Re: [usefor] Injection-Info:logging-data NNTP header usefullness ?

Julien ÉLIE <julien@trigofacile.com> Sat, 05 October 2019 07:44 UTC

Return-Path: <julien@trigofacile.com>
X-Original-To: usefor@ietfa.amsl.com
Delivered-To: usefor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5912E120058; Sat, 5 Oct 2019 00:44:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.779
X-Spam-Level:
X-Spam-Status: No, score=0.779 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfmUGi88HSs5; Sat, 5 Oct 2019 00:44:24 -0700 (PDT)
Received: from denver.dinauz.org (denver.dinauz.org [37.59.56.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 437C21200C1; Sat, 5 Oct 2019 00:44:23 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by denver.dinauz.org (Postfix) with ESMTP id F35C16046A; Sat, 5 Oct 2019 09:44:21 +0200 (CEST)
Received: from denver.dinauz.org ([127.0.0.1]) by localhost (denver.dinauz.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sRXkgVcZCJIc; Sat, 5 Oct 2019 09:44:21 +0200 (CEST)
Received: from macbook-pro-de-julien-elie.home (amontsouris-655-1-193-139.w90-46.abo.wanadoo.fr [90.46.60.139]) by denver.dinauz.org (Postfix) with ESMTPSA id C765660469; Sat, 5 Oct 2019 09:44:21 +0200 (CEST)
To: Marc Rousseau <xyz91987@gmail.com>
References: <CAA3QOubSE-Wf6DSKBurDu8PWrZBvDmrUYSvx=FCKsDoWSqEAQQ@mail.gmail.com>
Cc: iesg@ietf.org, usefor@ietf.org
From: =?UTF-8?Q?Julien_=c3=89LIE?= <julien@trigofacile.com>
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <44331efc-6331-7dee-3f29-ba21efb63e76@trigofacile.com>
Date: Sat, 5 Oct 2019 09:42:57 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CAA3QOubSE-Wf6DSKBurDu8PWrZBvDmrUYSvx=FCKsDoWSqEAQQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/usefor/jKsRz1y9GFKZnbY4_JdD96w9zss>
Subject: Re: [usefor] Injection-Info:logging-data NNTP header usefullness ?
X-BeenThere: usefor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of usefor issues." <usefor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/usefor>, <mailto:usefor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/usefor/>
List-Post: <mailto:usefor@ietf.org>
List-Help: <mailto:usefor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/usefor>, <mailto:usefor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 07:44:27 -0000

Bonjour Marc,

> I'v read RFC 6048 https://tools.ietf.org/html/rfc6048  and I was 
> wondering how to query remote NNTP
> Injection-Info (74569) numbers
> 
> <code>
> Injection-Info:logging-data="74569"
> </code>
> 
> is there a tool/script on the net that would return more info on those 
> instead of emailing sysadmin ?

The Injection-Info header field is defined in RFC 5536:
   https://tools.ietf.org/html/rfc5536

3.2.8.  Injection-Info

    The Injection-Info header field contains information provided by the
    injecting news server as to how an article entered the Netnews
    system; it assists in tracing the article's true origin.
[...]
    The "logging-data" <parameter> contains information (typically a
    session number or other non-persistent means of identifying a posting
    account) that will enable the true origin of the article to be
    determined by reference to logging information kept by the news
    server.


As far as I know, retrieving information about logging-data "numbers" 
(or whatever else, because it is not necessarily a number, though NNTP 
implementations usually log there a session number or a process ID) is 
not automatical.
There is no NNTP LIST command for that (RFC 6048 won't be of any help). 
  No automatical tool.

If one wishes to investigate on an article whose logging data is 
"74569", he needs contacting the news administrator of the site where 
the article was injected.  Only this news administrator will know what 
"74569" refers to, and can look into the logs of his server.

-- 
Julien ÉLIE

« Two secrets to keep your marriage brimming:
   1. Whenever you're wrong, admit it.
   2. Whenever you're right, shut up. » (Patrick Murray)