| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 27 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 40:23:16 |
| Calls: | 631 |
| Calls today: | 2 |
| Files: | 1,187 |
| D/L today: |
24 files (29,813K bytes) |
| Messages: | 174,391 |
https://mail2news.virebent.art has changed its name to https://mail2dizum.virebent.art for consistency with the application name and to avoid confusion.
Anyone using the old address will be automatically redirected to the new URL.
Enjoy mail2dizum at https://mail2dizum.virebent.art.
P.S.
The onion 'smtp server' you see doesn't work.
Use *xilb7y4kj6u6qfo45o3yk2kilfv54ffukzei3puonuqlncy7cn2afwyd.onion* on port 25 in the smtp server custom field at the bottom of the web interface specifying port number this way *.onion:25.
https://mail2dizum.virebent.art
On Thu, 11 Sep 2025 14:22:03 +0000 (UTC), Gabx ><Use-Author-Supplied-Address-Header@[127.1]> wrote:
https://mail2dizum.virebent.art
I get the following for the above site with FFx and Tor
-----
Secure Connection Failed
An error occurred during a connection to mail2dizum.virebent.art.. >PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
----
What ain't I understanding?
On Thu, 11 Sep 2025 14:22:03 +0000 (UTC), Gabx <Use-Author-Supplied-Address-Header@[127.1]> wrote:
https://mail2dizum.virebent.art
I get the following for the above site with FFx and Tor
-----
Secure Connection Failed
An error occurred during a connection to mail2dizum.virebent.art.. PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
----
What ain't I understanding?
I should have added that the old site
https://m2usenet.virebent.art/
Still shows in both browsers.
? (Sorry if the question is an ignorant one. But I'm an ignorant non
tech.)
https://mail2news.virebent.art has changed its name to https://mail2dizum.virebent.art
for consistency with the application name and to avoid confusion.
https://mail2news.virebent.art has changed its name to https://mail2dizum.virebent.art for consistency with the application name and to avoid confusion.
Anyone using the old address will be automatically redirected to the new URL.
Enjoy mail2dizum at https://mail2dizum.virebent.art.
In article <20250911142203.D80443E631@mail.tcpreset.net> Gabx wrote:
https://mail2news.virebent.art has changed its name to https://mail2dizum.virebent.art for consistency with the application name and to avoid confusion.
Anyone using the old address will be automatically redirected to the new URL.
Enjoy mail2dizum at https://mail2dizum.virebent.art.
I'm sure Alex de Joode gave you explicit permission to use his
"dizum" term in your address. Or did you illegally hijack it
to attract attention and mislead potential users?
I'm sure Alex de Joode gave you explicit permission to use his
"dizum" term in your address. Or did you illegally hijack it
to attract attention and mislead potential users?
It doesn't operate independently, it relies entirely on Alex's infrastructure. and primarily the Tor network.mail2dizum is ambiguous, as it may also mean the dizum remailer.
This is why the name "mail2news" was actually misleading, as it suggested an autonomous service when it's really a frontend to dizum.
mail2dizum is ambiguous, as it may also mean the dizum remailer.
https://mail2news.virebent.art has changed its name to https://mail2dizum.virebent.art for consistency with the application name and to avoid confusion.
Anyone using the old address will be automatically redirected to the new URL.
Enjoy mail2dizum at https://mail2dizum.virebent.art.
P.S.
The onion 'smtp server' you see doesn't work.
Use *xilb7y4kj6u6qfo45o3yk2kilfv54ffukzei3puonuqlncy7cn2afwyd.onion* on port 25 in the smtp server custom field at the bottom of the web interface specifying port number this way *.onion:25.
Gabx wrote:
https://mail2news.virebent.art has changed its name toLet someone criticize me for something sensible.
https://mail2dizum.virebent.art for consistency with the application
name and to avoid confusion.
Anyone using the old address will be automatically redirected to the
new URL.
Enjoy mail2dizum at https://mail2dizum.virebent.art.
P.S.
The onion 'smtp server' you see doesn't work.
Use *xilb7y4kj6u6qfo45o3yk2kilfv54ffukzei3puonuqlncy7cn2afwyd.onion*
on port 25 in the smtp server custom field at the bottom of the web
interface specifying port number this way *.onion:25.
I'm no longer responding to bullshit comments, especially on this last topic.
I won't feed you with explanations on useless topics like this one and
the others to come, because the factory of those who hate without
question is always in production.
Fuck you!
I don't like talking to people who can't do anything with their lives
other than criticize those who work hard and put themselves out there.
On Fri, 12 Sep 2025 15:53:53 +0200
Gabx <info@tcpreset.invalid> wrote:
I don't like talking to people who can't do anything with their lives
other than criticize those who work hard and put themselves out there.
This seems to be the main purpose of the Internet ;) If you are trying to accomplish something or build something the troll zombies are there to bust your kneecaps and kick you while you're down.
Anyway, I'm trying to figure out the best way to run INN news server totally hidden behind TOR so it can be peered behind TOR encrypted tunnels and hidden services.If I understand correctly, you don't just want your server to be
torsocks innfeed
I also think we can learn from trolls.
