Yes that wiki trick is clever.

Can you tell me what is happening here. I am using Let's Encrypt from: https://citadel.org/sslcertificates.html

telnet mail.hansaray.pw 587                                                                0.977s (master) 20:54
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.
~/P/go.hansaray.pw►telnet mail.hansaray.pw 587                                                                  27.261s (master) 21:10
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.
~/P/go.hansaray.pw►telnet mail.hansaray.pw 25                                                                    22.01s (master) 21:12
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
helo
250 Hello  (37.155.91.16 [37.155.91.16])
starttls
554 TLS not supported here
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
 

Wed Apr 02 2025 17:55:23 UTC from IGnatius T Foobar Subject: Re: _BASEROOM_

How did you change the Lobby /dotskip?room=_BASEROOM_  to
wiki?page=home?

webcit has a "-g" flag that will enter its value as the first command sent to it. (The container has a similar flag that will pass it along to webcit.)
So you can do something like

webcit [other commands] -g "/dotgoto?room=Welcome to UNCENSORED!"

You can put anything in there you want. I chose to go with the welcome wiki because we can control exactly what it says on the front page.

I like that, but How?
Do I modify the docker run command? Can you post an example please?

See it works fine for webcit. You can see it here: https://mail.hansaray.pw/

Wed Apr 02 2025 18:24:01 UTC from TaMeR

 

Yes that wiki trick is clever.

Can you tell me what is happening here. I am using Let's Encrypt from: https://citadel.org/sslcertificates.html

telnet mail.hansaray.pw 587                                                                0.977s (master) 20:54
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.
~/P/go.hansaray.pw►telnet mail.hansaray.pw 587                                                                  27.261s (master) 21:10
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.
~/P/go.hansaray.pw►telnet mail.hansaray.pw 25                                                                    22.01s (master) 21:12
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
helo
250 Hello  (37.155.91.16 [37.155.91.16])
starttls
554 TLS not supported here
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
 

 

lighttpd webserver to proxy webcit

 Make sure you have set the host IP 127.0.1.2 to mail.example.net

server.modules += ( "mod_proxy", "mod_openssl" )

$HTTP["host"] == "mail.example.net" { proxy.balance = "hash" proxy.server = ( "" => ( "citadel" => ( "host" => "127.0.1.2", "port" => "8080" ) ) ) ssl.pemfile = "/etc/letsencrypt/live/mail.example.net/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/mail.example.net/privkey.pem" }
 

Something is wrong with the ssl. Hope you can help out.

openssl s_client -debug -starttls smtp -crlf -connect mail.hansaray.pw:587                                                  01:25
Connecting to 107.189.21.115
CONNECTED(00000003)
read from 0x5613738ac620 [0x5613738ab340] (4096 bytes => 50 (0x32))
0000 - 32 32 30 20 6d 61 69 6c-2e 68 61 6e 73 61 72 61   220 mail.hansara
0010 - 79 2e 70 77 20 45 53 4d-54 50 20 43 69 74 61 64   y.pw ESMTP Citad
0020 - 65 6c 20 73 65 72 76 65-72 20 72 65 61 64 79 2e   el server ready.
0030 - 0d 0a                                             ..
write to 0x5613738ac620 [0x5613738adae0] (23 bytes => 23 (0x17))
0000 - 45 48 4c 4f 20 6d 61 69-6c 2e 65 78 61 6d 70 6c   EHLO mail.exampl
0010 - 65 2e 63 6f 6d 0d 0a                              e.com..
read from 0x5613738ac620 [0x5613738ab340] (4096 bytes => 58 (0x3A))
0000 - 32 35 30 2d 48 65 6c 6c-6f 20 6d 61 69 6c 2e 65   250-Hello mail.e
0010 - 78 61 6d 70 6c 65 2e 63-6f 6d 20 28 33 37 2e 31   xample.com (37.1
0020 - 35 35 2e 39 31 2e 31 36-20 5b 33 37 2e 31 35 35   55.91.16 [37.155
0030 - 2e 39 31 2e 31 36 5d 29-0d 0a                     .91.16])..
read from 0x5613738ac620 [0x5613738ab340] (4096 bytes => 101 (0x65))
0000 - 32 35 30 2d 48 45 4c 50-0d 0a 32 35 30 2d 53 49   250-HELP..250-SI
0010 - 5a 45 20 31 30 34 38 35-37 36 30 0d 0a 32 35 30   ZE 10485760..250
0020 - 2d 53 54 41 52 54 54 4c-53 0d 0a 32 35 30 2d 41   -STARTTLS..250-A
0030 - 55 54 48 20 4c 4f 47 49-4e 20 50 4c 41 49 4e 0d   UTH LOGIN PLAIN.
0040 - 0a 32 35 30 2d 41 55 54-48 3d 4c 4f 47 49 4e 20   .250-AUTH=LOGIN 
0050 - 50 4c 41 49 4e 0d 0a 32-35 30 20 38 42 49 54 4d   PLAIN..250 8BITM
0060 - 49 4d 45 0d 0a                                    IME..
write to 0x5613738ac620 [0x7ffc42ccb550] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 0x5613738ac620 [0x5613738505e0] (8192 bytes => 28 (0x1C))
0000 - 35 35 34 20 54 4c 53 20-6e 6f 74 20 73 75 70 70   554 TLS not supp
0010 - 6f 72 74 65 64 20 68 65-72 65 0d 0a               orted here..
write to 0x5613738ac620 [0x5613738b2e40] (324 bytes => 324 (0x144))
0000 - 16 03 01 01 3f 01 00 01-3b 03 03 b3 32 d1 80 5e   ....?...;...2..^
0010 - 7a a7 90 f7 b1 0c a2 6c-1b 62 66 6e de fd 93 fe   z......l.bfn....
0020 - 8a 58 25 2e 6a 30 38 7e-34 7c 5e 20 8c 6b 4f ea   .X%.j08~4|^ .kO.
0030 - 6a 33 68 af 6e 49 a9 52-f1 cc 90 15 00 26 35 f2   j3h.nI.R.....&5.
0040 - 6c 1e 8a 38 3d 5b 01 6e-76 de 86 29 00 3e 13 02   l..8=[.nv..).>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa   .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27   .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d   .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 b4   ...=. 0)

