Differences

This shows you the differences between two versions of the page.

--- config_echomail_nodes [2019/03/16 17:41] – echomail secuity avon
+++ config_echomail_nodes [2019/03/16 18:12] – echomail secuity updates avon
@@ Line 272: / Line 272: @@
 The above would say that any echomail node that is a member of Echomail group 2, OR any node that has a security level of 255 OR any Echomail node that has flag H can hatch files to that file base.  The Echomail node with the ID of #10 can also hatch.
+The following commands are available within EACS:
+      s<level>  : Echomail node must have a Security Level greater than or
+                  equal to <level>
+      g<number> : Echomail node must be a member of Echomail group ID equal
+                  to <number>
+      f<flag>   : Echomail node must have flag <flag> which is a letter
+                  between A to Z.
+      u<number> : Echomail node must have a unique ID of <number>.  This
+                  allows security to be applied to specific nodes (ID is
+                  shown in echomail node editor).
+Just like user ACS, Echomail ACS can also use parenthesis and boolean evaulation.
+Echomail ACS has been activated for message base subscribing/reading. A new field in each Message base configuration called "List EACS" defines the ACS requires for an echommail node to be able to see, subscribe, or unsubscribe to the area via AreaFix.
+Hubs can still manually link a base to a node regardless of security, so for example if you wanted to force nodes to always carry a specific echo area, you would give them the base and then set the "List EACS" to an  access they do not have (or even use % which is "never" in ACS terms). With this setup in place, the node cannot add or remove the area, they can only perform rescans.
 This is a very powerful system for managing an Echomail network, and EACS strings will be added to various functions in the future as seen fit.
@@ Line 277: / Line 295: @@
 ==== Page 3 of 6 - Groups ====
-   Echo Group 01  │ None                                      1:General
+   Echo Group 01  │ fsxNet                                    1:General
    Echo Group 02  │ None                                      2:Security
    Echo Group 03  │ None                                      3:GROUPS
@@ Line 298: / Line 316: @@
 ==== Page 4 of 6 - BinkP====
    BINKP Hostname │ agency.bbs.nz:24556                       1:General
    IP Type        │ IPV4                                      2:Security
-   Password       │ *******                                   3:Groups
+   Password       │ *****                                     3:Groups
    Time Out       │ 30                                        4:BINKP
    Block Size     │ 16384                                     5:FTP
    CRAM-MD5       │ Yes                                       6:Dir Toss
+   Use SSL/TLS    │ No
    Hide AKAs      │ Yes
-                  │
                   │
                   │
@@ Line 314: / Line 332: @@
                   │
                   │                                          Page 4 of 6
-A Binkp session has the following options you should set:
+A Binkp section has the following options you should look at and in most cases set up:
 === BINKP Hostname ===
@@ Line 323: / Line 342: @@
 === IP Type ===
-Do you wish to use IPV4 or IPV6 when using Fidopoll to connect to this system?
+Do you wish to use IPV4 or IPV6 when using Fidopoll to connect to this system? Or do you wish to set a preferred connection type and then a fallback type? e.g. IPV6 + IPV4 or IPV4 + IPV6
 === Password ===
@@ Line 329: / Line 348: @@
 Set the session password your Mystic BBS will send to this EchoMail Node when you poll it using Fidopoll or it connects to your Mystic BinkP server and attempts to send your system Echomail, Netmail and/or other files.
-This password is case sensitive. Be warned some non-Mystic systems have issues with this. Best advice keep everything UPPERCASE to avoid hassles.
+This password is case sensitive. Be warned some non-Mystic systems have issues with this. Best advice keep everything UPPERCASE and limited to no more than 8 characters to avoid hassles.
 === Timeout ===
@@ Line 342: / Line 361: @@
 Use MD5 hashing when connecting as a client? This hides session passwords so they are not sent in plain text. It's a good idea to use this.
+=== Use SSL/TLS ===
+Mystic BINKP server and FIDOPOLL now support opportunistic SSL (TLS v1.2+) using a proprietary extension of the BINKP protocol. This means that it will only work with other Mystic BBS clients and servers, but the author plans to document the extension and send it to the authors of other mailers in hopes that it can be standardized.
+EchoMail Nodes now have three settings which can be used when polling for new mail:
+      No     : FIDOPOLL will not use SSL extension at all
+      Yes    : FIDOPOLL WILL use SSL if the server supports it
+      Forced : FIDOPOLL will refuse to exchange mail with a server
+               unless it supports SSL
+This setting is experimental at present so your mileage may vary. If you're having issues connecting to other systems it's best to set this to 'No' for now.
 === Hide AKAs ===