail a bit, in that when I try to ramp up the speed of powerpost, up to the level I can run it w/o the stunnel, it seems to trip over itself quite a bit, and generate a lot of handshake problems with the server it connects to.

Now, maybe it's the server I'm trying to work with, but even when it seems to be running 'fine', it still seems to be generating a lot of slowdowns, in that I can run PP only at about half the usual (non-SSL) speed before it starts tripping over itself.

I may try some other way (that JBinup maybe, I ran into that mentioned elsewhere), but it has to be SUPER stable, as I run this all on a separate machine that I set up and let run for days/weeks at a time.

ADD: I found a link that said the 11b version of Powerpost had 'problems' (not defined) with stunnel/ssl, and that version BG12 (12.2.7.0) did not.

http://www.slyck.com/forums/viewtopic.php?f=9&t=31158

Perhaps I'll give that a try in a couple of days, unless (or until) I get a response here.

SonsOfLiberty
04-25-2010, 10:54 PM
Hmm.. I don't have a good upload anyway, but I use 11b, never failed me yet.

This one also worked fine for me. Yenc PowerPost-GB12

Beck38
04-26-2010, 03:54 AM
Well, it the stunnel seems to slow down PowerPost reaction to the bandwidth it's given in my setup, to about half that of non-stunnel operation.

Of course, I have very limited outgoing bandwidth, and it's competing against a goodly stream coming in. It does, like I said, stabilize when I put the 'max bandwidth' at about half that of the non-stunnel PowerPost, and stabilizes. But at half the rate.

I think the 'system' that stunnel uses lower the reaction time of Powerpost to stabilize vr. the competing bandwidth. If I run stunnel/PowerPost alone, I can easily get it up to the bandwidth of the non-stunnel. But once I ramp up any incoming data stream, it starts jumping around bandwidth wise (right on the strip chart).

Oh well, it's probably academic at this point, in that my current ISP is being bought out by a company that has extremely severe bandwidth caps, and I may have to go to a different provider, which in that case I will have to move to a VPN system anyways. In other words, less value for more bucks.

NesteaZen
04-26-2010, 01:03 PM
Perhaps?

http://www.spl-messages.net/forums/ubbthreads.php/topics/270115/Guide_How_to_post_to_newsgroup


Not that I care.. just pointing out.

Beck38
07-06-2010, 07:18 PM
Okay, so I'm trying to get this JBinup to work, but am running into either "it doesn't work that way" or something else.

I've used yenc A@A vr. 11 for years and years, but due to various upgrades (i.e. faster, MUCH faster upgraded internet) found that 4 threads wasn't quite enough to swamp the upload, especially as the usenet-servers are generally a continent away from my physical location. But it is very stable, I'll give it that.

I've tried the GB12 version of yenc, but it appears to have MAJOR faults in it, i.e., stalling, even when limited even to only one thread, with every server I try it with. Crank it up to more threads, one only gets more problems. So, back to trying to work with JBinup.

Which works fine, when uploading only ONE file. Multiple files, LOTS of problems, particularly when/if one wants to suspend some of those files but not others. The entire program gets hosed, and refuses to do anything.

A good example is to add a series of files in the suspend mode, then try to un-suspend them at will. Doesn't work. The program simply sits there.

I'm coming to the conclusion that the programming is simply off the tracks in this area, as it does 'work' if one is dealing with one file only, not a multiple. Too bad, as this is something that yenc does totally without any muss or fuss.

Unfortunately, the GB12 version is too buggy to use. So I appear to be stuck between the rock and a hard place.

So, it comes down to, why won't JBinup allow one to pause a part (again, say you have a 100 part rar posting, and you want to pause part50), yet 'up-pause' all the other 99 parts.

'Will not work'

Addendum
========

Most of this I tracked down to the programmer(s) failure to follow the Microsoft programming style guide(s), something that in the Apple world would get one on S. Jobs 'Sh*t' list.

Still has some wackiness, will have to run some extended tests on it the next couple of days.

Jester
08-10-2010, 06:39 PM
Thanks. With a little tweaking I got this worked out.

pconnor83
05-21-2012, 09:35 AM
Hi
I added giganews to stunnel.conf. See below. Is this correct?. Please reply. Thanks


; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************

; Example SSL server mode services

[pop3s]
accept = 995
connect = 110

[imaps]
accept = 993
connect = 143

[ssmtp]
accept = 465
connect = 25

[nntp]
accept = 119
connect = news.giganews.com:563

; Example SSL client mode services


;[gmail-pop3]

;accept = 127.0.0.1:110
;connect = pop.gmail.com:995

;[gmail-imap]
;client = yes
;accept = 127.0.0.1:143
;connect = imap.gmail.com:993

;[gmail-smtp]
;client = yes
;accept = 127.0.0.1:25
;connect = smtp.gmail.com:465

; Example SSL front-end to a web server

;[https]
;accept = 443
;connect = 80
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
; Microsoft implementations do not use SSL close-notify alert and thus
; they are vulnerable to truncation attacks
;TIMEOUTclose = 0

; vim:ft=dosini

zookeeper525
05-21-2012, 05:24 PM
If i were you, i wouldn't upload anything with a Giganews account. They will Delete your account. It has happen to me before for uploading the X Men workprint. You're better off with Astraweb if you plan on uploading to newsgroups or get a block account from blocknews (little bit slower speeds atleast for me and my vps, but if you don't have a 100mbit line then you should be fine as i was getting about 50mbit from them with my connections maxed out)