Using Microsoft's Internet News Server

Microsoft recently released Exchange Server 5.0. Known as the Protocol release, version 5.0 includes support for several standard protocols, such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), HTTP, and Lightweight Directory Access Protocol (LDAP). Previous articles have discussed using various protocols with Exchange Server (for information about POP3 support in Exchange Server, see my article, "POP3," March 1997; for information about LDAP and SMTP support, see Tony Redmond, "Microsoft Exchange Server 5.0 Smoothes the Rough Edges," April 1997). In addition to supporting these protocols,Exchange Server now supports Network News Transfer Protocol (NNTP) through the Exchange Internet News Server (INS). INS lets Exchange administrators pull USENET newsfeeds into Exchange Public Folders and lets users access these Public Folders through the NNTP protocol. The administrator can also arrange to push Public Folder data to other USENET news servers.

Configuring NNTP in Exchange
To configure NNTP support in Exchange Server 5.0, you use the ExchangeAdministrator tool to manage the new Protocols container in the Configurationcontainer, as shown in Screen 1. Double-clicking the NNTP (News) SiteDefaults object opens the NNTP Properties pages, as you see in Screen 2.Initially, you need to configure only a few pages, starting with the General property page.

In the General property page, you can enable or disable NNTP support andclient access. You usually want to enable support for NNTP by selecting Enableprotocol, although you can disable it when you want to preserve networkbandwidth. Selecting Enable client access lets users access the ExchangePublic Folders with any desktop client that supports NNTP, such as the MicrosoftInternet News client or a shareware program such as WinVN. Initially, you mightwant to select both checkboxes.

The second property page you need to configure is the Authentication page,as you see in Screen 3. You use this page to select the forms of authenticationthat NNTP clients can use to access your Exchange Public Folders. The defaultsetting allows all authentication types and is the easiest configuration tosupport if you can't control which NNTP client software users are accessing yourfolders with. Most news clients let you enter a name and a password foraccessing a news server. If you want to restrict access to individuals withaccounts on your NT domain but you don't control which operating system orclients they use, select Basic (Clear Text) as the authentication method.Finally, if users log on to your NT domain before accessing the folders, you canselect Windows NT Challenge/Response authentication.

If you want to let anonymous users access the Public Folders, you mustselect the Anonymous property page, as shown in Screen 4.Check Allowanonymous access if you want anonymous users on the Internet to have accessto the folders you are exposing as newsgroups.

Configuring a Newsfeed
The two basic types of newsfeed are a push feed and a pull feed. In a pullfeed, you contact a USENET news server periodically and ask it for all newmessages in certain groups. For example, you might contact msnews.microsoft.com every 15 minutes and ask for all the new messages in microsoft.public.exchange. To configure a pull feed, you might need permission from the targetnews server to pull data. Some servers, such as msnews.microsoft.com, areunrestricted (i.e., anyone wanting to replicate Microsoft's public groups on anews server can pull whatever groups they want without having a valid accountfrom Microsoft). Other commercial servers, such as pubxfer.psinet.com, requirethat you have a paid subscription to the server to pull a newsfeed.

The alternative to a pull feed is a push feed. In a push feed, a newsserver periodically sends you all new messages in the groups that you want. Touse this type of newsfeed, you must tell the administrator of the push serverwhich groups you want to receive when you set up a contract with the InternetService Provider (ISP). Then all you have to do is wait for the server todeliver a flood of messages at a scheduled time. Typically, you don't need toconfigure the newsfeed any further.

If you want to replicate a USENET newsgroup from the Internet in anExchange Public Folder, start by enabling NNTP support. Next, run the Newsfeedwizard from the New Other option on the File menu in Exchange Server. Thiswizard lets you specify which news server you want to receive newsgroups from,account information you need to log on to that server, and some configurationoptions for the newsfeed. You can also replicate newsgroups from more than onenews server to Exchange at the same time. After you run the wizard, you canreconfigure all the parameters you set in the wizard from either the Newsfeedsproperty page or from a new entry the wizard creates in your site's Connectionscontainer.

