Sorry. It is working now. Despite my VPS provider says no, I think that them were blocking the emails. I was sending bursts of benign emails.
Dear All,
I think that is a compability probelm of Citadel with Thunderbird email client.
After several steps to try to solve the problem I found that Citadel is not compatible with the last version of Thunderbird.
I tried Linux (Centos 9) and Windows Thunderbird. I tried my affiliation network and with my mobile hotspot.
I can send emails with my Android email client.
I am thinking to make a downgrade of Thundrbird. I have there all my emails from always.
But first I have to backup everything of Thunderbird. Time consuming task.
Some help is needed.
Luis Gonçalves
Hi everyone,
I checked the documentation on how to change the log level (e.g. to x5) but I do not know how to configure it with my debian system. It must be a very simple citserver command. Any help appreciated.
Michael
Agreed - switching off self-service user account creation was the first
thing that I did, even before they started appearing, along with setting
new accounts as Problem User and disabling email - this latter being, I
suspect the reason for the new users.
However, another new account has been created since then.
Is there a setting somewhere to block IP numbers or ranges? Not a
complete solution, but it might at least slow repeat offenders down.
This is concerning. There should be no way for new, unauthorized accounts to appear if self service user account creation is disabled. If you could provide some sample data -- logs of their creation would be best but even transcripts of messages from the Aide would be useful -- that might shed some light on what is happening.
As for blocking ranges of IP addresses, you can do that with an `iptables` command on your host system -- not in Citadel.
Hi there I installed Citadel today. My group is weak in English.
Requires installing the native language, in my case Polish. Is
this possible? if so, how to do it?
What is the country code and/or language code for Polish? We can look to see if that is a language pack that is included. If not would you be willing to help write or improve it?
I'm forwarding mail from another domain to one mailbox on my
citadel server.. I'd like to be able to reply to the emails with
the forwarded domain name instead of the citadel server domain..
is this possible?
Not likely to work with Citadel or any other mail system, unless the other domain has your system listed in its own SPF and DKIM records. Otherwise your outbound email will be assumed to be a forgery by the receiving mail systems.
I checked the documentation on how to change the log level (e.g.
to x5) but I do not know how to configure it with my debian
system. It must be a very simple citserver command. Any help
appreciated.
Citadel Server sends out logs at "every" log level. You have to configure your syslog program (syslogd, rsyslogd, systemd-journal, etc) to do something with the higher level logs.
I have been able to access successfully with thunderbird desktop mail client, but mobile phone always returns: could not connect to server.
I am rnning the container on a raspberry pi server, I mapped all the ports published by the container and forwarded the relevant ones on my router. I have a DDNS for my domain name and sending/recieving is working fine from my desktop thunderbird whether I do that from within the LAN or from out in the WAN.
I'm sure it is something simple and retarded that I am doin, just cannot work it out.
Thanks in advance for any suggestions.
i have not done it in a while, but i just used IMAP when i did. K-9Mail.
Sun Sep 15 2024 01:35:43 EDT from flexistrengthI have read through every message in citadel suppor, but could find nowhere where anyone knows how to access their citadel server with android mail app.
I have been able to access successfully with thunderbird desktop mail client, but mobile phone always returns: could not connect to server.
I am rnning the container on a raspberry pi server, I mapped all the ports published by the container and forwarded the relevant ones on my router. I have a DDNS for my domain name and sending/recieving is working fine from my desktop thunderbird whether I do that from within the LAN or from out in the WAN.
I'm sure it is something simple and retarded that I am doin, just cannot work it out.
Thanks in advance for any suggestions.
Here's an example of a message from Aide.
New user account <nobody> has been created, from host 185.171.202.9.rev.dyjix.eu [185.171.202.9].
I'll go through and add these IPs to IPtables.
Subject: trouble connecting to server from mobile phone
I haven't tried that particular app. It shouldn't make a difference. Thunderbird seems to find it on desktop with IMAP.
I might try another app later, but so far 2 different android and one ios device "cannot connect to server".
Subject: Re: trouble connecting to server from mobile phone
Dumb question, can you get to the web interface on the phone? Almost sounds like a network issue with your mobile carrier, not a citadel one ( since you can do imap from your desktop )
Once upon a time, one of the ISPs i had blocked incoming on several ports on a 'home connection' so i was unable to run a mail server, unless i bought a static IP. They also blocked a couple of outgoing ( but 80 and 22 were open for incoming, oddly enough ) My current ISP, we have a 'neighborhood NAT' which kills *all* incoming, again, unless you by static.
Not saying that is it, but it would be my first test, to see if i could get to web ports.. then purely to the ports ( no client. just the port )
Mon Sep 16 2024 11:19:34 EDT from flexistrength Subject: trouble connecting to server from mobile phoneI haven't tried that particular app. It shouldn't make a difference. Thunderbird seems to find it on desktop with IMAP.
I might try another app later, but so far 2 different android and one ios device "cannot connect to server".
Here's an example of a message from Aide.
New user account <nobody> has been created, from host 185.171.202.9.rev.dyjix.eu [185.171.202.9].
This is baffling. If you have self-service account creation turned off, there should be no way to do this.
Unless ... you are using host system authentication, or LDAP authentication, instead of Citadel's self-contained authentication? Are the names of the accounts (such as "nobody") the names of accounts from your host system or LDAP authentication source, and never some unknown name?
Because if that's the case, then it's possible that our shithead intruders are trying names that are likely to exist (nobody, www, sshd, uucp, mail, news, etc) and they do exist so Citadel creates matching accounts ... but unless the intruder knows the password, it will only create the account, but they won't actually be able to log in.