Dear All,

I want to configure my server with "Fully qualified domain name".

The email subdomain will be mail.host.net  (as an example).

There is a setting of "Fully qualified domain name" in the Citadel.

I have several questions:

1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?

2nd What to put in the below setting? "host.net"?

3th I suppose I must set my DNS registry to answer also to "mail.host.net"

4th I suppose I must put the reverse DNS as "mail.host.net"

5th In the email client configuration the servers will be "mail.host.net".

Thank you for the possible answers,

Luís Gonçalves.

Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.

Dear All,

I want to configure my server with "Fully qualified domain name".

The email subdomain will be mail.host.net  (as an example).

There is a setting of "Fully qualified domain name" in the Citadel.

I have several questions:

1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?

2nd What to put in the below setting? "host.net"?

Local host aliases

(domains for which this host receives mail)

3th I suppose I must set my DNS registry to answer also to "mail.host.net"

4th I suppose I must put the reverse DNS as "mail.host.net"

5th In the email client configuration the servers will be "mail.host.net".

Thank you for the possible answers,

Luís Gonçalves.

I forgot to ask.

And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?

Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.

 

Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.

Dear All,

I want to configure my server with "Fully qualified domain name".

The email subdomain will be mail.host.net  (as an example).

There is a setting of "Fully qualified domain name" in the Citadel.

I have several questions:

1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?

Yes,

1. Just go in to the mail.host.net/select_user_to_edit
2. Select user from "Edit or Delete users"
3. Select Edit configuration
4. modify Primary Internet e-mail address to xxx@host.net
5. below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net

2nd What to put in the below setting? "host.net"?

Local host aliases

(domains for which this host receives mail)

Yes, You can add multiples, separate with coma such as host.net, mail.host.net

3th I suppose I must set my DNS registry to answer also to "mail.host.net"

Yes

4th I suppose I must put the reverse DNS as "mail.host.net"

Yes

5th In the email client configuration the servers will be "mail.host.net".

Yes

Thank you for the possible answers,

Luís Gonçalves.

 

I forgot to ask.

And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?

And a new DKIM key will be generated or it will be the same?

Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.

 

Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.

Dear All,

I want to configure my server with "Fully qualified domain name".

The email subdomain will be mail.host.net  (as an example).

There is a setting of "Fully qualified domain name" in the Citadel.

I have several questions:

1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?

Yes,

1. Just go in to the mail.host.net/select_user_to_edit
2. Select user from "Edit or Delete users"
3. Select Edit configuration
4. modify Primary Internet e-mail address to xxx@host.net
5. below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net

2nd What to put in the below setting? "host.net"?

Local host aliases

(domains for which this host receives mail)

Yes, You can add multiples, separate with coma such as host.net, mail.host.net

3th I suppose I must set my DNS registry to answer also to "mail.host.net"

Yes

4th I suppose I must put the reverse DNS as "mail.host.net"

Yes

5th In the email client configuration the servers will be "mail.host.net".

Yes

Thank you for the possible answers,

Luís Gonçalves.

 

And a new DKIM key will be generated or it will be the same?

