kenjreno/comet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
Files
main
comet/COMET.SAM
Ken Johnson da732a10bd Version 1.2.1: full BinkP/Argus parity, Comet augmentation, WebUI 
Version scheme: Major.Minor.Build-Revision.

BinkP gains every major Argus/binkd extension:

- PLZ (zlib) compression with adaptive block sizing (4KB→16KB)
- NR mode inbound resume via .bkp-part partials (FSP-1029)
- ND/NDA deferred cleanup: mid-session abort preserves outbound (FSP-1038)
- MBT multi-batch: FREQ response rides same session via second EOB
- M_NUL TRF traffic advisory and M_NUL FREQ (FRL-1026)
- M_NUL NDL/PHN info strings (new Phone, NodelistFlags config)
- RFC 2822 date format for M_NUL TIME
- Strict M_GET validation and duplicate-file pre-check
- TBinkpPostAuthCallback: host can route InboundDir before transfer
  (models binkd select_inbound / complete_login)
- TCometBinkpResult: Authenticated / AuthMethod fields

Comet native extensions keep the protocol ahead of BinkP:

- INIT payload adds Location/Time/Phone/NodelistFlags (trailing
  strings, backward-compatible)
- LST file listing: NPKT_LSTREQ/LSTITEM/LSTEND + COPT_LST
- Transactional file cleanup: destructive actions deferred until
  successful session close (matches ND semantics)
- Shared CometRFCDateStr across protocols — no drift between
  BinkP TIME and Comet INIT.Time

Daemon:
- BinkP inbound now starts unsecure and promotes to secure only
  after auth (fixes pre-1.2.1 bug where SecInbound was selected
  unconditionally).

TCometFileProvider: GetPartialSize and OpenForReceiveNamed for
NR partials; defaults preserve the random-temp scheme for
providers that don't track partials (Fastway plugin safe).

WebUI: /src/web/ + /src/webui/ backend, modeled after the Argus
GUI. Live session activity, outbound polls, FREQ requests,
nodelist, config editor, scheduler, SSE event stream.
2026-04-21 09:37:03 -07:00