I'm also for always replying to every post, everyone deserves
communication.
Soul Patch wrote:
Anyway, I'm trying to figure out the best way to run INN news serverIf I understand correctly, you don't just want your server to be
totally hidden behind TOR so it can be peered behind TOR encrypted
tunnels and hidden services.
reachable by onion address from Usenet clients, but you want it also accessible to peers using its onion address.
That seems impossible to me, actually.
Unless your peers are using Tor themselves.
Something like this i think:
torsocks innfeed
Gabx wrote:
I also think we can learn from trolls.
Yes; but barely/scarcely.
I'm also for always replying to every post, everyone deserves
communication.
I don't think so.
I have set letsencrypt as the default CA for acme.sh,
and the problem was solved.
Soul Patch wrote:
On Fri, 12 Sep 2025 15:53:53 +0200
Gabx <info@tcpreset.invalid> wrote:
I don't like talking to people who can't do anything with their lives
other than criticize those who work hard and put themselves out there.
This seems to be the main purpose of the Internet ;) If you are trying to accomplish something or build something the troll zombies are there to bust your kneecaps and kick you while you're down.
The important thing is to stay focused on your goals.
I feel technically vulnerable, always.
I have to stay humble and learn, that's my philosophy.
I also think we can learn from trolls.
I'm also for always replying to every post, everyone deserves
communication.
But I'm not here on this planet to be an example.
It's nice to argue the point of saying "fuck you" to certain idiots.
Anyway, I'm trying to figure out the best way to run INN news server totally hidden behind TOR so it can be peered behind TOR encrypted tunnels and hidden services.If I understand correctly, you don't just want your server to be
reachable by onion address from Usenet clients, but you want it also accessible to peers using its onion address.
That seems impossible to me, actually.
Unless your peers are using Tor themselves.
Something like this i think:
torsocks innfeed
Gabx wrote:
Soul Patch wrote:
Anyway, I'm trying to figure out the best way to run INN news serverIf I understand correctly, you don't just want your server to be
totally hidden behind TOR so it can be peered behind TOR encrypted
tunnels and hidden services.
reachable by onion address from Usenet clients, but you want it also accessible to peers using its onion address.
That seems impossible to me, actually.
Unless your peers are using Tor themselves.
Something like this i think:
torsocks innfeed
I'll venture a guess.
Try using socat to redirect all incoming connections through the onion address, like this:
socat TCP4-LISTEN:9119,fork SOCKS4:127.0.0.1:abc123def456.onion:119,socksport=9050
Just an idea, I expect to be insulted, lol!!!
On Fri, 12 Sep 2025 22:58:30 +0200
Gabx <info@tcpreset.invalid> wrote:
Gabx wrote:
Soul Patch wrote:
Anyway, I'm trying to figure out the best way to run INN news serverIf I understand correctly, you don't just want your server to be reachable by onion address from Usenet clients, but you want it also accessible to peers using its onion address.
totally hidden behind TOR so it can be peered behind TOR encrypted
tunnels and hidden services.
That seems impossible to me, actually.
Unless your peers are using Tor themselves.
Something like this i think:
torsocks innfeed
I'll venture a guess.
Try using socat to redirect all incoming connections through the onion address, like this:
socat TCP4-LISTEN:9119,fork SOCKS4:127.0.0.1:abc123def456.onion:119,socksport=9050
Just an idea, I expect to be insulted, lol!!!
I like it. Nothing to insult here. It's actually a clever angle.
I though about routing through a pair of TOR hidden services, using one as an outbound and the other as a loopback target. This would significantly slow things down, but really, it's not like there are going to be tens of thousands of people beating down the door to post.
Another though I have is that all peers can set up authenticated loopback proxies for their other peers. This would target hybrid clearnet and TOR peering and cut half the onion network latency. But it is also an extra point of failure.
--
Soul Patch
Torsocks is insecure and can leak data. It only uses ENV variables which can be disregarded by bad software and scripts, especially anything that is statically compiled.
explain the magic how tsocks or proxychains work .
the idea?
On 13.09.25 03:20, Soul Patch wrote:
Torsocks is insecure and can leak data. It only uses ENV variables which can be disregarded by bad software and scripts, especially anything that is statically compiled.
is INN(feed) statically compiled? I'd think: no.
review calls in INN codebase and see what's in use...
or jump to mid of the message here and try the idea.
explain the magic how tsocks or proxychains work .
Excellent question! Yes, tsocks and proxychains do work somewhat
"magically" by intercepting network calls at the system level.
