Language:
switch to room list switch to menu My folders
Go to page: First ... 20 21 22 23 [24] 25 26 27 28
[#] Mon Sep 28 2020 14:27:25 EDT from warbaby @ Uncensored

Subject: CPU Spikes.. Default admin username and the bloody Russians..

[Reply] [ReplyQuoted] [Headers] [Print]

Just found this after a new ezinstall..

I was concerned about a cpu spike from webcit.. up to 98%, but only over https.. 

I am thinking there might be some relation between that an an rsync/scp going on the same box. 

Webcit https seems to spike when an  ssl intensive activity is happening, but I didn't find it in the logs.  

But then that may only be a coincidence, since I also found  "Russians" 

[My original thinking was to leave this install as default as possible, so I didn't change the "admin" username like I usually do. But did change the password.]

Could this attack be targeted at Citadel, and Webcit specifically?

Also, what is up with UID "-1"??

Clearly from Russia..  drilling me non-stop.

[https://whatismyipaddress.com/ip/45.142.120.36]


8 18:01:08 mail citserver[437]: citserver[437]: context: [ 64]SRV[SMTP-MTA] Session ended.
Sep 28 18:01:08 mail citserver[437]: SMTP: client disconnected: ending session.
Sep 28 18:01:08 mail citserver[437]: context: [ 64]SRV[SMTP-MTA] Session ended.
Sep 28 18:01:09 mail citserver[437]: citserver[437]: context: [ 63]SRV[SMTP-MTA] Session ended.
Sep 28 18:01:09 mail citserver[437]: context: [ 63]SRV[SMTP-MTA] Session ended.
Sep 28 18:01:11 mail citserver[437]: citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:01:11 mail citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:01:11 mail citserver[437]: citserver[437]: SMTP: client disconnected: ending session.
Sep 28 18:01:11 mail citserver[437]: citserver[437]: context: [ 65]SRV[SMTP-MTA] Session ended.
Sep 28 18:01:11 mail


Sep 28 18:03:30 mail citserver[437]: citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:03:30 mail citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:03:31 mail citserver[437]: citserver[437]: SMTP: client disconnected: ending session.
Sep 28 18:03:31 mail citserver[437]: citserver[437]: context: [112]SRV[SMTP-MTA] Session ended.
Sep 28 18:03:31 mail citserver[437]: SMTP: client disconnected: ending session.
Sep 28 18:03:31 mail citserver[437]: context: [112]SRV[SMTP-MTA] Session ended.
Sep 28 18:03:33 mail citserver[437]: citserver[437]: context: [111]SRV[SMTP-MTA] Session ended.
Sep 28 18:03:33 mail citserver[437]: context: [111]SRV[SMTP-MTA] Session ended.
Sep 28 18:03:33 mail citserver[437]: citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:03:33 mail citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:03:36 mail citserver[437]: citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1
Sep 28 18:03:36 mail citserver[437]: context: session (SMTP-MTA) started from  (45.142.120.36) uid=-1


sudo ufw deny from 45.142.120.36 to any

# Note to immediately install fail2ban on any new citadel installation.



[#] Tue Sep 29 2020 19:26:10 EDT from IGnatius T Foobar @ Uncensored

Subject: Re: Remote retrieval

[Reply] [ReplyQuoted] [Headers] [Print]

Hello everyone i'm just curious under the setting for Remote
retrieval when not selecting "keep messages on server?" un checked
actually delete the waiting message? because i have done some test

If you're remote-retrieving from a POP3 server then yes, Citadel will issue a delete command to the remote server. If the option is not selected, messages will not be deleted from the remote server. However, the behavior of the remote server may default to some other behavior.

[#] Tue Sep 29 2020 19:26:57 EDT from IGnatius T Foobar @ Uncensored

Subject: Re: Apt upgrade errors with webcit

[Reply] [ReplyQuoted] [Headers] [Print]

Hi all, would anyone know why webcit is so persnickety?  Every time I apt

update/upgrade my server the below errors appear.

The packages are not exactly fresh. You might consider using our distribution (Easy Install) instead. It will operate independently of your package management system.

[#] Tue Sep 29 2020 19:28:26 EDT from IGnatius T Foobar @ Uncensored

Subject: Re: CPU Spikes.. Default admin username and the bloody Russians..

[Reply] [ReplyQuoted] [Headers] [Print]

Also, what is up with UID "-1"??

Clearly from Russia..  drilling me non-stop.


It looks to me like someone is hunting for open proxies. Why they are stuck in a loop on your site ... who knows ... maybe Citadel confuses their scanner?

UID "-1" means that there is no UID on the underlying operating system associated with the Citadel account in question.