557 lines
22 KiB
Plaintext
Raw Permalink Blame History

; =========================================================================
; COMET.CFG - Comet Mailer Daemon Configuration
; Version 1.2-1
; =========================================================================
;
; This is a sample configuration file for the Comet FidoNet mailer.
; Copy this file to COMET.CFG and edit it for your system.
;
; Lines beginning with ; are comments.
; Inline comments: anything after ; on a line is ignored.
; Values with spaces must be quoted: SystemName = "The Danger Zone"
;
; Run CSETUP for interactive configuration, or edit this file directly.
;
; =========================================================================
; =========================================================================
; [System] - Your FidoNet identity
; =========================================================================
;
; These settings identify your system to remote nodes during sessions.
; At least one Address is required. Multiple addresses are supported
; for systems that are members of multiple networks.
[System]
; Your FidoNet address(es). Format: zone:net/node or zone:net/node.point
; You can list multiple addresses, one per line.
; The first address is your primary (used for outbound zone detection).
;
; Examples:
; Address = 1:213/725 ; Boss node
; Address = 1:213/725.1 ; Point
; Address = 21:1/100 ; FSXnet
;
Address = 1:213/725
; Your name (sysop). Shown to remote systems during handshake.
SysOp = Ken Johnson
; Your system/BBS name. Shown to remote systems during handshake.
SystemName = The Danger Zone
; Your location (city, state/country). For informational display.
Location = Sparks, NV
; Optional phone number. Sent as M_NUL PHN during BinkP handshake and
; as the Phone field in Comet INIT. Informational only.
; Phone = 1-775-555-0123
; Optional nodelist flags string. Sent as M_NUL NDL during BinkP
; handshake and as the NodelistFlags field in Comet INIT. E.g.
; "CM,INA,IBN" to signal always-available and internet-reachable.
; NodelistFlags = CM,INA,IBN
; ED25519 private key for public-key authentication.
; Generate with: comet keygen
; Keep this SECRET - never share it. Only the public key is shared.
; If not set, ED25519 authentication is not available.
; Falls back to CRAM-MD5 (shared password) or no auth.
;
; Generate your own key with: comet keygen
; Print your public key with: comet showkey
; NEVER use someone else's key or an example key.
;
; The keygen command outputs both keys. Add the PrivateKey line
; and keep the PublicKey as a comment for your reference:
;
; PrivateKey = (output from comet keygen)
; ; PublicKey = (shown by comet keygen / comet showkey — give to remote nodes)
; =========================================================================
; [Network] - TCP listener and connection settings
; =========================================================================
;
; Comet listens on a single TCP port for both Comet protocol and
; BinkP fallback connections. Protocol auto-detection happens on
; the first bytes received from the remote.
[Network]
; TCP port to listen on. Default is 24554 (standard BinkP port).
; This is the port you need to forward in your router/firewall.
; Both Comet and BinkP connections come in on this same port.
Port = 24554
; Bind address. Which network interface to listen on.
; Leave empty or use * for all interfaces (recommended).
; Use 127.0.0.1 to only accept local connections (testing).
; Use a specific IP to listen on one interface only.
;
; Examples:
; Bind = ; All interfaces (default)
; Bind = * ; Same as above
; Bind = 192.168.1.100 ; Specific interface only
; Bind = 127.0.0.1 ; Localhost only (testing)
;
Bind =
; Maximum simultaneous sessions. Each session uses one thread.
; Set based on your system's resources and bandwidth.
; Minimum: 1, Maximum: 32, Default: 5
MaxSessions = 5
; Optional: maximum simultaneous INBOUND sessions from a single IP
; address. 0 = no per-IP cap (default). Useful for rate-limiting a
; misbehaving peer or preventing one node from hogging all your slots.
; Outbound calls you initiate are never affected.
; Default: 0 (unlimited per IP)
; MaxSessionsPerIP = 3
; Optional: maximum wall-clock seconds a session can run before it's
; force-terminated. Protects against stuck transfers and slow-drip
; attackers that keep a socket open without doing useful work.
; 0 = no limit (default). 3600 = one hour.
; Default: 0 (no limit)
; MaxSessionTime = 3600
; How often to scan the outbound directory for pending mail (seconds).
; Set to 0 to disable automatic outbound polling (inbound only).
; Default: 60 seconds
PollInterval = 60
; Accept PROXY protocol v2 headers on inbound connections.
; Enable this ONLY if Comet is behind a reverse proxy (HAProxy,
; nginx, etc.) that sends PROXY protocol headers.
; When enabled, the proxy header is parsed to extract the real
; client IP address for logging and BSY locking.
; Supports both IPv4 and IPv6 client addresses.
; Default: no (direct connections, no proxy)
; ProxyProtocol = no
; =========================================================================
; [Paths] - Directory locations
; =========================================================================