The easiest way to learn how to use INS in Exchange Server is to create avery basic pull feed from an unrestricted news server such as msnews.microsoft.com. To create this pull feed, run the Newsfeed wizard and provide the answersto the questions you see in Table 1.In this case, you have created a pull feed that populates Public Folders on your Exchange server,polling Microsoft's unrestricted news server every 15 minutes. When you answered thelast Newsfeed wizard question by saying that you would configure your newsfeedlater, you told the wizard you will choose at a later time those groups that youwant replicated to your server. Screen 5shows the Newsfeeds property page after you run the wizard and create your newsfeed.

The Newsfeeds property page shows that I created an object, msnews.microsoft.com, with the Newsfeed wizard on my Exchange server (\kifissia). If Irun the wizard again and create another newsfeed with a new name, the newnewsfeed appears as a second line on this page. Any newsfeed on the Newsfeedsproperty page also appears in the Connections container of the server, as yousee in Screen 6.

If you double-click the newsfeed object in Screen 6,you see the property pages for the newsfeed with the answers you gave the wizard. Several propertypages let you configure the newsfeed to pull only the newsgroups you want, setthe schedule for pulling the newsgroups, and establish other parameters for thenewsfeed. For example, you can change the remote USENET site or host names oradd remote hosts in the Hosts property page (these parameters are items 6 and 7in Table 1). Similarly, the Security property page lets you specify an accountname and password for logging on to a restricted news server (Table 1, item 8).The Schedule property page lets you specify how often (or when) you want yourExchange server to poll the remote host and request any new newsgroups (Table 1,item 5). Finally, the Connection property page lets you specify whether you areconnected through a LAN or through a periodic dial-up connection (Table 1, item4).

The General property page for the newsfeed, as shown in Screen 7,has a checkbox to enable or disable the newsfeed. If you enable the newsfeed,the Exchange server contacts the target news server on a regular schedule topulldown new news items and push back any responses from your local Exchangeusers. If your Internet link is down or you need to conserve network bandwidth,you can disable the newsfeed until you rectify the situation. For example, I runan Exchange server on my laptop (\kifissia) and run the news service to pulldown most microsoft.public newsgroups when I am connected to the Internetthrough the company's T1 link. I then disable the newsfeed, and browse andrespond to newsgroup messages when I am on the road without the need of a widepipe to the Internet. When I reconnect to the Internet, Exchange propagates allchanges in both directions.

Remember how you told the Newsfeed wizard that you would configure thenewsfeed later (Table 1, item 10)? By doing so, you delayed answering thequestion that fills out the information on the Inbound property page. I had youdelay completing this step because it can take a long time and it can fail forseveral reasons. I usually postpone this step until I have a visual confirmationthat everything else appears to be working OK (i.e., I have a newsfeed object inthe Connections container and have no error messages in the Event Log). Call mea coward, but I prefer to win several small battles before I tackle the big one!

After you complete the Newsfeed wizard, but before you specify the inboundnewsgroups, I suggest you test the access to the USENET server. To do this test,Telnet to port 119 of the target server and issue a LIST ACTIVE command (for adetailed discussion about how to issue this command, see my article, "Spreadthe News with Internet News Server," June 1997). This test lets you knowthat you can get to the news server, that you have the correct name of the newsserver, and that groups are on the news server and available.

Specifying Inbound Newsgroups
As of the end of March 1997, about 15,000 newsgroups existed (with more than1.7GB of data in 200,000 messages), and the number is increasing at a rate ofmore than 300 percent per year. This growth makes selecting which newsgroups todownload difficult. When you first configure a pull feed, you need to get theactive list of these groups into your news server so that you can pick the onesyou want to receive regularly. Fortunately, you don't need to type in thisactive list. You can either get the active list as an ASCII file from yourUSENET provider and import it using an import utility, or you can download theinformation directly using NNTP. If you have a fast link such as a T1connection, downloading the active list using NNTP takes only a few minutes. Ifyou have a dial-up 28.8Kbps connection, the download can take more than 20minutes, and you might prefer to get the active list another way.

To start the process of downloading the active list with NNTP, select theInbound property page for the newsfeed. The first time you perform this process,you will get the message, "There is no active list defined in thisnewsfeed. Do you wish to import an active list?" If you answer no, you cango back later and configure the newsfeed. If you answer yes, you can downloadthe list from the newsfeed provider using NNTP or import a file containing theactive list. In most cases, you can simply choose to use the NNTP method.