[#] Tue Sep 29 2020 20:03:28 EDT from warbaby @ Uncensored

Subject: New Fail2ban filter for Citadel .. in the citadel Security room.

[Reply] [ReplyQuoted] [Headers] [Print]

We've been getting brute-forced quit a bit lately.  Maybe it's the Democrats, or the Red Chinese?

Anyway.. wrote a filter for you guys, because you are are very special people. and I like you a lot. 

it's in the Citadel Security Room!

- God bless

-warbaby



[#] Tue Sep 29 2020 20:10:49 EDT from warbaby @ Uncensored

Subject: Re: CPU Spikes.. Default admin username and the bloody Russians..

[Reply] [ReplyQuoted] [Headers] [Print]

I got sick of messing around with them and wrote a basic fail2ban filter, its posted in the Security room. 

Spent some time to try and determine if there was anything really specific to Citadel, as though it was being targeted..

It "felt" like it, but I can't say definitively. 

It's not hard to "enumerate" users with a big list of usernames.. try to send mail by smtp, and just keep a list of the good users for each box.. it's child's play.. we did that years and years ago..

Anyway.. trying to build some kind of real security perspectve, not just be dramatic..

:)

Also, very interesting about uid -1..  Thanks Art!

 

 

Tue Sep 29 2020 07:28:26 PM EDT from IGnatius T Foobar @ Uncensored Subject: Re: CPU Spikes.. Default admin username and the bloody Russians..
Also, what is up with UID "-1"??

Clearly from Russia..  drilling me non-stop.


It looks to me like someone is hunting for open proxies. Why they are stuck in a loop on your site ... who knows ... maybe Citadel confuses their scanner?

UID "-1" means that there is no UID on the underlying operating system associated with the Citadel account in question.

 



[#] Wed Sep 30 2020 12:39:37 EDT from rimugu @ Uncensored

Subject: Citadel language

[Reply] [ReplyQuoted] [Headers] [Print]

Hi, I just installed Citadel for use in my club ham radio mesh network.

But I wonder if Citadel is available in other languages (some don't speak English).

Regards,



[#] Thu Oct 01 2020 01:13:10 EDT from spbear50 @ Uncensored

Subject: I installed citadel. How do I open admin area?

[Reply] [ReplyQuoted] [Headers] [Print]

The title pretty much says it. I installed the program on Ubuntu 20.04 LAMP and I can't figure out how to get to the admin of the program. I think its called Webcit, but how do you access it?



[#] Thu Oct 01 2020 18:05:16 EDT from warbaby @ Uncensored

Subject: Re: I installed citadel. How do I open admin area?

[Reply] [ReplyQuoted] [Headers] [Print]

see if webcit is running..

ps aux | grep webcit

netstat -lnp

should be running on the port(s) you chose during setup..

http://localhost:8080/

https://localhost:443/

https://localhost:2001/

something like that..

it's actually two services.. webcit-http and webcit-https

cd /etc/

grep -i 'webcit' # should tell you something..

once you get it open in a web browser, log in using the username and password you specified during setup. admin/citadel is the default.

The Administartion button is in the left column under 'Advanced' if the account has privileges. 

 

Thu Oct 01 2020 01:13:10 AM EDT from spbear50 @ Uncensored Subject: I installed citadel. How do I open admin area?

The title pretty much says it. I installed the program on Ubuntu 20.04 LAMP and I can't figure out how to get to the admin of the program. I think its called Webcit, but how do you access it?



 



[#] Thu Oct 01 2020 20:41:51 EDT from plentipeppa @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Hi all,

Set up citadel mail server on Raspberry pi 4 everything work well i can send and receive mail but with this nasty annoyance because i dont have ssl.

I not got ssl cert from a certificate authority.

I cant figure out where i put this cert and the other files.

Can someone point me where i should place my certificate.

Thanks for your help in advance.

 

Del



[#] Thu Oct 01 2020 23:13:58 EDT from warbaby @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

do you have a certificate?  If not, check out let'sencrypt.   You can make them with certbot. 

Then.. assuming you used easyinstall..

root@mail:/usr/local/citadel/keys# tree
.
├── citadel.cer
├── citadel.key

same structure for webcit

citadel.cer is the certificate (use fullchain.pem if you have it)

citadel.key is your private key.

Your files should be copied (not linked) to both locations, with those exact names.

then (as root)

chown root:staff *

chmod 600 *

-rw------- 1 root    staff   3.5K Jul  8 20:20 citadel.cer
-rw------- 1 root    staff   1.7K Jul 12 07:46 citadel.key

/usr/local/citadel/keys is for your mail server (imap/smtp)

/usr/local/webcit/keys is for https on webcit

restart your machine (or the services)

then re-connect with your mail client, and browser.. and check your new cert.

