Please wait...
0 files
Not that it helps you any, but that is one of the main reasons i shut down all my public facing sites and now even my personal stuff has to go thru a password protected proxy, THEN a 2nd password in the app.
I let the proxy deal with the flood instead of my actual apps. Safer that way.
For a while it was pulled back to vpn only.. but the flood subsided enough to do the proxy instead.
Dear Maintainers,
I am being under attack since for two days now.
I start citadel and some time after appears .logs files in the data directory until disk full and citadel become unusable.
Please give me a solution. This way citadel become unusable.
What you need? The log files?
Thanks,
Luís.
How to save this message from DB?
If you are able to get your Citadel server running for a little while, you can just do
cd /usr/local/citadel
./sendcommand MSG2 14539
But if you can't, you might try extracting it from the database:
cd /usr/local/citadel
./ctdldump -y | grep 'msgtext|14539'
What ist best pratice for journaling mails ? Wich Mail Storage
is useful ?
Citadel doesn't define this, it just creates a mailbox that collects the journals.
Usually when someone wants to implement this function, they use a service that collects the journals using POP3. But there's no specific requirement.
data directory until disk full and citadel become unusable.
Please give me a solution. This way citadel become unusable.
You're either being spammed hard or someone has acquired the password to an account on your system. Didn't this happen to you before? I wonder if maybe the account they used didn't get locked down?
Really the only way to find out what's going on is to watch your syslogs and see what citserver is doing.
How to save this message from DB?
If you are able to get your Citadel server running for a little while, you can just do
cd /usr/local/citadel
./sendcommand MSG2 14539
But if you can't, you might try extracting it from the database:
cd /usr/local/citadel
./ctdldump -y | grep 'msgtext|14539'
The first method did not help to extract the message, not a single one. I indicated any number, the answer was "not found".
The second method received a piece of some text encrypted with base64. I decrypted it, there are pieces of some e-mails.
Where can I send this fragment? I do not want to show personal data on the forum.
Where can I send this fragment? I do not want to show personal
data on the forum.
Put it in the dropbox of your choice and send a link.
Citadel Server has deleted 32571 users, 0 messages, 1848174144 rooms, 32571 visit records, 1902681392 use table entries, and 0 EUID indices due to expire policy set on those objects.
Message in Aide. What I must do?
data directory until disk full and citadel become unusable.
Please give me a solution. This way citadel become unusable.
You're either being spammed hard or someone has acquired the password to an account on your system. Didn't this happen to you before? I wonder if maybe the account they used didn't get locked down?
Really the only way to find out what's going on is to watch your syslogs and see what citserver is doing.
Citadel Server has deleted 32571 users, 0 messages,
1848174144 rooms, 32571 visit records, 1902681392 use table
entries, and 0 EUID indices due to expire policy set on those
objects. Message in Aide. What I must do?
Lock down your system. This strongly suggests that someone is in there and is using your system to try and relay messages or something like that. Maybe you can watch the syslog to see what account is being used, but if they compromised an admin account they might be able to create more accounts.
If you're not running a public site, be sure to disable self service account creation. If you are running a public site, look around during operation and see who's logged in. Definitely don't allow new accounts permission to send Internet email if you're running an open site.
If there's a problem with the software we can find it, but this really just sounds like someone is in there who's not supposed to be, and the software is doing what it's built to do.
I changed the password of "Admin" users and I cheked "Disable self-service user account creation; Hint: do not select both!"
Let see what happens.
Citadel Server has deleted 32571 users, 0 messages,
1848174144 rooms, 32571 visit records, 1902681392 use table
entries, and 0 EUID indices due to expire policy set on those
objects. Message in Aide. What I must do?
Lock down your system. This strongly suggests that someone is in there and is using your system to try and relay messages or something like that. Maybe you can watch the syslog to see what account is being used, but if they compromised an admin account they might be able to create more accounts.
If you're not running a public site, be sure to disable self service account creation. If you are running a public site, look around during operation and see who's logged in. Definitely don't allow new accounts permission to send Internet email if you're running an open site.
If there's a problem with the software we can find it, but this really just sounds like someone is in there who's not supposed to be, and the software is doing what it's built to do.
I don't actually have any specific questions at this moment, but wanted to say that I'm here. I just setup a new Citadel instance on my network, to replace a ridiculously difficult to keep running email server, and it just instantly took over and is handling all incoming mail like an absolute champ. I even configured it for multiple domain handling, and found it to be incredibly easy to do so.
