On Mon, 8 Jan 2024 14:39:32 +0100, Marco Moock wrote:

>> I'm pretty sure that will work, but Thunderbird is just about the
>> worst newsreader that can be written - it thinks news is email last I
>> used it.
>
> I agree that TB has some disadvantages, but ancient software creates
> other problems.

I agree that TB works for many people but it tries to be both email and
newsreader and that doesn't work for me but I'm sure it works for others.

> You can also choose a news server that allows authentication without
> encryption.

I agree that there are other news servers to choose from.
I was merely trying to debug the one that I had an account already for.
It's all fixed now. User error combined with a strange nntp server setup.

>
>> I had used Claws for email but Google email just didn't like it when
>> they removed the password authorization in favor of OAuth2 & then
>> forced 2FV.
>
> IIRC Google still supports PW auth with an App password.
> CM also support OAuth in the current version.

IIRC, the app password requires 2FA (but it has been a while for me).

It's good the Claws supports OAuth as all the MUAs had to scramble to
repair the damage Google caused by being unfriendly to competition.

For about a month or two all the good MUAs failed to work (not TB, but
others) until they were able to catch up and implement the OAuth after
Google changed their rules on the auditing needs (which cost > $15K).

Paying for an audit is easy for Mozilla but not so easy for others.

Most people caved in and set up 2FA but I just didn't do mail for a month
until the developers had it all sorted out with Google changing rules.

I went through that hell when Google started this mess and I do NOT want to
go through it again now that I got OAuth2 to work with Google Mail.

>> The problem had nothing to do with dialog other than dialog gave
>> an error which simply said it failed but nothing more than that
>> really.
>
> Doesn't it give more details?

I set Dialog to a full level-0 log (which is everything), and it still
didn't say anything other than the connection failed (socket 0).

0 25674390: Creating worker thread: Sending message to news.software.readers neodome Username ok1
0 25674390: FDATA: Opening 1
0 25674390: FDATA: Reading itemcount 3
0 25674390: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
3 25674390: Sending message to news.software.readers (Started) [$0000250C]
1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
3 25674390: Connecting to NNTP 127.0.0.1:55555 [$0000250C]
1 25675500: Reindexing (Order: 3, no filtering) of group 1 with 2574 articles took 16 ms
0 25675500: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
0 25675500: FDATA: Regular update PAK - ChangeCount: 0
0 25675500: FDATA: adding GroupKey: 1 ArticleKey: 2573
0 25675500: FDATA: Regular update PAK - ChangeCount: 1
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FontFB: No non-ASCII characters found; Using default font
0 25675515: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675546: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675484: !Quit (Finished) [$0000250C]
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
5 25675484: Posting article failed: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
1 25675500: Sending message to news.software.readers (Finished) (Finished) [$0000250C]
0 25676328: TFlushBodiesThread started with ThreadID: $16A0
1 25678328: Flushing body db
0 25678328: FDATA: Updating PAK, number of subfiles: 29
0 25678328: FDATA: Writing itemcount 3
0 25678328: FDATA: Closing 1
1 25679687: Main window close query
1 25679750: Main window destroy called - Goodbye
0 25679765: FDATA: destroying; Changecount: 0
1 25679765: Flushing group and server list

> Claws provides the full network log with the NNTP messages.

To get a clean log out of Stunnel, I killed and restarted it.
This shows it's ready to take connections.
2024.01.07 02:18:11 LOG5[main]: stunnel 5.69 on x64-pc-mingw32-gnu platform
2024.01.07 02:18:11 LOG5[main]: Compiled/running with OpenSSL 3.0.8 7 Feb 2023
2024.01.07 02:18:11 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2024.01.07 02:18:11 LOG5[main]: Reading configuration from file C:\Program Files\stunnel\config\stunnel.conf
2024.01.07 02:18:11 LOG5[main]: UTF-8 byte order mark detected
2024.01.07 02:18:11 LOG5[main]: FIPS mode disabled
2024.01.07 02:18:32 LOG5[main]: Configuration successful

This is what happens when I post to another server (not neodome).
2024.01.07 02:34:17 LOG5[0]: Service [eternal] accepted connection from 127.0.0.1:55554
2024.01.07 02:34:20 LOG5[0]: s_connect: connected 135.181.20.170:563
2024.01.07 02:34:20 LOG5[0]: Service [eternal] connected remote server from 10.212.1.145:60382
2024.01.07 02:34:24 LOG5[0]: OCSP: Connecting the AIA responder "http://r3.o.lencr.org"
2024.01.07 02:34:27 LOG5[0]: s_connect: connected 23.2.16.105:80
2024.01.07 02:34:30 LOG5[0]: OCSP: Certificate accepted
2024.01.07 02:34:30 LOG5[0]: Certificate accepted at depth=0: CN=news.eternal-september.org
2024.01.07 02:34:44 LOG3[0]: SSL_read: ssl/record/rec_layer_s3.c:321: error:0A000126:SSL routines::unexpected eof while reading
2024.01.07 02:34:44 LOG5[0]: Connection reset: 358 byte(s) sent to TLS, 388 byte(s) sent to socket