Thu Oct 01 2020 08:41:51 PM EDT from plentipeppa @ Uncensored

Hi all,

Set up citadel mail server on Raspberry pi 4 everything work well i can send and receive mail but with this nasty annoyance because i dont have ssl.

I not got ssl cert from a certificate authority.

I cant figure out where i put this cert and the other files.

Can someone point me where i should place my certificate.

Thanks for your help in advance.

 

Del



 



[#] Mon Oct 12 2020 10:49:15 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> to Citadel_Support <room_Citadel_Support@uncensored.citadel.org>

Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.

[Reply] [ReplyQuoted] [Headers] [Print]

Good day warbaby!

I wonder if it will be possible to whitelist the IP of our company in
the script. Sure, for testing I can try a blocking of a few minutes (1
minute tops), but if tests are done or by mistake we write a wrong
password when configuring a new client, this would block ALL users who
are behind the correct IP.



On 9/29/20 6:03 PM, warbaby wrote:
We've been getting brute-forced quit a bit lately.  Maybe it's the
Democrats, or the Red Chinese?

Anyway.. wrote a filter for you guys, because you are are very special
people. and I like you a lot.

it's in the Citadel Security Room! <dotgoto?room=Citadel%20Security>

- God bless

-warbaby

[#] Mon Oct 12 2020 12:11:24 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


It's definitely the Democrats. I know. I wrote the bot.

[#] Mon Oct 12 2020 13:25:42 EDT from warbaby @ Uncensored

Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.

[Reply] [ReplyQuoted] [Headers] [Print]

HI s3crt3o!

Yes, you can add

ignoreip =

To your jail.conf (or jail.local), then restart fail2ban.

but even so, you might want to set up a dev box for testing on any inexpensive vps.. just a few cents to install citadel, fail2ban and test, then take a snapshot and shut it down..

Also, you might like to familiarize yourself with the fail2ban client.. it lets you list the jails and display information about them.. also, a relatively easy "unban" action..

root@mail:~# fail2ban-client status
Status
|- Number of jail:	2
`- Jail list:	citadel, sshd
root@mail:~# fail2ban-client status citadel
Status for the jail: citadel
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	8
|  `- File list:	/var/log/syslog
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:	
root@mail:~# 

fail2ban-client set citadel unbanip <ipaddress>

Some of the details will be version/distro dependent..but that's probably the simplest way to keep you from needing to hack around in iptables..

 

Mon Oct 12 2020 10:49:15 AM EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.
Good day warbaby!

I wonder if it will be possible to whitelist the IP of our company in
the script. Sure, for testing I can try a blocking of a few minutes (1
minute tops), but if tests are done or by mistake we write a wrong
password when configuring a new client, this would block ALL users who
are behind the correct IP.



On 9/29/20 6:03 PM, warbaby wrote:
We've been getting brute-forced quit a bit lately.  Maybe it's the
Democrats, or the Red Chinese?

Anyway.. wrote a filter for you guys, because you are are very special
people. and I like you a lot.

it's in the Citadel Security Room! <dotgoto?room=Citadel%20Security>

- God bless

-warbaby

 



[#] Mon Oct 12 2020 13:17:33 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> to Citadel_Support <room_Citadel_Support@uncensored.citadel.org>

Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.

[Reply] [ReplyQuoted] [Headers] [Print]

Found it!

https://www.fail2ban.org/wiki/index.php/Whitelist
Whitelisting

Whitelisting is setup in the jail.conf file using a space separated list.

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban
will not
# ban a host which matches an address in this list. Several addresses
can be
# defined using space separator.

ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just 127.0.0.1, so
# this needs CIDR range too.
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16



On 10/12/20 8:49 AM, s3cr3to wrote:

Good day warbaby!

I wonder if it will be possible to whitelist the IP of our company in
the script. Sure, for testing I can try a blocking of a few minutes (1
minute tops), but if tests are done or by mistake we write a wrong
password when configuring a new client, this would block ALL users who
are behind the correct IP.



On 9/29/20 6:03 PM, warbaby wrote:
We've been getting brute-forced quit a bit lately.  Maybe it's the
Democrats, or the Red Chinese?

Anyway.. wrote a filter for you guys, because you are are very special
people. and I like you a lot.

it's in the Citadel Security Room! <dotgoto?room=Citadel%20Security>

- God bless

-warbaby

[#] Mon Oct 12 2020 15:31:31 EDT from platonov @ Uncensored

Subject: Is there a problem of incorrect displaying of Subject: header?

[Reply] [ReplyQuoted] [Headers] [Print]

I have 2 citadel systems 8.24 and 9.17.

