def send_via_tor(server, port, message):
# Configura il proxy SOCKS5 per Tor con DNS remoto
socks.set_default_proxy(socks.SOCKS5, TOR_PROXY[0], TOR_PROXY[1], True)
socket.socket = socks.socksocket

raw_sock = socks.socksocket()
raw_sock.connect((server, port))

# ?? Crea un contesto SSL che NON verifica il certificato
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE

s = context.wrap_socket(raw_sock)

# Messaggio di benvenuto del server NNTP
welcome = s.recv(1024).decode('utf-8', 'replace')
logging.info(f"Connesso a NNTP: {welcome}")

# Invia comando POST
s.sendall(b"POST\r\n")
response = s.recv(1024).decode('utf-8')
if not response.startswith("340"):
logging.error("Il server non accetta il POST: " + response)
s.close()
return False

s.sendall(message.encode('utf-8') + b"\r\n.\r\n")
post_response = s.recv(1024).decode('utf-8')
logging.info("Risposta al POST: " + post_response)

s.sendall(b"QUIT\r\n")
s.close()
return True

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

Organization: An antother poorly-installed InterNetNews site

Organization: An antother poorly-installed InterNetNews site
^ should that no be another?

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Claas wrote:

Gabx wrote:

Organization: An antother poorly-installed InterNetNews site

Organization: An antother poorly-installed InterNetNews site
^ should that no be another?

Regards
Stefan

You are right,
it's ours !
Best regards
Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Claas wrote:

Gabx wrote:

test

My m2n is no longer working for a couple of minutes now. :-(

Have you changed something, besides TLS?

I see an X-Hashcash Header ... ah ha ...

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

Stefan Claas wrote:

Stefan Claas wrote:

Gabx wrote:

test

My m2n is no longer working for a couple of minutes now. :-(

Have you changed something, besides TLS?

TLS this is the point,
i have sort of fuck up with nnrpd trying to make it listen to port 563
tls indipendently by innd, as documentation and best practice says.

Gabx

Ah, ok. Good luck in fixing this issue.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

If this goes through ...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

test

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

test

My m2n is no longer working for a couple of minutes now. :-(

Have you changed something, besides TLS?

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Claas wrote:

Stefan Claas wrote:

Gabx wrote:

test

My m2n is no longer working for a couple of minutes now. :-(

Have you changed something, besides TLS?

TLS this is the point,
i have sort of fuck up with nnrpd trying to make it listen to port 563
tls indipendently by innd, as documentation and best practice says.

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

If this goes through ...

Now my m2n is not working again, due to your changes. :-(

Before it worked again.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Claas wrote:

Gabx wrote:

If this goes through ...

Now my m2n is not working again, due to your changes. :-(

Before it worked again.

Please note, my m2n uses your onion address on port 119.

Let's Encrypt certificates, IIRC, can not be issued for
onion addresses and therefore I strongly believe clients
would get a certificate error with your TLS port.

Why not let it only run on port 119, so that all clients
and my m2n can connect?

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

Stefan Claas wrote:

Why not let it only run on port 119, so that all clients
and my m2n can connect?

the norm would be to have port 119 in clear and for onion,
port 563 for tlsv1.2/1.3.
Everything else is a workaround.

I think this is not correct, because TLS needs a certificate,
which can't be issued for onion addresses.

An old saying: Never change a running system ... So why not
let it work as before and use 119 for onion and clearnet
without TLS and additionally TLS for clearnet?

That would make IMHO sense as onions do not need TLS,
nor can they have a certificate from Let's Encrypt.

Look for example paganini onion without TLS.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Claas wrote:

Gabx wrote:

Stefan Claas wrote:

Why not let it only run on port 119, so that all clients
and my m2n can connect?

Because even though I use the nnrpdflags: directive without the -S
option which stands for 'secure', 'ssl', 'tls', etc. innd continues
to offer tls on port 119
:)

the norm would be to have port 119 in clear and for onion,
port 563 for tlsv1.2/1.3.
Everything else is a workaround.

This is correct !

I think this is not correct, because TLS needs a certificate,
which can't be issued for onion addresses.

I said the above i said is correct because onion port 119 would run
on clear without letsencrypt certificates.

An old saying: Never change a running system ... So why not

we all know the sayings ....

let it work as before and use 119 for onion and clearnet
without TLS and additionally TLS for clearnet?

By the way,
i have commented all tls* options in news/inn.conf on the top of an
empty nnrpdflags directive.
Innd is a real motherf*****er.

For you would be easier a

context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE

back on INND context, i can't beleave:

$ openssl s_client news.tcpreset.net:119
Connecting to 2a01:4f8:c0c:2f94::1
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R11
verify return:1
depth=0 CN=news.tcpreset.net
verify return:1

I have asked help at the nntp community and also i wrote a mail to Ivo (paganini),
waiting for reponse.

Bonne nuit

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gabx wrote:

Stefan Claas wrote:

Gabx wrote:

Stefan Claas wrote:

Why not let it only run on port 119, so that all clients
and my m2n can connect?

Because even though I use the nnrpdflags: directive without the -S
option which stands for 'secure', 'ssl', 'tls', etc. innd continues
to offer tls on port 119
:)

the norm would be to have port 119 in clear and for onion,
port 563 for tlsv1.2/1.3.
Everything else is a workaround.

This is correct !

I think this is not correct, because TLS needs a certificate,
which can't be issued for onion addresses.

I said the above i said is correct because onion port 119 would run
on clear without letsencrypt certificates.

An old saying: Never change a running system ... So why not

we all know the sayings ....

let it work as before and use 119 for onion and clearnet
without TLS and additionally TLS for clearnet?

By the way,
i have commented all tls* options in news/inn.conf on the top of an
empty nnrpdflags directive.
Innd is a real motherf*****er.

For you would be easier a

context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE

back on INND context, i can't beleave:

$ openssl s_client news.tcpreset.net:119
Connecting to 2a01:4f8:c0c:2f94::1
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R11
verify return:1
depth=0 CN=news.tcpreset.net
verify return:1

I have asked help at the nntp community and also i wrote a mail to Ivo (paganini),
waiting for reponse.

Bonne nuit

Ok, thanks for the info! I will wait then until your server is ready
and may adjust my m2n.

Regards
Stefan

--
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Claas wrote:

Why not let it only run on port 119, so that all clients
and my m2n can connect?

the norm would be to have port 119 in clear and for onion,
port 563 for tlsv1.2/1.3.
Everything else is a workaround.

Gabx

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This gateway requires a basic proof-of-work to reduce spam. Please provide the current UTC date and time as a token in the format YYYYMMDDHHMM.

The system will use this value to generate and validate a Hashcash token automatically using your email address. Note: The token is only valid for a short time (?10 minutes). This ensures that tokens cannot be reused later and guarantees that the proof-
of-work was performed just before sending. Make sure to provide the current UTC time in the format YYYYMMDDHHMM.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)