Network News Transfer Protocol

Because Network News Transfer Protocol (NNTP) is growing in popularity, it would be wise for us to take a brief look at the architecture of this protocol. We’ll then discuss the more pragmatic aspects of administering NNTP on your network.

NNTP Architecture

NNTP specifies a way to distribute, query, retrieve, and post news articles on the Internet. A client wanting to retrieve a subset of articles from the database is called a subscriber. NNTP allows a subscriber to request a subset of articles rather than requiring the retrieval of all articles from the database. Before NNTP was developed, two methods of distributing news items were popular: Internet mailing lists and the Usenet news system.

An Internet mailing list, commonly known as a list server, distributes news by the use of distribution e-mail lists. A subscriber sends a message to the distribution list, and the message is e-mailed to all members of the list. But sending a separate copy of an e-mail to each subscriber can consume a large amount of disk space, bandwidth, and CPU resources. In addition, full distribution of the message can take from several minutes to several hours, depending on the size of the list and the physical resources available to propagate it. Maintaining the subscriber list also involves significant administrative effort, unless a third-party program is used to automate this function.

Storing and retrieving messages from a central location instead of sending an e mail to each subscriber can significantly reduce the use of these resources. The Usenet news system provides this alternative. In addition, Usenet allows a subscriber to select only those messages he or she wants to read and also provides indexing, cross-referencing, and message expiration.

NNTP is modeled on the Usenet news specifications in RFC 850, but it is designed to make fewer demands on the structure, content, and storage of the news articles. It runs as a background service on one host and can accept connections from other hosts on the LAN or over the Internet.

When a subscriber connects to an NNTP server, the subscriber issues the NEWSGROUPS command to determine whether any new newsgroups have been created on the server. If so, the server notifies the subscriber and gives the subscriber the opportunity to subscribe to the new newsgroups. After this, the subscriber is connected to the desired newsgroup and can use the NEWNEWS command to ask the server whether any new articles have been posted since the subscriber’s last connection. The subscriber receives a list of new articles from the server and can request transmission of some or all of those articles. Finally, the subscriber can either reply to a news article or post a new article to the server by using the POST command.

NNTP uses TCP for its connections and SMTP-like commands and responses. The default TCP port for NNTP is 119. An NNTP command consists of a command word followed in some cases by a parameter. Commands are not case sensitive. Each line can contain only one command and cannot exceed 512 characters, including spaces, punctuation, and the trailing CR–LF (carriage return/line feed) command. Commands cannot be continued on the next line.

Responses from the server can take the form of a text response or a status response. Text responses are displayed in the subscriber’s client program, whereas status responses are interpreted by the client program before any display occurs.

Each status response line begins with a three-digit numeric code. The first digit of the response indicates the success, failure, or progress of the previous command. Table 20-5 lists the meaning of different values for the first digit. The second digit in the code indicates the function response category. These categories are listed in Table 20-6. The third digit indicates the specific response.

In general, the 2xx codes are sent upon initial connection to the NNTP server, depending on the posting permissions. Code 400 is sent when the NNTP server discontinues service, and the 5xx codes indicate that the command could not be performed for some unusual reason. Table 20-7 lists some common codes you might encounter when troubleshooting NNTP connections.

NNTP Commands

It isn’t possible here to go into detail about each NNTP command. However, several of the commands that you will see in both the event log and the output log file are worth describing in case you ever need to troubleshoot an NNTP connection. Figure 20-30 illustrates some of these commands.

Figure 20-30: Log file for NNTP service.

The ARTICLE, BODY, HEAD, and STAT commands refer to the retrieval and transmission of a news article. The HEAD and BODY commands are identical to the ARTICLE command, except that they return either the header lines (HEAD) or the body text (BODY) of the article. No text is returned with the STAT command. Instead, this command returns the message ID to the subscriber.

The ARTICLE command has two forms: one that is followed by the message ID of the article to display and one that is followed by either a parameter or no parameter. In the first form, the ARTICLE command displays the header, a blank line, and then the body text of the specified article. The subscriber obtains the message ID from a list that is provided in response to the NEWNEWS command.

The second form of the command, ARTICLE <message-id>, displays the header, a blank line, and then the body text of the message. The subscriber chooses the message number from the range of articles provided when the newsgroup was selected. If the number is omitted, the current article is assumed. Some of the error responses that might occur with this command include the following:

• “420 no current article has been selected”

• “423 no such article number in this group”

• “430 no such article found”

The GROUP command must be followed by the name of a newsgroup. Newsgroup names are not case sensitive. If the group requested no longer exists, the subscriber receives the error message “411 no such news group.” If the requested group does exist, the subscriber receives the article numbers of the first and last articles in the group, along with an estimate of the number of articles in the group. This number is not guaranteed to be accurate.

The LIST command returns a list of valid newsgroups and associated information. Each newsgroup is sent as a line of text that looks like this:

<group> <last> <first> <p>

where

• <group> is the name of the newsgroup.

• <last> is the number of the last known article currently in that newsgroup.

• <first> is the number of the first article currently in the newsgroup.

• <p> is either “y” or “n,” where “y” indicates that posting is allowed and “n” indicates that posting is not allowed.

It might be possible to receive a “y” in the <p> portion of the response and still not be able to post to that newsgroup because the newsgroup is moderated, is restricted, or has gone offline for some reason.