The DKIM key should not change.
However it will be posted to the AIDE room if there is a change. For example if you add a new alias domain, you will get a new DKIM post in to the AIDE room for the new domain.

Where are the webcit static files? In docker that is.
I can't find them anywhere, well the find command can't find them.

They should be in /usr/local/webcit/static but that directory is completely empty.

I still haven't figured out why STARTTLS isn't supported here?

Following is the output:

telnet mail.hansaray.pw 587                                                                                     1635.108s 15:23
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.

I still haven't figured out why STARTTLS isn't working here.

Following is the output:

telnet mail.hansaray.pw 587                                                                                     1635.108s 15:23
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello  (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.

Fri Apr 04 2025 12:18:28 UTC from TaMeR Subject: webcit static files?

Where are the webcit static files? In docker that is.
I can't find them anywhere, well the find command can't find them.

They should be in /usr/local/webcit/static but that directory is completely empty.

I figured this out. I had added a volume and that removed it of coarse. I know I am an idiot.
This is what I did add to docker run

  --volume=/usr/local/webcit/static:/usr/local/webcit/static \

Good morning (there),

About "And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?"

Can I put two private keys etc in the same file (/usr/local/citadel/keys/citadel.key) (and also in the other keys files)? One private key for "host.net" and other for "mail.host.net".

Thanks,

Luís.

Fri Apr 04 2025 09:40:23 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.

I forgot to ask.

 

And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?

And a new DKIM key will be generated or it will be the same?

 

Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.

 

Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.

Dear All,

I want to configure my server with "Fully qualified domain name".

The email subdomain will be mail.host.net  (as an example).

There is a setting of "Fully qualified domain name" in the Citadel.

I have several questions:

1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?

Yes,

1. Just go in to the mail.host.net/select_user_to_edit
2. Select user from "Edit or Delete users"
3. Select Edit configuration
4. modify Primary Internet e-mail address to xxx@host.net
5. below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net

2nd What to put in the below setting? "host.net"?

Local host aliases

(domains for which this host receives mail)

Yes, You can add multiples, separate with coma such as host.net, mail.host.net

3th I suppose I must set my DNS registry to answer also to "mail.host.net"

Yes

4th I suppose I must put the reverse DNS as "mail.host.net"

Yes

5th In the email client configuration the servers will be "mail.host.net".

Yes

Thank you for the possible answers,

Luís Gonçalves.

 

 

Read this page, specially the part about contacting support.
We are not a paid employees here, and will not react kindly to demands.

Fri Apr 04 2025 13:00:11 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.

Good morning (there),

About "And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?"

 

Can I put two private keys etc in the same file (/usr/local/citadel/keys/citadel.key) (and also in the other keys files)? One private key for "host.net" and other for "mail.host.net".

Thanks,

 

 

Luís.

Fri Apr 04 2025 09:40:23 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.

I forgot to ask.

 

And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?

And a new DKIM key will be generated or it will be the same?

 

Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.

 

Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.

Dear All,

I want to configure my server with "Fully qualified domain name".

The email subdomain will be mail.host.net  (as an example).

There is a setting of "Fully qualified domain name" in the Citadel.

I have several questions:

1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?

Yes,

1. Just go in to the mail.host.net/select_user_to_edit
2. Select user from "Edit or Delete users"
3. Select Edit configuration
4. modify Primary Internet e-mail address to xxx@host.net
5. below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net

2nd What to put in the below setting? "host.net"?

Local host aliases

(domains for which this host receives mail)

Yes, You can add multiples, separate with coma such as host.net, mail.host.net

3th I suppose I must set my DNS registry to answer also to "mail.host.net"

Yes

4th I suppose I must put the reverse DNS as "mail.host.net"

Yes

5th In the email client configuration the servers will be "mail.host.net".

Yes

Thank you for the possible answers,

Luís Gonçalves.

 

 

 

Dear All,

I did not report about the follow up of this.

I changed a password of a user (not administrator but own by me). The user had a password related with the login name (equal but with some capital letters and some numbers added). I suppose that the password was gotten by brut force.

Also to answer to an old thread that I said that the Client SSL email configuration in thunderbird does not work with citadel. Some time ago I managed to put to work despite I do not know what happened before.

Thanks,

Luís Gonçalves

Sun Mar 16 2025 03:40:25 UTC from IGnatius T Foobar Subject: Re: Continually under attack.

data directory until disk full and citadel become unusable.

Please give me a solution. This way citadel become unusable.

You're either being spammed hard or someone has acquired the password to an account on your system. Didn't this happen to you before? I wonder if maybe the account they used didn't get locked down?

Really the only way to find out what's going on is to watch your syslogs and see what citserver is doing.