What I am seeing on 9.17 is incorrect displaying or not displaying at all of Subject: header in RSS feed rooms.

Following are few examples of how Subject is displayed on 8.24 and 9.17

Mon Oct 12 2020 04:00:00 UTC from rss
Subject: JOE BIDEN’S ODD-SOUNDING CAMPAIGN SLOGAN ‘BUILD BACK BETTER’ WAS ACTUALLY TAKEN FROM UNITED NATIONS NEW WORLD ORDER AGENDA
Subject: JOE BIDEN

Sun Oct 11 2020 04:00:00 UTC from rss
Subject: World Health Organization Doctor: COVID Lockdowns Caused “Ghastly Global Catastrophe”
Subject: World Health Organization Doctor: COVID Lockdowns Caused

Fri Oct 09 2020 04:00:00 UTC from rss
Subject: PRESIDENT TRUMP: “TOTAL DECLASSIFICATION” OF ANY/ALL DOCUMENTS RELATED TO RUSSIA INVESTIGATION
Subject: PRESIDENT TRUMP:

Fri Oct 09 2020 07:00:00 AM EEST from rss
Subject: ‘Secret’ ATF move could turn 3M to 4M gun owners into felons
NO Subject: header present at all

Furthermore, the RSS feed rooms that are in Russian language particularly do not display the Subject: header AT ALL. It is simply missing like the article does not have this header at all.

Anybody has any feedback on this?

Thanx in advance.'



[#] Mon Oct 19 2020 16:16:52 EDT from "Richard Saunders" <saunders.richard.p@gmail.com> to room_citadel_support@citadel.org

Subject: unsubscribe?

[Reply] [ReplyQuoted] [Headers] [Print]

I have looked at the web site and at the list emails and cannot find any clue about how to unsubscribe from this list! Most lists have an unsubscribe heading in each email or a link or something. Can someone please enlighten me?


[#] Mon Oct 19 2020 16:33:46 EDT from warbaby @ Uncensored

Subject: Re: unsubscribe?

[Reply] [ReplyQuoted] [Headers] [Print]

http://uncensored.citadel.org/listsub

Mon Oct 19 2020 04:16:52 PM EDT from "Richard Saunders" <saunders.richard.p@gmail.com> Subject: unsubscribe?
I have looked at the web site and at the list emails and cannot find any clue about how to unsubscribe from this list! Most lists have an unsubscribe heading in each email or a link or something. Can someone please enlighten me?


 



[#] Tue Oct 20 2020 07:53:06 EDT from attikus @ Uncensored

Subject: SMTP email queue

[Reply] [ReplyQuoted] [Headers] [Print]

Hello friends of Citadel!


I have Citadel running since a few years as my main mail server and I'm totally satisfied with it.
This morning I experienced another reason to be totally satisfied:
Yesterday the disk in my server broke and the mail server was - obviously - offline. I didn't have time until this morning to restore the server, but after the server was restored a few minutes later a bulk of emails came in from the time when the server was offline.
It's totally cool that I didn't lose any emails - but how is that possible?
Where is the email queue that held the emails back? Or do incoming emails just get stuck in port 25 (or 587) in the event of a server failure?
I have a Mikrotik Router just for info, but I don't believe that the Router is the cause for that effect. Does anybody know why incoming emails are kept back in such an event?

Thank you,
have a nice day!



[#] Tue Oct 20 2020 07:43:00 EDT from "Marisa Giancarla" <fstltna@yahoo.com> to room_Citadel_Support@citadel.org

Subject: Re: [Citadel Support] SMTP email queue

[Reply] [ReplyQuoted] [Headers] [Print]

That is how mail servers work - if they have a issue sending mail they
leave it in a queue on the senders system and try it again later. They
keep trying for a period of time. Short answer is that they are on the
individual senders mail servers...


Marisa

On 10/20/20 4:53 AM, attikus wrote:

Hello friends of Citadel!


I have Citadel running since a few years as my main mail server and
I'm totally satisfied with it.
This morning I experienced another reason to be totally satisfied:
Yesterday the disk in my server broke and the mail server was -
obviously - offline. I didn't have time until this morning to restore
the server, but after the server was restored a few minutes later a
bulk of emails came in from the time when the server was offline.
It's totally cool that I didn't lose any emails - but how is that
possible?
Where is the email queue that held the emails back? Or do incoming
emails just get stuck in port 25 (or 587) in the event of a server
failure?
I have a Mikrotik Router just for info, but I don't believe that the
Router is the cause for that effect. Does anybody know why incoming
emails are kept back in such an event?

Thank you,
have a nice day!

Go to page: First ... 20 21 22 23 [24] 25 26 27 28