NAME

       perl-nocem - A NoCeM-on-spool implementation for INN 2.x

SYNOPSIS

       perl-nocem

DESCRIPTION

       NoCeM, which is pronounced No See 'Em, is a protocol enabling authenticated third-parties to issue
       notices which can be used to cancel unwanted articles (like spam and articles in moderated newsgroups
       which were not approved by their moderators).  It can also be used by readers as a third-party killfile.
       It is intended to eventually replace the protocol for third-party cancel messages.

       perl-nocem processes third-party, PGP-signed article cancellation notices.  It is possible not to honour
       all NoCeM notices but only those which are sent by people whom you trust (that is to say if you trust the
       PGP key they use to sign their NoCeM notices).  Indeed, it is up to you to decide whether you wish to
       honour their notices, depending on the criteria they use.

       The perl-nocem program appends all status messages to perl-nocem.log in pathlog if "Sys::Syslog" is not
       available; otherwise, and it should normally be the case, the syslog facility is used.  Status messages
       are then appended to a file usually named news.notice in pathlog.  (Some logs will be written only if
       debug level is set up to be logged via syslog.)

       Processing NoCeM notices is easy to set up:

       1.  If not already done, install GnuPG, or an equivalent implementation of the OpenPGP standard, to be
           able to verify the signature of NoCeM notices.  It will provide the gpg and gpgv programs.  If GnuPG
           was already installed when INN was configured, then the paths to these programs were taken into
           account.  Otherwise, you have to set the "$gpg" and "$gpgv" variables in pathlib/perl/INN/Config.pm
           to the paths to these programs.

           All still active NoCeM issuers use rather modern PGP keys accepted by both GnuPG 1.x and 2.x
           versions.  It is no longer needed to explicitly use gpg1 to process NoCeM notices.

       2.  Import the keys of the NoCeM issuers you trust in order to check the authenticity of their notices.
           You can run the following command:

               gpg --no-default-keyring --allow-non-selfsigned-uid \
                   --primary-keyring <pathetc>/pgp/ncmring.gpg --no-options \
                   --no-permission-warning --batch --import <key-file>
               chmod 644 <pathetc>/pgp/ncmring.gpg

           where <pathetc> is the value of the pathetc parameter set in inn.conf and <key-file> the file
           containing the key(s) to import.  The keyring must be located in <pathetc>/pgp/ncmring.gpg; you only
           have to create the directory <pathetc>/pgp before using gpg (it will automatically generate the
           ncmring.gpg file) and make sure the news user can read this file, once generated.

           The keys of NoCeM issuers can be found in the web site of The NoCeM Registry:
           <http://rosalind.home.xs4all.nl/nocemreg/nocemreg.html>.  You can even download there a unique file
           which contains all the keys.

       3.  Create a nocem.ctl config file in pathetc indicating the NoCeM issuers and notices you want to
           follow.  This permission file contains lines like:

               bleachbot@httrack.com:spam,site
               pgpmoose@killfile.org:pgpmoose-forged-moderation

           This will remove all articles for which the issuer (first part of the line, before the colon ":") has
           issued NoCeM notices corresponding to the criteria specified after the colon.  Usually, you just keep
           the lines corresponding to the keys previously installed.

           You will also find information about that on the web site of The NoCeM Registry.  Note that INN is
           shipped with an up-to-date nocem.ctl file already configured with the current NoCeM issuers.  (Only
           the keys installed at the previous step are not included, so as to leave you the choice of whom to
           trust, and download the most recent ones, in case they have changed.)

       4.  Add to the newsfeeds file an entry like this one in order to feed perl-nocem with the NoCeM notices
           (cross)posted to news.lists.filters, the global newsgroup where notices are sent:

               nocem!\
                   :!*,news.lists.filters\
                   :Tc,Wf,Ap:<pathbin>/perl-nocem

           with the correct path to perl-nocem, located in <pathbin>.  Then, run "inncheck" to ensure the syntax
           of the modified newsfeeds file is correct, and reload it (via "ctlinnd reload newsfeeds 'NoCeM
           channel feed'").

           Note that you should at least carry news.lists.filters on your news server (or other newsgroups where
           NoCeM notices are sent) if you wish to process them.

       5.  Everything should now work.  However, do not hesitate to manually test perl-nocem with a NoCeM
           notice, using:

               grephistory '<Message-ID>' | perl-nocem

           Indeed, perl-nocem expects tokens on its standard input, and grephistory can easily give it the token
           of a known article, thanks to its Message-ID.

FILES

       pathbin/perl-nocem
           The Perl script itself used to process NoCeM notices.

       pathetc/nocem.ctl
           The configuration file which specifies the NoCeM notices to be processed.

       pathetc/pgp/ncmring.gpg
           The keyring which contains the public keys of trusted NoCeM issuers.

BUGS

       The Subject header field body is not checked for the "@@NCM" string and there is no check for the
       presence of the References header field.

       The Newsgroups pseudo header field body is not checked, but this can be done in "local_want_cancel_id()".

       The Hierarchies header field is ignored.

HISTORY

       Copyright 2000 by Miquel van Smoorenburg <miquels@cistron.nl>.

       Copyright 2001 by Marco d'Itri <md@linux.it>.

SEE ALSO

       gpg(1), gpgv(1), grephistory(1), inn.conf(5), newsfeeds(5), pgp(1).