;
; All paths must exist before Comet starts, or Comet will create them.
; On Linux/FreeBSD, use forward slashes: /home/user/fido/inbound/
; On DOS/Windows/OS2, use backslashes: C:\FD\INBOUND\
; Trailing slash is optional.
[Paths]
; Inbound directory - where files from UNKNOWN/unpassworded nodes go.
; This is your "unsecure" inbound. Tossers should check this directory
; for incoming mail packets, but exercise caution with untrusted files.
Inbound = /var/lib/fidonet/inbound/
; Secure inbound - where files from PASSWORD-VERIFIED nodes go.
; If not set, all files go to Inbound regardless of password status.
; Your tosser should primarily process files from here.
SecInbound = /var/lib/fidonet/secure/
; BSO outbound base directory. This is the root of your Binkley-Style
; Outbound directory tree. Zone subdirectories (outbound.001/, etc.)
; and point directories (XXXXXXXX.PNT/) are created automatically.
;
; This must match what your tosser/packer writes to.
; For binkd compatibility, use the same outbound as binkd.cfg.
Outbound = /var/lib/fidonet/outbound/
; Temporary directory for files being received. Files are written here
; during transfer and moved to Inbound/SecInbound on completion.
; Using a temp directory on the same filesystem as Inbound allows
; atomic rename (no copy needed).
Temp = /var/lib/fidonet/temp/
; Main log file. Session events, errors, file transfers are logged here.
; If not set, logging goes to console only.
LogFile = /var/log/fidonet/comet.log
; Debug/trace log. Protocol-level detail: every frame sent/received,
; CRC values, state transitions. Very verbose - only enable when
; troubleshooting protocol issues.
; Enable with Debug = yes in [Logging] section.
DebugLog = /var/log/fidonet/comet-debug.log
; Nodelist directory. Comet reads standard FidoNet raw text nodelists
; (NODELIST.NNN format) and extracts IP/BinkP info from INA/IBN flags.
; The most recent nodelist.NNN file in this directory is used.
; Nodes found in the nodelist don't need manual [Node:] entries -
; Comet looks up their IP and BinkP port automatically.
; [Node:] entries take priority over nodelist data.
Nodelist = /var/lib/fidonet/nodelist/
; File request (FREQ) search directory. When a remote node sends a
; file request, Comet searches this directory for matching files.
; Supports wildcard patterns. Max 10 files / 10 MB per request.
; For advanced FREQ processing (magic names, file areas), use an
; external FREQ processor via [Events] exec rules and SRIF.
; If not set, FREQ requests are ignored.
Freq = /var/lib/fidonet/freq/
; Flags/semaphore directory. BSY files and rescan flags go here.
; If not set, BSY files are created in the outbound directory.
Flags = /var/lib/fidonet/flags/
; =========================================================================
; [DriveMap] - DOS drive letter to Unix path mapping
; =========================================================================
;
; IMPORTANT FOR LINUX/FREEBSD USERS:
;
; If you're running Comet on Linux but sharing outbound directories
; with a DOS/Windows mailer (or reading flow files written by one),
; the .FLO files will contain DOS-style paths like C:\FD\OUTBOUND\FILE.PKT
;
; These drive mappings tell Comet how to translate DOS paths to Unix:
; C:\FD\OUTBOUND\FILE.PKT -> /home/user/dos/c/fd/outbound/FILE.PKT
;
; Comet also handles case-insensitive file lookup automatically -
; FILE.PKT, file.pkt, and File.Pkt are all found.
;
; On DOS/Windows/OS2: this section is ignored (paths work natively).
;
; Format: DriveLetter = /unix/path
; The drive letter must be uppercase A-Z.
; The Unix path should be the root of what that drive letter maps to.
[DriveMap]
; C = /home/user/dos/c
; D = /home/user/dos/d
; =========================================================================
; [Protocol] - Transfer protocol settings
; =========================================================================
;
; These control the Comet file transfer protocol behavior.
; Default values work well for most TCP connections.
; You generally don't need to change these unless troubleshooting.
[Protocol]
; Maximum block size in bytes. Data is sent in blocks up to this size.
; Larger blocks = less overhead = higher throughput on fast links.
; Smaller blocks = faster error recovery on unreliable links.
;
; Range: 512 to 65528 bytes.
; Default: 65528 (maximum - best for TCP)
; On modem/dialup: consider 2048 or less
MaxBlockSize = 65528
; Sliding window size. Number of unacknowledged data blocks allowed
; in flight simultaneously. Higher values improve throughput on
; high-latency links (satellite, intercontinental).
;
; Range: 1 to 16
; Default: 8 (good for most TCP connections)
; High latency: try 12-16
; Unreliable links: try 2-4
WindowSize = 8
; Braindead timeout in seconds. If no valid data is received from
; the remote for this many seconds, the session is aborted.
; Default: 120 seconds (2 minutes)
Timeout = 120
; Handshake timeout in seconds. Maximum time to wait for the
; initial protocol handshake to complete.
; Default: 30 seconds
HandshakeTimeout = 30
; Disable SHA-256 file verification. NOT RECOMMENDED.
; SHA-256 ensures files are transferred correctly and enables
; content-based resume (resume even if filename/date changed).