I have been a Citadel user since the mid 80's, even wrote one once. I've been known across the entire multiverse of Citadels as either "The Magician" or "PanaSonic" for the most part. Since someone I ran into recently actually called me out by the latter, that's what I chose to use here, today.
Greetings to all the Citadel 'ops and users.
I'm sure the questions will be flowing soon.
May we use the above message as a user testimony on the web site?
sure, you can use that..
I just hit "Reply Quoted" in here, to attempt to reply to your message, and instead it skipped to the next room, and lost my Ungoto history.
A new interface would be welcome, this version of WebCit seems particularly lacking. I guess my first question, then, will be, can I try out said new interface, and contribute to it? :-D
Presently just using it for an incoming email server, I need to figure out how to deal with outgoing... then i want to test it's email/calendar/contacts services with some particularly old legacy devices to see if it's compatible.
That it "just works" as an incoming email server is a big plus, though. I had a more difficult time getting it running in docker than I did setting up the email lol
I have seen that too.. but not in a reproducible manner.
I just hit "Reply Quoted" in here, to attempt to reply to your message, and instead it skipped to the next room, and lost my Ungoto history.
A new interface would be welcome, this version of WebCit seems
particularly lacking. I guess my first question, then, will be, can I
try out said new interface, and contribute to it? :-D
Well, there are some screenshots at https://www.citadel.org/roadmap.html which will give you a general idea what it looks like right now. The first thing that should be obvious is that it's laid out as a set of integrated applications rather than as a continous stream of rooms that can do different things. You'll find that it acts more like one of those "my cloud" suites than like a BBS that evolved into a groupware system. So the Mail application will look more like a real webmail, the Forums application will look more like a mainstream forums site, etc.
You can certainly try it out if you have a place to build it. There is a webcit-ng/ directory in the git repository so if you've built out a development system from source you're ready to go. If you feel you have something to contribute other than code (web layout, documentation, testing, ideas, whatever) then just say so and perhaps we can arrange for a place to do that.
As for the "reply quoted" mishap, were you in the web interface or the text interface when this happened?
I was in WebCit, I haven't sat down to figure out text interface yet, although if I open it up to other people, I certainly will, since tons of my friends are from the BBS era. :D
I'm pretty well versed in modern web dev, and I do game dev for the day job, so i'm not too bad around the various tools :)
WebCit wouldn't be too bad if the mail room would just put the pointer back in the message box after hitting "delete" :D but maybe i can find some ways to help
All of the WebCit effort is going into the rewrite. If you can get it running on your own then give it a whirl, otherwise let me know and we'll arrange something. You're going to like what you see.
Hi, I am back. It has been a while, my account here was deleted yet again, so I had to create a new one.
I don't expect anybody to remember, maybe the most memorable thing I did here was; well I had created a golang library, and sync tool for citadel. It is still available on github, and it still works. (That was 12 years ago, wow)
Anyhow, I am wondering if docker is now the preferred way to install citadel.
I was quite happy with easyinstall and would prefer it over docker. I am kind of disappointed you would push docker over Linux containers; bla bla bla
Easyinstall or Docker?
If you have a preference then go with your preference. Neither method of installation is going away anytime soon, and they both get updated on the same day whenever there is a new release.
LOL, yes that sounds crazy. You must be on your computer working on this on a daily bases.
I would loose track of a setup like that by just doing something else for a few days.
Anyhow. thanks for the quick reply.
By the way I saw you are finally working on a face lift for webcit. Way to go, I think that alone will bring more people to this project.
I was thinking of doing an citadel admin panel add on for Roundcube once many moons ago. But I hate php, specially php after version 5.
LOL, yes that sounds crazy. You must be on your computer working
on this on a daily bases.
I would loose track of a setup like that by just doing something
else for a few days.
Heh. I've gotten into the habit of documenting what I did in /root/README.txt in both the host itself and inside any container that does something non-obvious.
That way if I forget what I did I'll have a reminder ... or if someone else takes over later on they'll know what I did.
That last bit is because I'm now in my 50s and thinking that I really want both Citadel and Uncensored to outlive me, and although I am very healthy right now, we never know how much more time we've got, right? I intend to keep doing this for the rest of my life, and my Calabrese DNA makes me stubborn enough to actually do it. On the other hand, my dad's "never retire" posture was cut short by Alzheimer's disease, so we really never know how long a "forever" intention will last.
Ok that got dark fast. I'm here and I'm not stopping. And yes, you're correct, the WebCit rewrite is a huge project but I believe it will pay off. Check the screenshots at https://www.citadel.org/roadmap.html if you haven't already.