0 files
Subject: Re: Problem/possible bug? - Latest Citadel on Ubuntu 10.10 64-bit
Tue May 15 2012 14:24:00 EDT from chuckf @ Uncensored Subject: Problem/possible bug? - Latest Citadel on Ubuntu 10.10 64-bitI have a customer running citadel as their MTA. They communicate on a regular basis with FedEx. After applying the recent release via 'apt-get dist-upgrade' they have been having trouble getting email to fedex.
FedEx has 3 MX servers listed and the first, by design, always fails with 'Connection Refused'. Each of the MX entries is mapped to multiple IP addresses rather than them having each and every IP listed as a separate MX.
For some reason the latest citadel will not go to the next MX in the list. My workaround was to hardcode a fake entry into the local bind server to remap the first MX addresses to the secondary MX addresses. I'm not really sure why this broke if it is because fedex.com's DNS is misconfigured (my guess) or if something is failing. It seems as though once the 'Connection Refused' happens, citadel throws the message away without any error bounces and never tries the next MX.
Can anyone please advise?
Best,
Chuck
fixed; please upgrade. Thanks for reporting.
Subject: Re: Problem/possible bug? - Latest Citadel on Ubuntu 10.10 64-bit
Wed May 23 2012 08:07:13 EDT from dothebart @ Uncensored Subject: Re: Problem/possible bug? - Latest Citadel on Ubuntu 10.10 64-bit
Tue May 15 2012 14:24:00 EDT from chuckf @ Uncensored Subject: Problem/possible bug? - Latest Citadel on Ubuntu 10.10 64-bitI have a customer running citadel as their MTA. They communicate on a regular basis with FedEx. After applying the recent release via 'apt-get dist-upgrade' they have been having trouble getting email to fedex.
FedEx has 3 MX servers listed and the first, by design, always fails with 'Connection Refused'. Each of the MX entries is mapped to multiple IP addresses rather than them having each and every IP listed as a separate MX.
For some reason the latest citadel will not go to the next MX in the list. My workaround was to hardcode a fake entry into the local bind server to remap the first MX addresses to the secondary MX addresses. I'm not really sure why this broke if it is because fedex.com's DNS is misconfigured (my guess) or if something is failing. It seems as though once the 'Connection Refused' happens, citadel throws the message away without any error bounces and never tries the next MX.
Can anyone please advise?
Best,
Chuck
fixed; please upgrade. Thanks for reporting.
Thanks for such a quick response.
Best,
Chuck
Hi, I´d like to know if someone has translated webcit and citadel into spanish?
Thanks.
Thu May 24 2012 11:09:58 EDT from mac @ Uncensored Subject: Spanish translationHi, I´d like to know if someone has translated webcit and citadel into spanish?
Thanks.
the current state of the spanish translation:
https://translations.launchpad.net/citadel/trunk/+lang/es
75%
be welcome to revalidate the first 75% and add the missing 25 % ;-)
Subject: block brute-force-attacks on citadel-server
Some time ago I asked if there were any way to block hosts which are
trying to connect too often in too short time to my server with wrong
creditentials. fail2ban offers a regex-based way to do this, but you
need to know the IP of the connecting host.
Citadel does not log those IPs I think. The only thing is, that it
throws out the IP on connecting like:
Client 0/4/8.05 () from x.x.x.x
Furthermore it shows messages, but without the host/IP as:
Valid User, bad password:
Bad password specified for <USER>
Invalid User:
error: 1 <Invalid recipient: USER>
Valid User:
<USER> logged in
Please add the hostname as something like "Bad password specified for
<USER> from x.x.x.x" to be able to use some kind of host-based banning
with iptables/fail2ban.
Henning
Wed Feb 22 2012 17:14:10 EST from "K. Grishnak" <henne.gwath@gmx.de> to
room_Citadel_Support@uncensored.citadel.org:
Hi,
Is there a way to block brute-force attacks on a citadel-server? I think
it does not log the ip-addresses of hosts who try to connect, so it
seems difficult with iptables/fail2ban. Acually I run citadel version
8.04, maybe this feature yet was realized in the newest version.
Someone does know?
Kind regards,
Henning
Subject: Re: block brute-force-attacks on citadel-server
since 8.10:
CON_syslog(LOG_WARNING, "Bad password specified for <%s> Service <%s> Port <%ld> Remote <%s / %s>\n",
CCC->curr_user,
CCC->ServiceName,
CCC->tcp_port,
CCC->cs_host,
CCC->cs_addr);
//citserver[5610]: Bad password specified for <willi> Service <citadel-TCP> Remote <PotzBlitz / >
in case of smtp the address should be there.