The NEWSGROUPS command is followed by the date, the time, and then an optional <distributions> parameter. It lists newsgroups that have been created since the date and time specified. The date is specified as six digits in the yymmdd format. For the year, the closest century is assumed as the first two digits. Hence, 86 would mean 1986, and 30 would mean 2030. The time parameter is sent as six digits in hhmmss format, with the hours calculated on a 24-hour time clock. The time zone is assumed to be the server’s time zone unless the token GMT appears, in which case both the date and the time are evaluated at the 0 meridian.

The optional <distributions> parameter is a list of distribution groups. For instance, the distribution portion of net.trainsbydave is “net.” This parameter causes the distribution portion of the article to be examined for a match with the distribution groups listed. Only those that match the specified groups will be listed.

Administering NNTP

NNTP in Exchange Server 2003 is used to create asynchronous group discussions. You can configure it to communicate with external NNTP servers to make popular Usenet groups available internally to your users. NNTP in IIS replaces the Internet News Service in Exchange Server 5.5. Installing Exchange Server 2003 enhances NNTP in Windows Server 2003, giving NNTP the ability to communicate with other news servers through newsfeeds.

You can create multiple NNTP servers within your organization in a master- subordinate layout. This enables clients to connect to a collection of servers and still maintain accurate views of newsgroup content. Creating a collection of servers provides scalability for a large user base, such as an ISP, and fault tolerance if a subordinate server should go offline.

Even though the master server controls the article numbers and maintains synchronization with the subordinate servers, clients always connect to the subordinate news server. DNS configuration automatically distributes the client load equally across subordinate servers. Since each subordinate server provides a newsfeed to the master server, a newly posted article will first be sent to the master server and will not appear on the subordinate server until the master server sends the article to all subordinate servers.

To set up a master-subordinate newsfeed, perform the following steps:

1. Create the newsgroup on the master server.

2. Create the newsgroups on the subordinate servers.

3. Create a newsfeed from the master server to each subordinate server.

4. Create a newsfeed from each subordinate server to the master server.

Configuring an NNTP Virtual Server

To configure the NNTP virtual server in the Exchange System snap-in, navigate to your server object, expand the Protocols container and then the NNTP container, and right-click the default virtual server. Figure 20-31 shows the General tab of the NNTP virtual server’s property sheet.

By default, an NNTP server communicates over TCP port 119 or via Secure Sockets Layer (SSL) using TCP port 563. When multiple virtual NNTP servers are present, each must be assigned a unique IP address and/or TCP/SSL port combination.

The default number of connections to an NNTP server from other NNTP hosts is 5000. Adjust this number based on your server’s resources and the number of concurrent NNTP connections you expect. The Path Header text box enables you to specify the name of the server to append to the NNTP path header. The default is the fully qualified domain name (FQDN) of the computer. A client can examine the path header to see the route a message has traveled from a source client through various news servers to the destination news server.

Figure 20-31: General tab of an NNTP virtual server’s property sheet.

The Settings tab allows you to set limits on articles that are posted and to enable control messages and moderated newsgroups (Figure 20-32). This tab also allows you to prevent other servers from pulling articles from this server. The default is to allow them to do so.

Figure 20-32: Settings tab of an NNTP virtual server’s property sheet.

NNTP hosts use control messages to communicate with one another, to create and remove newsgroups, and to cancel messages that have already been posted. For example, if you create a new newsgroup, the host providing the newsfeed sends a control message to hosts receiving the newsfeed, indicating that a new newsgroup has been created. NNTP then uses this information to determine whether a new newsgroup should be added under the newsgroup object.

The Administrator E-Mail Account text box on the Settings tab lets you specify an e-mail address that will receive NDRs when messages are not successfully delivered to the newsgroup moderator. To enable the sending of NDRs, create a new DWORD value named MailFromHeader with a value of 1 in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NntpSvc \Parameters\.

NNTP Server Objects

Listed underneath the NNTP virtual server in the Exchange System scope pane are five objects, as shown in Figure 20-33. Let’s take a brief look at each one.

Figure 20-33: NNTP server objects.

The Newsgroups object lists the newsgroups that are currently configured on this server, plus the three control newsgroups.

The Feeds object lists inbound and outbound feeds. You set up each feed with a wizard that asks, in part, which role you want the feed to play: Peer, Master, or Slave. By default, each feed uses the asterisk (*) as a wildcard to denote that all newsgroups on the remote server will be involved with the feed. You can enter individual newsgroups manually if you’re interested only in a subset of the newsgroups on the remote server.

By right-clicking the Expiration Policies object, pointing to New, and then choosing Expiration Policy, you can run through a simple wizard to specify how long newsgroup messages should be retained. The time interval is set in hours and can be a maximum of 9999 hours, or just under 14 months.

The Virtual Directories object allows you to set up a virtual root and then map that root to a file system, a remote share, or an Exchange public folder database (Figure 20-34). Start the wizard by right-clicking the Virtual Directories container, pointing to New, and then choosing Virtual Directory. This wizard allows you to select a different server to which this virtual root will write. Using this option, you can have the root written to the file system of a remote server.

Figure 20-34: Mapping a virtual root to a file system.

Finally, you can monitor users’ current sessions with the Current Sessions object. Simply highlight the Current Sessions object to see all users who are engaged in a current session with this NNTP virtual server listed in the details pane. From here, you can forcibly disconnect individual users by right-clicking the user and choosing Terminate. You can forcibly disconnect all users at once by right-clicking any user in the list and choosing Terminate All.