Here's how they accomplish this:
## **The Magic: LD_PRELOAD and Function Interception**
Both tools use a technique called **library preloading** via the
`LD_PRELOAD` environment variable:
```bash
# What proxychains actually does internally:
LD_PRELOAD=./libproxychains.so.3 innfeed
# What tsocks does:
LD_PRELOAD=/usr/lib/libtsocks.so innfeed
```
## **How Function Interception Works**
1. **Normal application flow:**
```c
// Application calls standard socket functions
int socket_fd = socket(AF_INET, SOCK_STREAM, 0);
connect(socket_fd, &server_addr, sizeof(server_addr)); // Direct connection ```
2. **With proxychains/tsocks:**
```c
// The preloaded library intercepts the connect() call
int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
// This is now the proxychains/tsocks version, not the system one!
// Extract destination from original connect() call
char *dest_ip = inet_ntoa(((struct sockaddr_in*)addr)->sin_addr);
int dest_port = ntohs(((struct sockaddr_in*)addr)->sin_port);
// Instead of connecting directly, connect to SOCKS proxy
struct sockaddr_in proxy_addr;
proxy_addr.sin_addr.s_addr = inet_addr("127.0.0.1"); // Proxy IP
proxy_addr.sin_port = htons(9050); // Proxy port
// Connect to proxy instead
int result = real_connect(sockfd, (struct sockaddr*)&proxy_addr, sizeof(proxy_addr));
// Send SOCKS handshake to proxy with real destination
socks5_handshake(sockfd, dest_ip, dest_port);
return result; // App thinks it connected directly!
}
```
## **Step-by-step Process**
1. **Library Loading**: When you run `proxychains innfeed`, the system
loads the proxychains library before any other libraries
2. **Symbol Interception**: The library provides its own versions of
network functions like `connect()`, `bind()`, `gethostbyname()`
3. **Transparent Redirection**: When innfeed calls `connect("news.server.com", 119)`, it actually gets the proxychains version 4. **SOCKS Protocol**: The intercepted function connects to the SOCKS
proxy and tells it to connect to the real destination
5. **Data Tunneling**: All subsequent data flows through the proxy tunnel
## **What Gets Intercepted**
```c
// Common functions that get replaced:
connect() // TCP connections
bind() // Sometimes for local binding
gethostbyname() // DNS lookups (can be redirected too)
getaddrinfo() // Modern DNS lookups
send()/recv() // Sometimes for additional processing
```
## **Why It Works**
- **Dynamic Linking**: Most applications use dynamic linking, so
function calls go through the dynamic linker
- **LD_PRELOAD Priority**: Libraries in LD_PRELOAD are checked first for symbols
- **Same Function Signatures**: The replacement functions have identical signatures to the originals
- **Application Ignorance**: The application never knows its calls are
being intercepted
## **Limitations**
```bash
# Won't work with:
- Statically linked binaries (no dynamic linking)
- Applications that bypass standard socket calls
- Programs that use raw sockets
- Applications with security restrictions on LD_PRELOAD
```
## **You Can See It in Action**
```bash
# See what functions are being intercepted
strace -e trace=connect proxychains curl http://example.com
# You'll see the connect() going to 127.0.0.1:9050 instead of example.com:80 ```
So yes, it's "magic" in that the application has no idea its network
calls are being rerouted, but it's accomplished through well-established
Unix mechanisms for library interposition!
the idea?
innfeed is started in INN2. Looking at your `/etc/news/newsfeeds` entry:
```
# innfeed funnel master.
innfeed!\
:!*\
:Tc,Wnm*:/usr/lib/news/bin/innfeed
```
This is the **funnel master** entry that tells `innd` how to start
innfeed. The key part is:
- `Tc,Wnm*` - flags for the feed type
- `:/usr/lib/news/bin/innfeed` - the actual command to execute
## To add proxy support via proxychains:
You'd modify this line to:
```
# innfeed funnel master with proxy support
innfeed!\
:!*\
:Tc,Wnm*:/usr/bin/proxychains /usr/lib/news/bin/innfeed
```
## Or with environment variables:
```
# innfeed funnel master with proxy via env vars
innfeed!\
:!*\
:Tc,Wnm*:/bin/sh -c "LD_PRELOAD=/usr/lib/libproxychains.so.4 /usr/lib/news/bin/innfeed"
```
## Alternative approach - wrapper script:
Create `/usr/local/bin/innfeed-proxy`:
```bash
#!/bin/bash
exec proxychains /usr/lib/news/bin/innfeed "$@"
```
Then modify newsfeeds:
```
innfeed!\
:!*\
:Tc,Wnm*:/usr/local/bin/innfeed-proxy
```
After modifying `/etc/news/newsfeeds`, you need to:
1. Run `ctlinnd reload newsfeeds 'Added proxy support'`
2. Or restart innd
This way, every time innd spawns innfeed, it will automatically go
through your proxy configuration.
--Excellent. No dinking around with fragile NAT and netfilter rules, greatly lowering the entry bar to up and running. This is probably the simplest possible solution.
.......
Billy G. (go-while)
https://pugleaf.net
@Newsgroup: rocksolid.nodes.help
irc.pugleaf.net:6697 (SSL) #lounge
discord: https://discord.gg/rh2tGMJWwV
"Introducing oniux: Kernel-level Tor isolation for any Linux app"
https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/
This uses Linux namespaces to prohibit tunnel leaks.