Subject: Re: block brute-force-attacks on citadel-server
smtp:
syslog((LOG_MAIL | LOG_INFO),
"%ld: from=<%s>, nrcpts=%d, relay=%s [%s], stat=%s",
msgnum,
sSMTP->from,
sSMTP->number_of_recipients,
CC->cs_host,
CC->cs_addr,
result
);
where result can be
if (msgnum > 0L) {
sprintf(result, "250 Message accepted.\r\n");
}
else {
sprintf(result, "550 Internal delivery error\r\n");
}
if (scan_errors > 0) { /* We don't want this message! */
if (msg->cm_fields['0'] == NULL) {
msg->cm_fields['0'] = strdup("Message rejected by filter");
}
sprintf(result, "550 %s\r\n", msg->cm_fields['0']);
here could alternatively to 'Message rejected by filter' be the error message of the spam facility.
}
so
stat=550
should be your trigger here.
Subject: Re: [Citadel Support] Re: block brute-force-attacks on citadel-server
Am 25.05.2012 11:02, schrieb dothebart:
since 8.10:
CON_syslog(LOG_WARNING, "Bad password specified for <%s> Service <%s>
Port <%ld> Remote <%s / %s>\n",
CCC->curr_user,
CCC->ServiceName,
CCC->tcp_port,
CCC->cs_host,
CCC->cs_addr);
//citserver[5610]: Bad password specified for <willi> Service <citadel-TCP>
Remote <PotzBlitz / >
in case of smtp the address should be there.
Subject: Re: [Citadel Support] Re: block brute-force-attacks on citadel-server
when you have some working rules, would you like to write a littel howto citadel <-> fail2ban?
Subject: Re: [Citadel Support] Re: block brute-force-attacks on citadel-server
If you first explain me some more things I'll do it. If I try to login
with some existing username but wrong password I get
the new logline (citadel 8.11), but without content:
Context: Bad password specified for <USER> Service <citadel-UDS> Port
<0> Remote < / >
I think this is due to HTTPS/SSL. Can I get the IP anyway?
Henning
Am 25.05.2012 11:43, schrieb dothebart:
when you have some working rules, would you like to write a littel howto citadel
<-> fail2ban?
Subject: Re: [Citadel Support] Re: block brute-force-attacks on citadel-server
I guess webcit didn't fill in the ip here already...
citadel-tcp is port 504.
Hey guys,
Any idea why my freshly-installed-from-debs Citadel server would work fine under firefox but "Not found" is displayed under Chrome?
Thanks
are you installing with an apache/nginx proxy?
Hello everybody
i have a few issues when i try to make an apt-get upgrade
insserv: Starting webcit depends on nxsensor and therefore on system facility `$all' which can not be true!
insserv: Starting citadel depends on nxsensor and therefore on system facility `$all' which can not be true!
insserv: Starting webcit depends on nxsensor and therefore on system facility `$all' which can not be true!
insserv: Starting citadel depends on nxsensor and therefore on system facility `$all' which can not be true!
i also noticed that webcit doesn't start automacly after a server reboot, i have to make an
/etc/init.d/webcit start
i used the easyinstall , and i allready tried to reinstall
thank you for you help :-)
Subject: Re: webcit & citadel start
Hello Again
i solved it, it was some conflict with my wmware player !
sorry for my post
I'm not. Should I?
I need to use subaddressing / address tags for an application on my Server. Subaddressing or Address tags refers to the abiity to send email appended with extra info, eg if my email address is info@email.com, I can send mail to info-responder@email.com, or info+responder@email.com and the email will be accepted, with the address tag in place so that I can use it from an application.
Does anyone know if Virtualmin supports this functionality. I know Zimbra supports them but I have been looking at Citadel and VirtualMin, as I am using Webmin already. I can't find any info about support for address tags for either Citadel or Virtualmin.
TIA
Subject: libcitadel-8.11 missing from downloads
I saw in Citanews that there was a new release.
The libcitadel-8.11.tar.gz file appears to missing from the actual source server...citadel-8.11.tar.gz and webcit-8.11.tar.gz are both there, but libcitadel results in a "not found".
Subject: Re: Subaddress or Address tags???
Mon May 28 2012 23:12:52 EDT from kafmil @ Uncensored Subject: Subaddress or Address tags???I need to use subaddressing / address tags for an application on my Server. Subaddressing or Address tags refers to the abiity to send email appended with extra info, eg if my email address is info@email.com, I can send mail to info-responder@email.com, or info+responder@email.com and the email will be accepted, with the address tag in place so that I can use it from an application.
Does anyone know if Virtualmin supports this functionality. I know Zimbra supports them but I have been looking at Citadel and VirtualMin, as I am using Webmin already. I can't find any info about support for address tags for either Citadel or Virtualmin.
TIA
if you mean something like http://www.everything-mdaemon.com/mdaemon/a-subaddressing-introduction , this is possible in citadel with a shared / public maileable room.
have a look at:
http://www.citadel.org/doku.php?id=faq:everydayuse:how_do_i_post_messages_via_smtp_mail_into_a_room#how.do.i.post.messages.via.smtp.mail.into.a.room
http://www.citadel.org/doku.php?id=faq:everydayuse:how_do_i_beautify_the_mailname_of_a_public_room#how.do.i.beautify.the.mailname.of.a.public.room
as you might have already noted, this is the citadel support forum, not the virtualmin forum. you will have to ask that question else where.