Subject: Re: Citadel 996 Easy Install on Debian System aborts
I am on Debian Bookworm (dietpi)
Unfortunately I don't have a "dietpi" system to test on. I did try it on regular Debian, the latest version (bookworm) on an ARM system and it completed the build without that error.
You might try running the Docker version instead of building the Easy Install.
I am running Citadel on a Raspi. I would like to keep the
installation on its SD card but would like all the data (mail
contents, ...) to be stored on an external USB SSD. Can I change the
file structure in an installed system or only at compile time?
Sure, that's pretty easy. The database is in /usr/local/citadel/data and you can just make that a symbolic link to a location on your SSD. Or if that's the only thing on your SSD then you can simply mount it there.
Thanks. In the meantime, however, I have decided to re-install Citadel directly on the SSD. In this course I discovered that in the installation script there are errors. Towards the end of the script there are absolute paths rather than the symbolic ones defined in the customizable section in the beginning. The script also does not overwrite existing systemd entries. If these have not been properly deleted before the installation won't work.
Hi, i managed to install Citadel docker image and created a few accounts. But i'm having this problem/questions
1) Can i change the language of the platform? It only shows English option.
2) I cannot update the Login icon, when i upload it, it says it Cannot open image/hello, Not such file or directory, the same with the logout logo
3) Is there any guide on configuring the News server?
Thank you all, it is great to be here.
Best regards.
I have successfully installed citadel as a local only server at the moment, i am able to get incoming mail from my production server, however, when i try to send an email to my production server, the citadel server rejects it as an invalid recipient.
i am lost, any ideas how to correct this error? I am sure it is a setting i missed somewhere
3) Is there any guide on configuring the News server?
The NNTP server was an experimental addition to the system. It is read-only, unmaintained, and unsupported.
Subject: Re: new install webmail says invalid recipient
I have successfully installed citadel as a local only server at the
moment, i am able to get incoming mail from my production server,
however, when i try to send an email to my production server, the
citadel server rejects it as an invalid recipient.
Are you using the same email domain on your local and remote servers?
If so, then Citadel will look at its own directory to determine what is and is not a valid address.
Subject: Re: new install webmail says invalid recipient
I don't think so, hmailserver runs on a windows 10 machine using grundycountymoema.com while citadel server runs on a different box under linux mint.
i do have a domain alias setup for my domain, do i need to remove it?
Hello,
I've installed Citadel on a Raspberry Pi 3B+ and seem to have done so correctly since I can receive mails.
Alas, probavly becuase I don't have a static IP and my ISP gives me random public address, outcoming mails are rejected by every recipient I tried (gmail, outlook, others..)
I read a bit here and there and it seems I might be able to avoid these blocks though a 3rd party SMTP service, so I chose Brevo.
Correct me if I'm wrong but I'm supposed to add their host (smtp-relay.brevo.com) under "Administration" -> "Domain names and Internet mail configuration" -> "Smart hosts" on the web interface of my citadel setup, right?
Problem is the host requires authentication via a login: user@domain.tld and a password: password (these are placeholders) and port:587.
Tried some combination but can't get throgh anything at Brevo, their log is empty. I'm wondering if there might be some sort of specific syntax for I don't know the user being an email address... maybe?
https://www.citadel.org/relay.html
https://www.citadel.org/mail_terms.html
Found these two guides but I'm not sure about what to input exactly or if there's another way tinkering maybe a config file manually on the Pi?
Any help would be greatly appriciated!
Thanks for hearing me out.
Problem is the host requires authentication via a login:
user@domain.tld and a password: password (these are placeholders) and
Try it like this:
smtp://user%40domain.tld@smtp-relay.brevo.com:587
Let me know if that worked and if so I'll add it to the docs; if not we'll find another workaround.
Worked like a charm!
I was on the right track: if the username is complete mail address the first @ that is find on the string is the one that is supposed to be followed by the host name.
If this is the case, yes the first @ needs to be replaced with %40
Please note that in your line you forgot the ":password" part, be sure to include that in the documentation should you decide to insert the workaround in there.
Other than that, thank you very much for the help!
I have updated https://www.citadel.org/relay.html with the above information.
If you could check that to see if it matches your experience I would be grateful.
Thank you for being a partner in developing a solution, and thank you for using Citadel. Please spread the word.
Hello,
the documentation checks out, seems clear enough and the line to add mirrors what I have used.
