Language:
switch to room list switch to menu My folders
Go to page: First ... 19 20 21 22 [23] 24 25 26 27 ... Last
[#] Mon Oct 12 2020 12:11:24 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


It's definitely the Democrats. I know. I wrote the bot.

[#] Mon Oct 12 2020 13:25:42 EDT from warbaby @ Uncensored

Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.

[Reply] [ReplyQuoted] [Headers] [Print]

HI s3crt3o!

Yes, you can add

ignoreip =

To your jail.conf (or jail.local), then restart fail2ban.

but even so, you might want to set up a dev box for testing on any inexpensive vps.. just a few cents to install citadel, fail2ban and test, then take a snapshot and shut it down..

Also, you might like to familiarize yourself with the fail2ban client.. it lets you list the jails and display information about them.. also, a relatively easy "unban" action..

root@mail:~# fail2ban-client status
Status
|- Number of jail:	2
`- Jail list:	citadel, sshd
root@mail:~# fail2ban-client status citadel
Status for the jail: citadel
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	8
|  `- File list:	/var/log/syslog
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:	
root@mail:~# 

fail2ban-client set citadel unbanip <ipaddress>

Some of the details will be version/distro dependent..but that's probably the simplest way to keep you from needing to hack around in iptables..

 

Mon Oct 12 2020 10:49:15 AM EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.
Good day warbaby!

I wonder if it will be possible to whitelist the IP of our company in
the script. Sure, for testing I can try a blocking of a few minutes (1
minute tops), but if tests are done or by mistake we write a wrong
password when configuring a new client, this would block ALL users who
are behind the correct IP.



On 9/29/20 6:03 PM, warbaby wrote:
We've been getting brute-forced quit a bit lately.  Maybe it's the
Democrats, or the Red Chinese?

Anyway.. wrote a filter for you guys, because you are are very special
people. and I like you a lot.

it's in the Citadel Security Room! <dotgoto?room=Citadel%20Security>

- God bless

-warbaby

 



[#] Mon Oct 12 2020 13:17:33 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> to Citadel_Support <room_Citadel_Support@uncensored.citadel.org>

Subject: Re: New Fail2ban filter for Citadel .. in the citadel Security room.

[Reply] [ReplyQuoted] [Headers] [Print]

Found it!

https://www.fail2ban.org/wiki/index.php/Whitelist
Whitelisting

Whitelisting is setup in the jail.conf file using a space separated list.

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban
will not
# ban a host which matches an address in this list. Several addresses
can be
# defined using space separator.

ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just 127.0.0.1, so
# this needs CIDR range too.
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16



On 10/12/20 8:49 AM, s3cr3to wrote:

Good day warbaby!

I wonder if it will be possible to whitelist the IP of our company in
the script. Sure, for testing I can try a blocking of a few minutes (1
minute tops), but if tests are done or by mistake we write a wrong
password when configuring a new client, this would block ALL users who
are behind the correct IP.



On 9/29/20 6:03 PM, warbaby wrote:
We've been getting brute-forced quit a bit lately.  Maybe it's the
Democrats, or the Red Chinese?

Anyway.. wrote a filter for you guys, because you are are very special
people. and I like you a lot.

it's in the Citadel Security Room! <dotgoto?room=Citadel%20Security>

- God bless

-warbaby

[#] Mon Oct 12 2020 15:31:31 EDT from platonov @ Uncensored

Subject: Is there a problem of incorrect displaying of Subject: header?

[Reply] [ReplyQuoted] [Headers] [Print]

I have 2 citadel systems 8.24 and 9.17.

What I am seeing on 9.17 is incorrect displaying or not displaying at all of Subject: header in RSS feed rooms.

Following are few examples of how Subject is displayed on 8.24 and 9.17

Mon Oct 12 2020 04:00:00 UTC from rss
Subject: JOE BIDEN’S ODD-SOUNDING CAMPAIGN SLOGAN ‘BUILD BACK BETTER’ WAS ACTUALLY TAKEN FROM UNITED NATIONS NEW WORLD ORDER AGENDA
Subject: JOE BIDEN

Sun Oct 11 2020 04:00:00 UTC from rss
Subject: World Health Organization Doctor: COVID Lockdowns Caused “Ghastly Global Catastrophe”
Subject: World Health Organization Doctor: COVID Lockdowns Caused

Fri Oct 09 2020 04:00:00 UTC from rss
Subject: PRESIDENT TRUMP: “TOTAL DECLASSIFICATION” OF ANY/ALL DOCUMENTS RELATED TO RUSSIA INVESTIGATION
Subject: PRESIDENT TRUMP:

Fri Oct 09 2020 07:00:00 AM EEST from rss
Subject: ‘Secret’ ATF move could turn 3M to 4M gun owners into felons
NO Subject: header present at all

Furthermore, the RSS feed rooms that are in Russian language particularly do not display the Subject: header AT ALL. It is simply missing like the article does not have this header at all.

