Please wait...
0 files
Subject: Re: Unable to bind ports..user rights issue?
kill apache or nginx or whatever you have listening on 80 and 443, then try to start it again.
Tue Oct 15 2019 03:00:40 PM EDT from branco @ Uncensored Subject: Unable to bind ports..user rights issue?Hi guys,
I have recently installed Citadel using the easy install, everything appears to work except the opening of ports.
When i start the server i get this message in the console:
citserver[1632]: extensions: Citadel had trouble on starting up. We couldn't bind all ports you configured to be provided by Citadel Server.
This means, Citadel won't be the service provider for a specific service you configured it to.
If you don't want Citadel to provide these services, turn them off in WebCit via: "Admin->System Preferences->Network".
The failed ports and sockets are: extensions: TCP port 0.0.0.0:504: (citadel-TCP) ;extensions: TCP port 0.0.0.0:143: (IMAP) ;extensions: TCP port 0.0.0.0:993: (IMAPS) ;extensions: TCP port 0.0.0.0:119: (NNTP) ;extensions: TCP port 0.0.0.0:563: (NNTPS) ;extensions: TCP port 0.0.0.0:110: (POP3) ;extensions: TCP port 0.0.0.0:995: (POP3S) ;extensions: TCP port 0.0.0.0:25: (SMTP-MTA) ;extensions: TCP port 0.0.0.0:587: (SMTP-MSA)
If you want Citadel to provide you with that functionality, check the output of "netstat -lnp" on Linux, or "netstat -na" on BSD and disable the program that binds these ports.
To make both ways actualy take place restart the citserver with "sendcommand down"
The errors returned by the system were:
Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied
Is this a user rights issue? I created the user citadel during the installation process and gave it ownership of the entire /usr/local/citadel folder.
Web interface works fine and I've setup all required ports there, but it looks like citadel is not listening on any of them:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2020 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6010 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 172.31.46.125:68 0.0.0.0:*
Any help will be greatly appreciated.
Cheers,
Branco
Subject: Unable to bind ports..user rights issue?
Hi guys,
I have recently installed Citadel using the easy install, everything appears to work except the opening of ports.
When i start the server i get this message in the console:
citserver[1632]: extensions: Citadel had trouble on starting up. We couldn't bind all ports you configured to be provided by Citadel Server.
This means, Citadel won't be the service provider for a specific service you configured it to.
If you don't want Citadel to provide these services, turn them off in WebCit via: "Admin->System Preferences->Network".
The failed ports and sockets are: extensions: TCP port 0.0.0.0:504: (citadel-TCP) ;extensions: TCP port 0.0.0.0:143: (IMAP) ;extensions: TCP port 0.0.0.0:993: (IMAPS) ;extensions: TCP port 0.0.0.0:119: (NNTP) ;extensions: TCP port 0.0.0.0:563: (NNTPS) ;extensions: TCP port 0.0.0.0:110: (POP3) ;extensions: TCP port 0.0.0.0:995: (POP3S) ;extensions: TCP port 0.0.0.0:25: (SMTP-MTA) ;extensions: TCP port 0.0.0.0:587: (SMTP-MSA)
If you want Citadel to provide you with that functionality, check the output of "netstat -lnp" on Linux, or "netstat -na" on BSD and disable the program that binds these ports.
To make both ways actualy take place restart the citserver with "sendcommand down"
The errors returned by the system were:
Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied
Is this a user rights issue? I created the user citadel during the installation process and gave it ownership of the entire /usr/local/citadel folder.
Web interface works fine and I've setup all required ports there, but it looks like citadel is not listening on any of them:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2020 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6010 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 172.31.46.125:68 0.0.0.0:*
Any help will be greatly appreciated.
Cheers,
Branco
Subject: Re: Unable to bind ports..user rights issue?
Ports 80 and 443 are fine, i can connect to WebCit, and there is no apache or nginx - clean ubuntu server install.
The issue are the other mail ports (265, 143, 587, etc)
BR,
Branco
Tue Oct 15 2019 16:53:28 EDT from warbaby @ Uncensored Subject: Re: Unable to bind ports..user rights issue?kill apache or nginx or whatever you have listening on 80 and 443, then try to start it again.
Tue Oct 15 2019 03:00:40 PM EDT from branco @ Uncensored Subject: Unable to bind ports..user rights issue?Hi guys,
I have recently installed Citadel using the easy install, everything appears to work except the opening of ports.
When i start the server i get this message in the console:
citserver[1632]: extensions: Citadel had trouble on starting up. We couldn't bind all ports you configured to be provided by Citadel Server.
This means, Citadel won't be the service provider for a specific service you configured it to.
If you don't want Citadel to provide these services, turn them off in WebCit via: "Admin->System Preferences->Network".
The failed ports and sockets are: extensions: TCP port 0.0.0.0:504: (citadel-TCP) ;extensions: TCP port 0.0.0.0:143: (IMAP) ;extensions: TCP port 0.0.0.0:993: (IMAPS) ;extensions: TCP port 0.0.0.0:119: (NNTP) ;extensions: TCP port 0.0.0.0:563: (NNTPS) ;extensions: TCP port 0.0.0.0:110: (POP3) ;extensions: TCP port 0.0.0.0:995: (POP3S) ;extensions: TCP port 0.0.0.0:25: (SMTP-MTA) ;extensions: TCP port 0.0.0.0:587: (SMTP-MSA)
If you want Citadel to provide you with that functionality, check the output of "netstat -lnp" on Linux, or "netstat -na" on BSD and disable the program that binds these ports.