Least I could do, thanks again and I would be happy if this solves another's issue.
Bye!
Hey everyone,
Setting up a fresh Citadel on Ubuntu and I've got things about back to how they were a few months ago when I did a previous test -- webcit is good, got tls for webcit, and have systemd set to run the citadel text mode client when one telnets into the system.
This works, but I get an error message (that also appeared in my previous Debian test): Can't generate DH parameters: modulus too small . This message displays after "attaching to server" but before the [localhost:504] . Best I can gather is that it relates to a concept known as Denavit–Hartenberg parameters -- something I'm certainly not familiar with nor do I see in the citadel documentation. These only appear when the citadel client on my system is connecting to the local citadel server or a non-local server (like here at uncensored) - I do not see it if I use citadel-client from a WSL Ubuntu install, which makes me wonder if this is something to do with the text mode client proper? I don't know.
Toggling the only citadel.rc option which makes sense to me to relate to this, the one regarding encryption, changes nothing, so my somewhat novice self is in the dark. Help on understanding and, even better, resolving this is, of course, appreciated.
previous Debian test): Can't generate DH parameters: modulus too
small . This message displays after "attaching to server" but before
I was seeing the same error, so I decided to poke around in the code and see what it's about.
DH in this case is Diffie-Hellman. Crypto stuff involved in setting up the connection to the server, related to perfect forward secrecy. The math eludes me on exactly how this works, but suffice to say it's semi-important to generate a different set of DH parameters for each server.
It looks like the text client is generating a unique set of DH parameters client side, before establishing the connection, in the function CtdlIPC_init_OpenSSL.
The parameters get generated by calling the OpenSSL funciton DH_generate_parameters_ex.
The error occurs because textclient calls that function with a prime_len of 128, which was probably fine years ago when the text client was written, but is a bit dinky (insecure) now. The 'modulus too small' comes from OpenSSL itself.
So, I changed prime_len to 2048 and rebuilt the text client. It works, and the error no longer appears, but it takes maybe 60 seconds to generate the DH parameters on my seriously underpowered VPS. 60 seconds of me sitting there whining because I have to wait to get my uncensored fix.
This API is deprecated in openssl3 anyway. At some point the text client should be rewritten to use the newer OpenSSL APIs. Anybody want a homework assignment?
My advice: ignore it, unless you are doing banking or trading national secrets over citadel. Maybe someday it'll get fixed.
So, I changed prime_len to 2048 and rebuilt the text client. It
512 seems to work well. No error, and the related delay is only a second or so.
I was a bit overzealous with 2048. Been reading too much OpenSSL documentation.
I don't seem to have written a backup script for citadel on Ubuntu. Before coding it up, is there a existing backup script to work from?
So, I changed prime_len to 2048 and rebuilt the text client. It
512 seems to work well. No error, and the related delay is only a second or so.
I was a bit overzealous with 2048. Been reading too much OpenSSL documentation.
Thank you for this and the preceding reply explaining what is going on! Glad to know I was thinking correctly about the issue!
That said, knowing *why* it is happening makes it less annoying -- next time I feel like having some fun I'll do the rebuild with a 512 value and see how that performs for me.
Once again, thank you. ^5!
Subject: mail delivery errors - message ID header not RFC 5322 conform
Hello,
i am a long term user and requesting support for the first time.
In the last weeks i had some errors concerning the deliverability of citadel mails to different companies, caused by stricter implemented delivery rules of counterside servers.
Diagnostic-Codes were: "smtp; 550-5.7.1 [my IP] Messages missing a valid Message-ID header are not 550-5.7.1 accepted."
A closer look in my sended mail headers shows always two ">>" at the end of the message IDs, e.g. "Message-ID: <2024...5F12@dd52404....com>>", which seems to be not RFC 5322 conform.
Could you please check the source code for this bug? Why are here always two closing brackets?
Many thanks
Stefan
Subject: Re: mail delivery errors - message ID header not RFC 5322 conform
A closer look in my sended mail headers shows always two ">>" at the
end of the message IDs, e.g. "Message-ID:
<2024...5F12@dd52404....com>>", which seems to be not RFC 5322
I'm having some trouble reproducing this ... would it be possible for you to post the full headers, redacted of any privacy information if necessary?
Also please let us know how these messages are being entered into the system - from the web client, the text client, an IMAP/SMTP agent, mailing list post, etc.
If we can reproduce the problem this is definitely something we will need to correct immediately.