Is it possible that this is what's happening?
Subject: Re: trouble connecting to server from mobile phone
Once upon a time, one of the ISPs i had blocked incoming on several ports on a 'home connection' so i was unable to run a mail server, unless i bought a static IP. They also blocked a couple of outgoing ( but 80 and 22 were open for incoming, oddly enough ) My current ISP, we have a 'neighborhood NAT' which kills *all* incoming, again, unless you by static.
That might be it. Maybe try it with your phone on wifi, using an IP address that works from the desktop. Are you self-hosting Citadel behind a retail grade Internet connection, or are you running it at a data center with commercial Internet service?
Hi, I need help with spamassassin.. It marks the spam correct but is not adding the ** SPAM ** flag to the subject.. please help.. this has never worked since day 1.
Craig.
SAMPLE EMAIL-
Subject: You have been selected to win a Chanel Perfume from Boots! Message-ID: <138431787230895.8.PZH1682504663@marketstandard.click> From: "Boots" <Chanel.Perfume-hwp@marketstandard.click> X-Spam-Level: ******* X-Spam-Status: True, score=7.4 required=2.0
CONFIG -
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject [***** SPAM _SCORE_ *****] # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # trusted_networks 212.17.35. # Set file-locking method (flock is not safe over NFS, but is faster) # # lock_method flock # Set the threshold at which a message is considered spam (default: 5.0) # required_score 2.0 # Use Bayesian classifier (default: 1) # use_bayes 1 # Bayesian classifier auto-learning (default: 1) # bayes_auto_learn 1
Dear All,
I managed to access my WebCit with port 443 (https) when WebCit is in another port. Using the Proxy in Apache.
I have a colocated Apache web server in the same server.
I access like:
https://mydomain.net/courrier/
As I seen in the Apache logs when some icons are accessed in the server are like this:
GET /static/webcit_icons/citadel-button-32x32.gif
with error 404
and others are accessed as:
GET /courrier/static/webcit_icons/essen/16x16/delete.png
with success.
Then there are many icons missing. It works fine but without many icons.
Thanks,
Luís Gonçalves.
PS If some maintainer of Citadel wants to have my Proxy settings can contact me to my email. I used the http WebCit. The Proxy points to http WebCit.
Then the result is this:
I realize its not the same setup you have, so may not translate or even be the same issue, but i found that many of my internal sites would lose stuff like that unless i turned on websocket support in my NGINX proxy for that particular application.
If i dont use httpS it didn't seem to care and worked ok, but if i did mandate SSL ( Which i do ), i had to turn that on.
I tried the websockets with:
ProxyPass /courrier/ ws://127.0.0.1:xxxx/
ProxyPassReverse /courrier/ ws://127.0.0.1:xxxx/
And gave the same problem.
Thu Sep 19 2024 14:39:40 EDT from Nurb432I realize its not the same setup you have, so may not translate or even be the same issue, but i found that many of my internal sites would lose stuff like that unless i turned on websocket support in my NGINX proxy for that particular application.
If i dont use httpS it didn't seem to care and worked ok, but if i did mandate SSL ( Which i do ), i had to turn that on.
Subject: Re: Ask for correction in WebCit software.
I managed to access my WebCit with port 443 (https) when WebCit
is in another port. Using the Proxy in Apache.
In the current implementation of WebCit, if you want to share the web server port with another web server, the best way to do it is to set up the proxied WebCit as a VirtualHost in Apache. Trying to make it work by URL prefix will not work. We've tried to get that working in the past but the code is just too tangled.
The rewrite of WebCit that is currently in development will allow this because we were very strict about putting the "/ctdl/" prefix in front of the whole system. But that version won't be ready until at least next year, so I don't want to go too far down the Osborne Effect road :)
Just set up an alias and use VirtualHost+ProxyPass. That will definitely work.
Dear All,
I implemented with VirtualHost+ProxyPass. I did not used the Key word "Alias" but:
ProxyPass /courrier/ ws://127.0.0.1:xxxx/
ProxyPassReverse /courrier/ ws://127.0.0.1:xxxx/
with xxxx the port of http WebCit.
And it is full funcional but some (many) missing icons. It works very well. I am pleased that you will solve that problem in the next release.
Thanks,
Luis.
Fri Sep 20 2024 09:25:48 EDT from IGnatius T Foobar Subject: Re: Ask for correction in WebCit software.I managed to access my WebCit with port 443 (https) when WebCit
is in another port. Using the Proxy in Apache.
In the current implementation of WebCit, if you want to share the web server port with another web server, the best way to do it is to set up the proxied WebCit as a VirtualHost in Apache. Trying to make it work by URL prefix will not work. We've tried to get that working in the past but the code is just too tangled.
The rewrite of WebCit that is currently in development will allow this because we were very strict about putting the "/ctdl/" prefix in front of the whole system. But that version won't be ready until at least next year, so I don't want to go too far down the Osborne Effect road :)
Just set up an alias and use VirtualHost+ProxyPass. That will definitely work.
Subject: Re: Ask for correction in WebCit software.
I implemented with VirtualHost+ProxyPass. I did not used the Key
word "Alias" but:
ProxyPass /courrier/ ws://127.0.0.1:xxxx/
ProxyPassReverse /courrier/ ws://127.0.0.1:xxxx/
If you are using a VirtualHost you should proxy the root, not "/courrier".
Just push the whole site through unchanged.