A pointer for those having trouble with access file includes/exclusions. After fiddling, it looks like one can only specify one group(mask) per line. so this works: int-newsmail-*.manawatu * read,post,filter spam.filter int-mail-*.manawatu manawatu.* read,filter spam.filter int-mail-*.manawatu nz.* read,filter spam.filter int-bad-*.manawatu manawatu.announce read,filter spam.filter *.manawatu *bina* deny *.manawatu *pictures* deny *.manawatu *sounds* deny but this doesn't *.manawatu *bina*,*pictures*,*sounds* deny Julian, pointing that out in nntpcache.access would be a good idea: Admins moving across from other software are easily tripped up on this because INN/Cnews allow complex access lists to be spcified. ==== For those who're curious, those are real lines from my access file used for local users who pay a token amount for news/mail or mail access. What we discovered was that a few people had realised on that we weren't filtering binaries groups for private network IPs, so they were sitting online 24x7 and bitching because they couldn't download porn and warez at the speeds they thought they should. Making restricted access accounts is quite simple if you use radius or tacacs to allocate IP addresses at login: Allocate those users/ports RFC 1597/1812 ip numbers as they dialin and make sure routers are configured to not let those IPs out - see ftp://ftp.manawatu.gen.nz/pub/antispam/cisco-firewalling-fragments (The fragments also armour your network slightly against forged IP getting in and out.) AB