Anybody has any feedback on this?

Thanx in advance.'



[#] Mon Oct 19 2020 16:16:52 EDT from "Richard Saunders" <saunders.richard.p@gmail.com> to room_citadel_support@citadel.org

Subject: unsubscribe?

[Reply] [ReplyQuoted] [Headers] [Print]

I have looked at the web site and at the list emails and cannot find any clue about how to unsubscribe from this list! Most lists have an unsubscribe heading in each email or a link or something. Can someone please enlighten me?


[#] Mon Oct 19 2020 16:33:46 EDT from warbaby @ Uncensored

Subject: Re: unsubscribe?

[Reply] [ReplyQuoted] [Headers] [Print]

http://uncensored.citadel.org/listsub

Mon Oct 19 2020 04:16:52 PM EDT from "Richard Saunders" <saunders.richard.p@gmail.com> Subject: unsubscribe?
I have looked at the web site and at the list emails and cannot find any clue about how to unsubscribe from this list! Most lists have an unsubscribe heading in each email or a link or something. Can someone please enlighten me?


 



[#] Tue Oct 20 2020 07:53:06 EDT from attikus @ Uncensored

Subject: SMTP email queue

[Reply] [ReplyQuoted] [Headers] [Print]

Hello friends of Citadel!


I have Citadel running since a few years as my main mail server and I'm totally satisfied with it.
This morning I experienced another reason to be totally satisfied:
Yesterday the disk in my server broke and the mail server was - obviously - offline. I didn't have time until this morning to restore the server, but after the server was restored a few minutes later a bulk of emails came in from the time when the server was offline.
It's totally cool that I didn't lose any emails - but how is that possible?
Where is the email queue that held the emails back? Or do incoming emails just get stuck in port 25 (or 587) in the event of a server failure?
I have a Mikrotik Router just for info, but I don't believe that the Router is the cause for that effect. Does anybody know why incoming emails are kept back in such an event?

Thank you,
have a nice day!



[#] Tue Oct 20 2020 07:43:00 EDT from "Marisa Giancarla" <fstltna@yahoo.com> to room_Citadel_Support@citadel.org

Subject: Re: [Citadel Support] SMTP email queue

[Reply] [ReplyQuoted] [Headers] [Print]

That is how mail servers work - if they have a issue sending mail they
leave it in a queue on the senders system and try it again later. They
keep trying for a period of time. Short answer is that they are on the
individual senders mail servers...


Marisa

On 10/20/20 4:53 AM, attikus wrote:

Hello friends of Citadel!


I have Citadel running since a few years as my main mail server and
I'm totally satisfied with it.
This morning I experienced another reason to be totally satisfied:
Yesterday the disk in my server broke and the mail server was -
obviously - offline. I didn't have time until this morning to restore
the server, but after the server was restored a few minutes later a
bulk of emails came in from the time when the server was offline.
It's totally cool that I didn't lose any emails - but how is that
possible?
Where is the email queue that held the emails back? Or do incoming
emails just get stuck in port 25 (or 587) in the event of a server
failure?
I have a Mikrotik Router just for info, but I don't believe that the
Router is the cause for that effect. Does anybody know why incoming
emails are kept back in such an event?

Thank you,
have a nice day!

[#] Tue Oct 20 2020 08:03:35 EDT from attikus @ Uncensored

Subject: Re: [Citadel Support] SMTP email queue

[Reply] [ReplyQuoted] [Headers] [Print]

Thank you Marisa for the really quick answer!

That makes a lot of sense. Interestingly some of those mails were sent from a different server of mine (Monitoring) via Exim4. That means that Exim4 has such a queue implemented, I never thought about that :)
I have to research that and then I should be able to see the queue on the Monitoring Server.
Once again thanks!



[#] Tue Oct 20 2020 08:20:39 EDT from attikus @ Uncensored

Subject: Port 25

[Reply] [ReplyQuoted] [Headers] [Print]

Haha well, the mail queue for Exim4 was not very hard to find - now all of this makes sense to me!

