Short summary on securing NNTP servers, courtesy of
Joe Greco.

  You should configure your nnrp.access file to contain, as a FIRST line:

  ## Default is no access, no way to authentication, and no groups.
  *:: -no- : -no- :!*

  Followed by lines to explicitly allow reading and posting from hosts
  and/or IP numbers that are trusted:

  ##  My hosts have no password, can read anything.
  206.55.64.*:Read Post:::*
  206.55.65.*:Read Post:::*
  206.55.66.*:Read Post:::*
  206.55.67.*:Read Post:::*
  *.mytrustedfriend.net:Read Post:::*

  Under no circumstances should you have something like

  *:Read Post:::*


  The man page is mildly hard to read.  The point that most people will
  mess up on is that INN uses THE LAST MATCH FOUND in a file for access
  purposes, so people often try to do silly things like write something
  like this

  host:R P
  host2:R P
  *:-no-

  And then when it fails to work for ANYONE,