; Only disable for debugging purposes.
; Default: no (SHA-256 is enabled)
; NoSHA256 = no
; Disable file request (FREQ) support.
; Default: no (FREQ is enabled)
; NoFREQ = no
; Data compression for file transfers.
; When both sides support it, each data block is compressed individually
; using zlib/deflate. Blocks that don't compress well (already-compressed
; files like .ZIP, .RAR, .7Z) are sent uncompressed automatically.
; Good for PKT files and text - typically 50-70% smaller on the wire.
;
; Values: zlib, none
; Default: zlib (enabled, negotiated with remote)
; Compression = zlib
; =========================================================================
; [BinkP] - BinkP protocol fallback settings
; =========================================================================
;
; When connecting to a remote node, Comet tries the Comet protocol
; first. If the remote doesn't speak Comet, it falls back to BinkP/1.1.
;
; Inbound connections are auto-detected: if the first bytes look like
; a BinkP frame instead of a COMET banner, the connection is handled
; as BinkP automatically.
[BinkP]
; Enable BinkP fallback for outbound connections.
; Default: yes
Enabled = yes
; Default BinkP port for outbound fallback connections.
; Outbound port comes from the nodelist (IBN flag) or per-node Port setting.
; on this port. This is the standard binkd port.
; Per-node override available in [Node:] sections.
; Default: 24554
Port = 24554
; =========================================================================
; [Logging] - Log output settings
; =========================================================================
[Logging]
; Minimum log level for the log file.
; Levels: debug, info, warning, error, fatal
; Default: info
FileLevel = info
; Minimum log level for console (stdout) output.
; Default: info
ConsoleLevel = info
; Enable debug/trace logging to the DebugLog file.
; This is VERY verbose - every protocol frame is logged.
; Default: no
Debug = no
; =========================================================================
; [Events] - Post-session actions
; =========================================================================
;
; After a session completes and files have been received, Comet can
; create flag/semaphore files and run external programs (tossers,
; scanners, FREQ processors like Allfix).
;
; Events run AFTER the session is closed - they never block transfers.
;
; Flag rules: create a semaphore file when files are received.
; flag <flagfile> <pattern>
;
; Exec rules: run an external command when files are received.
; exec "<command>" <pattern>
; !exec "<command>" <pattern> (run immediately per file)
;
; Variables for exec commands:
; *A = Remote FidoNet address (e.g., 1:213/723)
; *I = Inbound directory path
; *N = Number of files received
; *S = SRIF (Standard Request Information File) path
;
; Examples:
; flag /var/lib/fidonet/flags/toss.now *.pkt
; flag /var/lib/fidonet/flags/toss.now *.su? *.mo? *.tu? *.we?
; exec "hpt toss" *.pkt
; exec "allfix RP -SRIF *S" *.req
[Events]
; flag /var/lib/fidonet/flags/toss.now *.pkt
; exec "hpt toss" *.pkt
; exec "allfix RP -SRIF *S" *.req
; =========================================================================
; [FreqAliases] - Named file-request aliases
; =========================================================================
;
; Classic mailer feature: define short alias names that remote nodes
; can request via FREQ instead of knowing the real filename. Each entry
; is "AliasName = file path or glob pattern".
;
; Aliases are TRUSTED config data and may point to files OUTSIDE the
; FreqDir — useful for serving system files (the latest nodelist, your
; pubkey, etc) without exposing the whole directory.
;
; Aliases are matched case-insensitively against the requested name.
; Anything that doesn't match an alias falls back to a normal FreqDir
; search (with the usual sanitization that blocks ../ traversal).
;
; GLOB BEHAVIOUR (matches Argus and BTXE):
;
; By default, if the alias pattern is a glob (contains '*' or '?')
; Comet sends ALL matching files, up to the 10-file / 10 MB per
; request limits. This is the standard mailer behaviour.
;
; Prefix the pattern with '>' to serve only the NEWEST file(s) by
; mtime. This is the Argus convention for NODELIST-style magic
; names where you want today's nodelist and nothing else.
;
; A literal path (no glob characters) always serves that one file.
;
; Extended form — optional fields separated by '|':
;
; ALIAS = <pattern> | pw=<password> | max_size=<N> | max_count=<N> | exec=<cmd>
;
; pw=X password-protect. Remote must send "ALIAS!password".
; (Also accepted as "password=X".)
; max_size=X per-alias total size cap (K/M/G suffix ok, e.g. 5M).
; Overrides the global 10MB default when lower.
; max_count=N max file count cap per request (overrides global 10).
; exec=CMD external FREQ processor (SRIF-style). CMD is run with
; three arguments: <alias> <password> <remote-addr>.
; Comet serves any file paths the program prints to
; stdout, one per line. # comments are ignored. Use
; this for database-backed file areas, dynamic lists,
; custom access checks, or wrappers around classic SRIF
; processors. When exec is set, the pattern field is