This is what happens when I post to the neodome server.
2024.01.07 02:18:55 LOG5[0]: Service [neodome] accepted connection from 127.0.0.1:55555
2024.01.07 02:19:00 LOG5[0]: s_connect: connected 95.216.243.224:563
2024.01.07 02:19:00 LOG5[0]: Service [neodome] connected remote server from 10.212.1.145:60371
2024.01.07 02:19:01 LOG4[0]: CERT: Pre-verification error: self-signed certificate
2024.01.07 02:19:01 LOG4[0]: Rejected by CERT at depth=0: O=Neodome, CN=neodome.net, emailAddress=admin@neodome.net
2024.01.07 02:19:01 LOG3[0]: SSL_connect: ssl/statem/statem_clnt.c:1889: error:0A000086:SSL routines::certificate verify failed
2024.01.07 02:19:01 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

This is the Dialog log file when I post using eternal september with Stunnel.
0 43532453: Creating worker thread: Sending message to alt.test username
0 43532453: FDATA: Opening 1
0 43532468: FDATA: Reading itemcount 6
0 43532468: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2579
3 43532453: Sending message to alt.test (Started) [$00002754]
1 43532453: NNTP slot used by this thread: username [$00002754]
3 43532468: Connecting to NNTP 127.0.0.1:55556 [$00002754]
0 43548968: 200 news.eternal-september.org InterNetNews NNRP server INN 2.8.0 (20231205 snapshot) ready (posting ok) [$00002754]
0 43548968: !MODE READER [$00002754]
0 43550859: 200 news.eternal-september.org InterNetNews NNRP server INN 2.8.0 (20231205 snapshot) ready (posting ok) [$00002754]
3 43550859: Connected to NNTP 127.0.0.1:55556 [$00002754]
3 43550859: Logging in to NNTP 127.0.0.1:55556 [$00002754]
0 43550859: !AUTHINFO USER ****** [$00002754]
0 43552218: 381 Enter password [$00002754]
0 43552218: !AUTHINFO PASS ********* [$00002754]
0 43554687: 281 Authentication succeeded [$00002754]
3 43554687: Posting message to NNTP server [$00002754]
0 43554687: !POST [$00002754]

This is the Dialog log file when I post using neodome with Stunnel.
0 25674390: Creating worker thread: Sending message to news.software.readers neodome Username ok1
0 25674390: FDATA: Opening 1
0 25674390: FDATA: Reading itemcount 3
0 25674390: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
3 25674390: Sending message to news.software.readers (Started) [$0000250C]
1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
3 25674390: Connecting to NNTP 127.0.0.1:55555 [$0000250C]
1 25675500: Reindexing (Order: 3, no filtering) of group 1 with 2574 articles took 16 ms
0 25675500: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
0 25675500: FDATA: Regular update PAK - ChangeCount: 0
0 25675500: FDATA: adding GroupKey: 1 ArticleKey: 2573
0 25675500: FDATA: Regular update PAK - ChangeCount: 1
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FontFB: No non-ASCII characters found; Using default font
0 25675515: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675546: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675484: !Quit (Finished) [$0000250C]
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
5 25675484: Posting article failed: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
1 25675500: Sending message to news.software.readers (Finished) (Finished) [$0000250C]
0 25676328: TFlushBodiesThread started with ThreadID: $16A0
1 25678328: Flushing body db
0 25678328: FDATA: Updating PAK, number of subfiles: 29
0 25678328: FDATA: Writing itemcount 3
0 25678328: FDATA: Closing 1
1 25679687: Main window close query
1 25679750: Main window destroy called - Goodbye
0 25679765: FDATA: destroying; Changecount: 0
1 25679765: Flushing group and server list

The two errors (one in Dialog's log and the other in Stunnel's log) are:

Dialog error:
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]

Stunnel error:
2024.01.07 02:19:01 LOG4[0]: CERT: Pre-verification error: self-signed certificate
2024.01.07 02:19:01 LOG4[0]: Rejected by CERT at depth=0: O=Neodome, CN=neodome.net, emailAddress=admin@neodome.net
2024.01.07 02:19:01 LOG3[0]: SSL_connect: ssl/statem/statem_clnt.c:1889: error:0A000086:SSL routines::certificate verify failed

Anyway, the problem wasn't really any of that, in reality.
The problem was the server doesn't want its certificate checked.

>> Is is the best way to run a news server?
>> I don't know. Probably not.
>
> No, but other servers exist. Simply use them.

I agree with your advice but you have to take into account that the
Neodome account was working fine for me, until it wasn't.

So there's really nothing wrong with it even though it's using a
faulty certificate. I just had to learn how to deal with it.

It's kind of like a car that you like and you're comfortable with,
but which has a balky clutch until it heats up a bit in use.

Thanks for all your help and encouragement.