tinyleaf - Very simple IHAVE-only NNTP server
tinyleaf spool [processor]
tinyleaf is intended to be the simplest possible transit news server
that still does something useful. It must be run under inetd(8) or
some equivalent, and only implements three commands (HELP, IHAVE, and
QUIT). When it receives an article, it saves it into the directory
spool and, if processor is given, passes information about the article
to processor via a pipe. The file name of the article will be the MD5
hash of its message-ID, and if a file by that name already exists,
tinyleaf will refuse the article, reporting it as a duplicate.
If processor is given, it should specify the path to a program. That
program is started when tinyleaf starts, and its current working
directory will be spool. For each article received by tinyleaf, a
single line will be sent to standard input of processor. That line
will consist of the file name of the received article (relative to
spool), a single space, and the message-ID of the received article.
Note that the message-ID will be taken from the argument to the IHAVE
command and may not match the Message-ID: header in the article. When
tinyleaf shuts down, standard input to processor will be closed.
tinyleaf does no syntax verification of received articles whatsoever;
it just stores them and optionally passes them off to processor. It
also never deletes articles; normally, processor should do that when
it’s finished doing whatever it needs to with the article.
tinyleaf expects NNTP commands on standard input and replies on
standard output. Status information and any error messages are sent to
standard error. It does no authentication; any authentication must be
done by inetd(8) or by a wrapper program. (One simple authentication
mechanism is to invoke tinyleaf via tcpd(8) from TCP wrappers and use
/etc/hosts.allow and /etc/hosts.deny to restrict who can talk to the
tinyleaf has a (currently hard-coded) maximum message size of 1 MB and
a (similarly hard-coded) timeout of ten minutes for each command or
chunk of article data.
Suppose that you want to archive news articles on a particular host
(like the FTP server for a newsgroup archive) where you don’t want the
overhead of running a full-blown news server. Write a program that
reads one line at a time from standard input and treats everything
before the first space as the filename of a news article to archive.
Each time the program reads a line, it should archive that file and
then delete it, and it should exit when it gets end of file on standard
Then, add a line like:
nntp stream tcp nowait archive /usr/sbin/tcpd \
<pathbin>/tinyleaf <pathspool>/tinyleaf <pathbin>/archive
(all on one line -- the backslash and split in this line is just for
readability) where "archive" is the user that owns the archive,
/usr/sbin/tcpd is the path to tcpd(8), pathbin/tinyleaf is the path to
this program, pathspool/tinyleaf is some scratch directory that the
user "archive" has write access to, and pathbin/archive is the path to
your archive script.
You can now restrict access to tinyleaf to just your local news server
with "/etc/hosts.allow" and "/etc/hosts.deny" and set up an ordinary
feed from the server to the archive host, just like you would to any
other news server, of only the newsgroup that you want to archive.
Note that the archiving script should probably perform basic syntax and
validity checks on the input, since tinyleaf doesn’t.
This is the application that motivated the original development of this
The timeout and maximum message size should really be configurable.
tinyleaf should also probably not just respond 500 to every command
other than HELP, IHAVE, and QUIT; there are more useful (and more
expected) error codes that could be returned.
An option to scan the spool directory for any left-over files and pass
them to the processor when starting up would be useful.
Written by Russ Allbery <email@example.com> for InterNetNews.
$Id: tinyleaf.pod 8794 2009-11-15 09:28:19Z iulius $
hosts_access(5), inetd(8), tcpd(8).