To make both ways actualy take place restart the citserver with "sendcommand down"
The errors returned by the system were:
Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied; Can't bind: Permission denied
Is this a user rights issue? I created the user citadel during the installation process and gave it ownership of the entire /usr/local/citadel folder.
Web interface works fine and I've setup all required ports there, but it looks like citadel is not listening on any of them:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2020 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6010 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 172.31.46.125:68 0.0.0.0:*
Any help will be greatly appreciated.
Cheers,
Branco
Subject: Re: Unable to bind ports..user rights issue?
As I am having a related problem,
the question arises - does rebooting the system affect the port bindings ?
the reason I ask is that my system binds ports okay only on system boot
but anytime I use the "restart now" inside webcit > administration citserver abandons everything.
( ports 80 and 443 are bound by webcit, not citserver)
Tue Oct 15 2019 18:09:48 EDT from branco @ Uncensored Subject: Re: Unable to bind ports..user rights issue?Ports 80 and 443 are fine, i can connect to WebCit, and there is no apache or nginx - clean ubuntu server install.
The issue are the other mail ports (265, 143, 587, etc)
BR,
Branco
Looks like a Houdini moment.
In exasperation issued the STARTTLS command into a telnet test and the response was:
root@myoldmail:~# telnet xx.xx.xxx.xxx 25
Trying xx.xx.xxx.xxx...
Connected to xx.xx.xxx.xxx.
Escape character is '^]'.
220 mynewmail.org ESMTP Citadel server ready.
ehlo home
250-Hello home (xx.xx.xxx.xxx [xx.xx.xxx.xxx])
250-HELP
250-SIZE 10485760
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
STARTTLS
220 Begin TLS negotiation now
^C
huh.
If so then the only thing missing is the advertisement,
250 STARTTLS
which may be just a cosmetic requirement ?:
According to ssl-tools.net the STARTTLS is working as needed but this is dubious - no email was 250actually sent..
Some method to require encryption for all inbound might be nice but not sure if that is even realistic...
Mon Oct 14 2019 15:57:06 EDT from TheOneLaw @ Uncensored Subject: Re: STARTTLS on SMTP port 25STARTTLS also missing
on DEBIAN BUSTER via easy-install.
wondering if this implicates anything important:
(from Debian stretch effort)
/usr/bin/ld: warning: libssl.so.1.0.2, needed by /usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcurl.so, may conflict with libssl.so.1.1
/usr/bin/ld: warning: libcrypto.so.1.0.2, needed by /usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1
Looks like port 25 has STARTTLS but nobody uses it due to the missing line?:
....citserver[519]: context: session (SMTP-MTA) started from ssl-tools.net...
Bail...
Wed Oct 16 2019 12:25:48 EDT from TheOneLaw @ Uncensored Subject: Re: STARTTLS on SMTP port 25Looks like a Houdini moment.
In exasperation issued the STARTTLS command into a telnet test and the response was:
root@myoldmail:~# telnet xx.xx.xxx.xxx 25
Trying xx.xx.xxx.xxx...
Connected to xx.xx.xxx.xxx.
Escape character is '^]'.
220 mynewmail.org ESMTP Citadel server ready.
ehlo home
250-Hello home (xx.xx.xxx.xxx [xx.xx.xxx.xxx])
250-HELP
250-SIZE 10485760
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
STARTTLS
220 Begin TLS negotiation now
^Chuh.
If so then the only thing missing is the advertisement,
250 STARTTLS
which may be just a cosmetic requirement ?:
According to ssl-tools.net the STARTTLS is working as needed but this is dubious - no email was 250actually sent..
Some method to require encryption for all inbound might be nice but not sure if that is even realistic...
Subject: SMTP MSA on Port 25 serving SMTP MTA inbound connections
I was truly hoping this would not be necessary,
but it does appear that
c3rebro2
found the best answer which simply looks like this:
It does seem to work with most of the mail servers I need to receive from,
now they choose to use encryption during SMTP connections,
unlike how they connected on the MTA port - bareskin naked with no encryption at all.
Works for now, hope this helps someone.
Sat Jun 08 2019 18:14:39 EDT from c3rebro2 @ UncensoredYeah - you're right. Maybe i should have left it alone.
I now reverted all changes (restored a full server backup after the -self modified- install scripts messed up the system with several changes).
The final solution currently looks really weird to me but seem to work:
- Network configuration: I re-mapped my msa port 587 to the mta port 25 in the wan to lan rules.
- In Citadel: i disabled the mta port 25 completely and changed the msa port to 25.
I have really no clue if this is how it is supposed to be. but: if i now send a mail to myself from e.g. gmail, gmx or company account i can see the starttls init procedure which was missing before. Iam really too lazy to switch to a postfix, dovecot and roundcube setup (including migration of gigs of mail data).