At this point, you see a dialog box and progress indicator that show theprogress of the active list download from the provider. If your Internetconnection is down or if you have incorrectly entered the provider's name andrequisite security information in the connection page for the newsfeed, you willget an error message within a few seconds. However, if you establish aconnection, you can gauge the progress of the download from the slidingindicator. Keep in mind that some ISPs have different USENET servers for newsserver or news client access--make sure you don't choose the wrong one. On twooccasions, I've seen the progress indicator climb to about 60 percent and freezewhen trying to pull a newsfeed from a news server designated for client access.Unfortunately, you don't see any error message, and the newsgroups appear to bedownloading based on your ability to access the server using Telnet or a desktopnews client.

After you download the active list, Exchange stores it locally. Every timeyou subsequently open the Inbound property page for the newsfeed, you see abrief message saying, "Setting up the Active File... Initializing."This message indicates that Exchange is reading the local copy of the activelist. After you complete this step, you can see a list of the newsgroupsavailable on the provider's server. Screen 8shows some of the newsgroups available on msnews.microsoft.com as of March.

The list in Screen 8does not imply that these newsgroups contain any messages or that any authority hasevaluated any of the messages therein. To select a newsgroup to download, highlightthe group and click Include. When youselect a newsgroup, you are also selecting all subgroups of the newsgroup, regardlessof whether you want to replicate these subgroups to your server.After you select a group, the folder in the list changes appearance from a blankfolder to a small newspaper. In Screen 8, you can seethat I am not downloading the cinemania group, but I am downloading the catapult folder and all itssubgroups. When you click OK to close this property page, the Exchange servercontacts the news server for the newsfeed (here msnews.microsoft.com) on theprearranged schedule and requests any new items in the included newsgroups. YourExchange server will then download all items added to the newsgroups atMicrosoft since the last time your server polled msnews.microsoft.com and uploadto Microsoft any items your local Exchange users posted to the correspondingpublic folders.

Client Access
Now that you have configured a pull newsfeed, you can access the newsgroupswith either a Messaging API (MAPI) or an NNTP client (for details about NNTPclient access, see my article, "Spread the News with Internet News Server,"June 1997). If you open an Outlook client, you will see the newsgroups you havepulled down in the Internet Newsgroups folder, similar to what you see inScreen 9.

In this case, I am browsing the microsoft.public.frontpage.clientnewsgroup, and I've just read a message entitled "virtural server wontstart" posted by some unfortunate soul. If you use an NNTP client such asthe Microsoft Internet News client configured to use the Exchange server as itsUSENET server, you will see the same hierarchy and message.Screen 10 shows theMicrosoft Internet News client displaying the microsoft.public.frontpage.client newsgroup.

If you select Enable Client Access on the NNTP General property page (seeScreen 2), you can view and respond to the same Exchange publicfolders with either NNTP or MAPI clients. Exchange will replicate responsesyou post to Microsoft during the next scheduled connection and replicate yourresponses to other news servers with feeds from msnews.microsoft.com.

As you can see, setting up a news server and a pull feed is astonishinglysimple. However, keep in mind one caveat: Most newsgroups on the Internet arenot moderated; that is, nobody is monitoring the messages being posted, andtherefore nobody is responsible for controlling the content of the newsgroups.This freedom to post whatever you want whenever you want is both useful anddangerous and can lead to major arguments within companies as to whichnewsgroups to carry. For example, take the newsgroup alt.2600 and its subgroupsavailable on the public USENET servers. In this newsgroup, you will find a lotof people posting ways to defeat servers, source code for viruses, ways tobypass known commercial firewalls, and all sorts of unsavory and exciting stuff.By reading this newsgroup, you can learn about potential threats to your ownnetwork and your customers' networks. Study this newsgroup, and you can become asecurity expert who is adept at fending off attacks by hackers. This ability toaccess such information is good. However, letting that information and codeloose on your own network is potentially disastrous. You have to make a choicebetween providing valuable but dangerous information to your users, or censoringit and ensuring that your company's engineers read only publications approved bysoftware publishers' legal departments.