Using encryption for downloading is now common place within the industry, many news providers even provide the SSL connections as standard, so why is uploading still usually none through standard non-encrypted NNTP connections? The answers lies with the age of Powerpost..
The simple answer is that Powerpost is old, the latest version 11B was released half a decade ago in 2004 - before SSL connections became popular among the industry (mostly due to wanting privacy) and therefore SSL abilities were never implemented in the core program itself. Also, our article on how to post to newsgroups is also quite old and thus still uses Powerpost A&A (there are other newer applications to post with which we will be covering shortly). But anyway, fear not, any application that uses the standard TCP/IP way of networking can be forced to use SSL by "wrapping" the outgoing connections in an encrypted virtual tunnel. If you follow our guide, which evolved from shabbydogs' one, you can shield your uploads from prying eyes.
Step One
Download Stunnel - The Universal SSL Wrapper
Assuming you followed our old guide, you already have all the programs you need apart from Stunnel, so head over to Stunnel's Website and install it using the instructions provided.
Step Two
Configuring Stunnel to work with your outgoing SSL connection
Open a file directory window and head to the directory where Stunnel installed itself. If you didn't change the default install location, it is most likely hiding at C:\Program Files\Stunnel\
). Open the stunnel.conf
file in your text editor of choice (Notepad will do just fine) and then follow these sub-steps:
-
Look for the line that reads
<strong>;client = yes</strong>
and remove the first semi-colon - this will uncomment the line and activate it once saved. -
Head to the bottom of the same file and add:
[nntp] accept = 119 connect = newsserver_address:ssl_port_number
-
A quick explanation:
[nntp]
indicates the start of a new service definition to Stunnel and gives it a name. Theaccept = 199
tells the Stunnel software to accept connections on your own computer at port 119. And finally, the lastconnect
line tells Stunnel where to send all the data which is connecting to port 119. You can change the accept port do whatever you like within reason (and being careful of conflicts) but the connect line must consist of your usenet_server_address colon it's SSL port number. -
A working example for those with Newshosting:
[nntp] accept = 119 connect = nhxl.newshosting.com:563
-
Make sure you then save and close your text editor before Step 3.
Step Three
Configuring the Powerpost upload software to work with Stunnel
Simply open up Powerpost's connection settings (View > Program Settings) and change your NNTP news server to 127.0.0.1
- on most computers the word localhost
is also aliased to 127.0.0.1
but for safety's sake stick with that address. 127.0.0.1
is the "local loopback" IP address in that it always refers to your machine. The port value in Powerpost's settings should be set to 119 if going by the examples above or any port as long as it matches the accept = xxx
line in stunnel.conf
. Username and password and all other details remain changed.
Step Four
The final stage: starting Stunnel and your SSL upload connection
With all that set up, start up the Stunnel program itself in whatever fashion you choose (Start > Programs etc etc). That will bring up an icon in your system tray which effectively notifies you that the server has started. Then all you need to do is open up Powerpost and use as normal! All traffic will be sent by Powerpost to your own PC, which in turn gets "wrapped" in an SSL connection by Stunnel and send to the destination server (your news provider).
If you have a software firewall, you may need more configuration to get this to work; that or simply allowing the software through any warning prompts that may pop up may work. If you're running Norton, please don't - in the nicest way possible....it's a pile of dog shit that breaks more things that it fixes, there are plenty of decent software firewalls that don't hog your resources - perhaps we'll do a post detailing some soon :)
4 Comments
Please post an SSL JbinUP tutorial soon :D
Yes it works !!! using usenet for 8 years.
Hi I've tried to click Stunnel's website but the page not found!
Can the stunnel mask my ip address to news server? Please reply. Thanks