Unlike the standard implementation of NoCeM, this version is optimized for the most common case of "spam cancels". In fact, it can do nothing else. It can not be run by a normal user, it does not need or manipulate state like .newsrc files, it processes only "hide" actions, and that only by actually deleting the articles.
c-nocem is designed for easy setup and fast run and needs no maintenance.
configurescript. Give it the
--with-inn=diroptions to point to the top of the news system's source tree. Run
make install. Copy
ncmperminto the right place. Create
ncmgroupsthere if needed, see below. Look at the top of
c-nocemand correct any wrong parameters. Make sure the programs created by the make, as well as
pgpare in the news system's PATH (configure usually gets that right). Create a temp directory as indicated in c-nocem, if you don't have it already. Do not use
/tmpor any other globally writable directory for this purpose - that would be a serious security problem. Note for users of previous versions: The programs are now installed in the main news binary directory. Make sure to correct any wrong paths. For INN 2.0 and newer, the configuration files like
ncmpermbelong into the
Arrange for the NoCeM newsgroups to be feeded to the c-nocem program. The means for this is the standard batching system. (The setup below is for the Cleanup Release of C News, older versions use a different batchparms file format.)
nocem-extractor N 1000000- - c-nocem -b -s
"newsrun"in your crontab with
"newsrun; sendbatches -c N -p".
nocem-extractor N 100000 - c-nocem -b | report "NoCeM"
Arrange for the NoCeM newsgroups to be feeded to the c-nocem program. The means for this is a channel feed.
:Tc,Wn:/var/lib/news/bin/c-nocem -c200 -t600 -s
$NEWSLIB/ncmring.pgp). If no known and valid signature is found, the notice is ignored entirely. If the signature is good, the NCM headers are checked:
The c-nocem distribution contains some keys of frequent NoCeM issuers. Check for yourself from whom you want to accept the NoCeM notices, and try to verify the keys e.g. via a public key server instead of blindly trusting them.
Create the key ring or add a key to it with a command like
pgp +pubring=ncmring.pgp -ka ncmring.asc
Be sure to specify the right key ring file, i.e. the same as in the c-nocem script.
ncmpermcontains a permission table, similar to "controlperm"/"control.ctl". Each entry in this table consists of three whitespace-separated fields: issuer, type, permission. "Issuer" is a string that is checked against the Issuer NCM header, "type" is checked against the Type NCM header. If both match, the permission is determined from the third field as "yes" or "no". First match wins. If no entry matches, it defaults to "no". Only a NoCeM notice with "yes" permission is processed.
The issuer field of the ncmperm file may contain a substring of the actual Issuer header (e.g. "clewis@ferret" matches Chris Lewis' spam cancels). The type field may be "*" which means "everything".
c-nocem re-reads this file when it changes immediately.
-aoption to the c-nocem command to ignore groups which are not in your active file.
gpgand uses it if available. Because NoCeM issuers use PGP 2.6 keys, you have to install an RSA extension to GnuPG. It is available from the GnuPG Web page (under "More crypto") as a file
rsa.c, which has to be compiled according to a comment in the file and placed in the extensions directory (default
/usr/local/lib/gnupg). Then put the following line in
tmp/nocem). In the second stage, these IDs are processed: for each Message-ID, if the article is on the system, the article is deleted. If it is not there, a history entry is generated which prevents later arrival. A log file entry is emitted for each of these entries. The result is like that from a regular cancel.
When getting end-of-input in channel mode (i.e. after a flush or
shutdown) c-nocem writes a batch file
all unprocessed input lines (NoCeM notice file names/tokens) and quits
immediately. The next invocation of c-nocem will pick up this batch
file, a la "innfeed".
-b: run in batched mode.
-cn: run in channel mode. Spawn delete process every (n) articles.
-ts: timeout. Spawn delete process every (s) seconds.
-n: testing. Don't delete articles or manipulate the history.
-s: silent. Do not give any output except for fatal errors.
-dn: delay. See below.
-k: kill cancels. See below.
-l: no logging. Don't emit logfile entries.
-r: remove only. Don't add history entries.
-a: active-file check. Don't cancel articles in groups not in the active file.
-zf: Leave list of deleted articles in file (f) (relative to spool directory). This can be fed into
-C: Run in channel mode and use cancelfeed. See below. Do not use -b, -c, -t with this.
The "fastcancel" program takes a list of Message-IDs and locally cancels them, i.e. deletes the article files or notes the IDs in the history file. It must run with the news system locked/paused. On INN, fastcancel emits a list of articles to remove which c-nocem feeds to "fastrm". This keeps the actual article deletion out of the paused time, like with "news.daily delayrm".
The "groupcheck" program takes a list of Message-IDs with newsgroups and checks them against a subscription list. This is only needed for INN; C News uses the "gngp" program (part of C News) instead.
The "cancelfeed" program works with the special cancel mode NNTP channel found in INN 2.4 and above. It works like "groupcheck" and instructs the server to cancel the matching articles, eliminating the need for "fastcancel".
-d nparameter, where n is an estimate on the numbers of NoCeM notices received per day. (You can find this number by running c-nocem for at least two days in undelayed mode, then do a
grep nocem-extractor /var/log/news/OLD/log.1.gz | wc -l, or whatever the right feed name and file location is.) In channel mode, c-nocem will count the actual NoCeM notices received and adjust the delay dynamically.
flock()system call and a correctly compiled version of perl which supports that call. If your system does not have the
select()system call (INN systems must have this call, but perhaps your perl is broken), the
-toption won't work correctly.
Since release 3.3, c-nocem comes with the default permissions file and public key ring from The NoCeM Registry at http://www.xs4all.nl/~rosalind/nocemreg/nocemreg.html. Look there and in the news.admin.nocem newsgroup for updates.