; ignored — leave it blank or use it as a description.
; Stdout is capped at 256KB.
;
; Examples:
;
; [FreqAliases]
; NODELIST = >/var/lib/fidonet/nodelist/nodelist.* ; newest only
; POINTLIST = >/var/lib/fidonet/nodelist/points24.* ; newest only
; ARCHIVE = /var/lib/fidonet/archive/*.zip ; send all
; MAGIC = /var/lib/fidonet/freq/welcome.txt ; literal file
; PRIVATE = /data/private/*.zip | pw=sekret | max_size=50M
; FILES = /var/lib/fidonet/freq/files.bbs ; literal file
; PUBKEY = /etc/comet/pubkey.txt ; literal file
; ;
; ; External-processor aliases (pattern ignored, exec wins):
; LATEST = | exec=/usr/local/bin/comet-freq-latest.sh
; FILEAREA = | exec=/usr/local/bin/comet-freq-db.py | max_count=20
;
; ; /usr/local/bin/comet-freq-latest.sh receives 3 args:
; ; $1 = alias name (e.g. "LATEST")
; ; $2 = password supplied by remote (or empty)
; ; $3 = remote address (empty in current release)
; ; It prints one absolute file path per line to stdout. Lines
; ; starting with # are comments. Example:
; ; #!/bin/sh
; ; ls -t /var/lib/fidonet/builds/*.zip | head -1
[FreqAliases]
; NODELIST = /var/lib/fidonet/nodelist/nodelist.*
; FILES = /var/lib/fidonet/freq/files.bbs
; =========================================================================
; [Node:address] - Per-node configuration
; =========================================================================
;
; Configure settings for specific remote nodes. The section name
; includes the node's FidoNet address:
;
; [Node:1:213/723] ; A boss node
; [Node:1:213/723.1] ; A point
; [Node:21:1/100] ; An FSXnet node
;
; At minimum, you need the Host (IP or hostname) for each node
; you want to call. Nodes that call YOU don't need an entry here
; unless you want to set a session password.
;
; Authentication:
; Passwords are NEVER sent in plain text. Comet uses CRAM-MD5
; (Challenge-Response Authentication, RFC 2104) for both the
; Comet protocol and BinkP sessions. The answering side generates
; a random challenge, the calling side computes an HMAC-MD5
; response. The actual password never crosses the wire.
;
; Available settings:
;
; Password Session password (CRAM-MD5 authenticated)
; PublicKey Remote node's ED25519 public key (64 hex chars)
; Host IP address or hostname to connect to
; Port Outbound port override
; NoBinkp Disable BinkP fallback for this node (yes/no)
; NoComet Use only BinkP for this node (yes/no)
; SessionPassword Separate BinkP password if different from Password
; CallWindows Time restriction for outbound polls (optional).
; Empty = always allowed (default).
; Format: "dayspec HH:MM-HH:MM" (multiple separated
; by ';'). Examples:
; "mon-fri 09:00-17:00" — weekdays 9am-5pm only
; "* 22:00-06:00" — every day, overnight
; "sat,sun 10:00-22:00" — weekends 10am-10pm
; "mon-fri 09:00-17:00; sat-sun 10:00-22:00"
; Wrap-around ranges (22:00-02:00) are supported.
; Days: sun mon tue wed thu fri sat (case-insensitive).
; Used by the poller and the Scheduler. Manual "Call"
; actions from the WebUI ignore windows.
;
; HookPreCall External program hooks (per-node, optional).
; HookOnSuccess Each is a shell command template; variables are
; HookOnFail substituted before exec and shell-quoted on Unix.
; Variables:
; *A = node address (e.g. 1:218/720)
; *N = remote system name (after handshake)
; *S = remote sysop name
; *I = inbound directory
; *F = files received this session
; *X = files sent this session
; *B = total bytes (sent + received)
; *R = remote mailer name
; HookPreCall fires before the call attempt.
; HookOnSuccess fires after a successful session.
; HookOnFail fires after handshake failure,
; connect failure, or session crash.
; Examples:
; HookOnSuccess = /usr/local/bin/toss-in.sh *I
; HookOnFail = /usr/local/bin/alert.sh *A
; HookPreCall = logger -t comet "Calling *A"
; --- Example nodes ---
; [Node:1:213/723]
; Password = SECRET
; PublicKey = (get this from the remote node's sysop)
; Host = bbs.example.com
; Port = 24554
; [Node:21:1/100]
; Password = FSXNET
; Host = 192.168.1.50
; Port = 24554
; [Node:1:103/705]
; Host = fido.oldschool.org
; NoComet = yes ; This node only speaks BinkP
; =========================================================================
; End of configuration
; =========================================================================
;
; After editing, start Comet with:
; comet (daemon mode - listen + poll outbound)
; comet -c /path/to/comet.cfg (specify config file location)
; comet call 1:213/723 (single outbound call for testing)
; comet keygen (generate new ED25519 keypair)
; comet showkey (print public key from config)
; comet -d (daemon with debug logging enabled)
; comet -v (show version)
;
; Config hot-reload:
; Comet monitors this config file while running. If it detects
; changes (by checking the file modification time every 5 seconds),
; it automatically reloads the configuration. You can also send
; SIGHUP on Unix: kill -HUP $(pidof comet)
;
; This means you can edit the config or run CSETUP while Comet
; is running - changes take effect within seconds.
;
; For complete documentation see COMET.DOC.
; For the wire protocol specification see FSP-COMET.001.
; =========================================================================
Reference in New Issue View Git Blame Copy Permalink