Uploading to newsgroups securely using your providers' encrypted secure sockets layer (SSL)

Using encryption for downloading is now common place within the industry, many news providers even provide the SSL connections as standard, so why is uploading still usually none through standard non-encrypted NNTP connections? The answers lies with the age of Powerpost..

The simple answer is that Powerpost is old, the latest version 11B was released half a decade ago in 2004 - before SSL connections became popular among the industry (mostly due to wanting privacy) and therefore SSL abilities were never implemented in the core program itself. Also, our article on how to post to newsgroups is also quite old and thus still uses Powerpost A&A (there are other newer applications to post with which we will be covering shortly). But anyway, fear not, any application that uses the standard TCP/IP way of networking can be forced to use SSL by "wrapping" the outgoing connections in an encrypted virtual tunnel. If you follow our guide, which evolved from shabbydogs' one, you can shield your uploads from prying eyes.

Step One

Download Stunnel - The Universal SSL Wrapper

Assuming you followed our old guide, you already have all the programs you need apart from Stunnel, so head over to Stunnel's Website and install it using the instructions provided.

Step Two

Configuring Stunnel to work with your outgoing SSL connection

Open a file directory window and head to the directory where Stunnel installed itself. If you didn't change the default install location, it is most likely hiding at C:\Program Files\Stunnel\). Open the stunnel.conf file in your text editor of choice (Notepad will do just fine) and then follow these sub-steps:

  1. Look for the line that reads <strong>;client = yes</strong> and remove the first semi-colon - this will uncomment the line and activate it once saved.

  2. Head to the bottom of the same file and add:

    [nntp]
    accept = 119
    connect = newsserver_address:ssl_port_number
    
  3. A quick explanation: [nntp] indicates the start of a new service definition to Stunnel and gives it a name. The accept = 199 tells the Stunnel software to accept connections on your own computer at port 119. And finally, the last connect line tells Stunnel where to send all the data which is connecting to port 119. You can change the accept port do whatever you like within reason (and being careful of conflicts) but the connect line must consist of your usenet_server_address colon it's SSL port number.

  4. A working example for those with Newshosting:

    [nntp]
    accept = 119
    connect = nhxl.newshosting.com:563
    
  5. Make sure you then save and close your text editor before Step 3.

Step Three

Configuring the Powerpost upload software to work with Stunnel

Simply open up Powerpost's connection settings (View > Program Settings) and change your NNTP news server to 127.0.0.1 - on most computers the word localhost is also aliased to 127.0.0.1 but for safety's sake stick with that address. 127.0.0.1 is the "local loopback" IP address in that it always refers to your machine. The port value in Powerpost's settings should be set to 119 if going by the examples above or any port as long as it matches the accept = xxx line in stunnel.conf. Username and password and all other details remain changed.

Step Four

The final stage: starting Stunnel and your SSL upload connection

With all that set up, start up the Stunnel program itself in whatever fashion you choose (Start > Programs etc etc). That will bring up an icon in your system tray which effectively notifies you that the server has started. Then all you need to do is open up Powerpost and use as normal! All traffic will be sent by Powerpost to your own PC, which in turn gets "wrapped" in an SSL connection by Stunnel and send to the destination server (your news provider).

If you have a software firewall, you may need more configuration to get this to work; that or simply allowing the software through any warning prompts that may pop up may work. If you're running Norton, please don't - in the nicest way possible....it's a pile of dog shit that breaks more things that it fixes, there are plenty of decent software firewalls that don't hog your resources - perhaps we'll do a post detailing some soon :)

djm posted by djm
This entry was posted in Tutorials & How-to Guides and tagged encryption, powerpost, secure, ssl, stunnel, upload, usenet. Leave a comment. Header image by anonymouscollective

4 Comments

  1. irk
    Posted Nov 17th, 2009 at 10:11 a.m.

    Please post an SSL JbinUP tutorial soon :D

    | Link to comment
  2. Old Usenet
    Posted Jan 28th, 2011 at 07:01 a.m.

    Yes it works !!! using usenet for 8 years.

    | Link to comment
  3. Peter
    Posted Mar 25th, 2012 at 04:03 a.m.

    Hi I've tried to click Stunnel's website but the page not found!

    | Link to comment
  4. Peter
    Posted Apr 3rd, 2012 at 00:04 a.m.

    Can the stunnel mask my ip address to news server? Please reply. Thanks

    | Link to comment

Comments are now closed.