 

But I want to ask another theoretical question that I have in my mind since years.
I think it's strange that it is just not possible to find the answer for this online even though mail servers are common and the technology is not new - still the knowledge is very hard to find.
On my Router I redirect port 25 to 587 to prevent SMTP hijacking because the server is exposed to the internet. Since then I didn't have any problems with bots using my SMTP for sending spam mails because on port 587 they have to authenticate.
Once I tried to add a rule that only my trusted IPs can use port 25. Unfortunately then I didn't receive any emails from other people anymore because it seems like the whole world is using port 25 to send emails and not 587.
So I never found a better solution for this than redirecting port 25 to 587 - how are you guys handling this?

Thank you and have a nice day!



[#] Tue Oct 20 2020 11:55:50 EDT from warbaby @ Uncensored

Subject: Re: Port 25

[Reply] [ReplyQuoted] [Headers] [Print]

 Any client can connect to, but should still have to authenticate to send on port 25. If not you are basically running an open relay...

Tue Oct 20 2020 08:20:39 AM EDT from attikus @ Uncensored Subject: Port 25

Haha well, the mail queue for Exim4 was not very hard to find - now all of this makes sense to me!

 

But I want to ask another theoretical question that I have in my mind since years.
I think it's strange that it is just not possible to find the answer for this online even though mail servers are common and the technology is not new - still the knowledge is very hard to find.
On my Router I redirect port 25 to 587 to prevent SMTP hijacking because the server is exposed to the internet. Since then I didn't have any problems with bots using my SMTP for sending spam mails because on port 587 they have to authenticate.
Once I tried to add a rule that only my trusted IPs can use port 25. Unfortunately then I didn't receive any emails from other people anymore because it seems like the whole world is using port 25 to send emails and not 587.
So I never found a better solution for this than redirecting port 25 to 587 - how are you guys handling this?

Thank you and have a nice day!



 



[#] Tue Oct 20 2020 12:00:25 EDT from platonov @ Uncensored

Subject: how to compact database that has lots of deleted records?

[Reply] [ReplyQuoted] [Headers] [Print]

The database on my 8.24 node has gotten too big to manage. Is there a way to compact it so that it only contains the records that exist without all the deleted records?

 



[#] Tue Oct 20 2020 13:31:00 EDT from warbaby @ Uncensored

Subject: Re: how to compact database that has lots of deleted records?

[Reply] [ReplyQuoted] [Headers] [Print]

There is the undocumented option c_shrink_db_files which calls the berkley db compact function.

I would image you could set it with something like..

./sendcommand CONF PUTVAL|c_shrink_db_files|1

Although you'd certainly be taking on your own risk....

It appears to still be hooked up.. see citadel/modules/expire/serv_expire.c

   if ( (!server_shutting_down) && (CtdlGetConfigInt("c_shrink_db_files") != 0) )
      {
      cdb_compact();             // Shrink the DB files on disk
      }


But personally, I would be making some serious copies of that database, or setup a test box before I messed around with it. 

See also https://www.citadel.org/disk_space.html
Tue Oct 20 2020 12:00:25 PM EDT from platonov @ Uncensored Subject: how to compact database that has lots of deleted records?

The database on my 8.24 node has gotten too big to manage. Is there a way to compact it so that it only contains the records that exist without all the deleted records?

 



 



[#] Tue Oct 20 2020 13:45:05 EDT from warbaby @ Uncensored

Subject: Using c_shrink_db_files to compact the database..

[Reply] [ReplyQuoted] [Headers] [Print]

Doing some testing.. You'll definitely want to put quotes around the command.

/usr/local/citadel/sendcommand "CONF PUTVAL|c_shrink_db_files|1"

It does not show up with..

./sendcommand "CONF GET"

To read the value that's in there..

./sendcommand "CONF GETVAL|c_shrink_db_files"

Also

./sendcommand "CONF LISTVAL"

or 

./sendcommand "CONF LISTVAL" | grep shrink

I'll see if I can trigger a nightly cleanup on my dev box and let everyone know how it goes..

 


[#] Tue Oct 20 2020 17:17:57 EDT from platonov @ Uncensored

Subject: Re: Using c_shrink_db_files to compact the database..

[Reply] [ReplyQuoted] [Headers] [Print]

Thanx a lot for your info and efforts. Appreciated indeed.

Tue Oct 20 2020 13:45:05 EDT from warbaby @ Uncensored Subject: Using c_shrink_db_files to compact the database..

Doing some testing.. You'll definitely want to put quotes around the command.

/usr/local/citadel/sendcommand "CONF PUTVAL|c_shrink_db_files|1"

It does not show up with..

./sendcommand "CONF GET"

To read the value that's in there..

./sendcommand "CONF GETVAL|c_shrink_db_files"

Also

./sendcommand "CONF LISTVAL"

or 

./sendcommand "CONF LISTVAL" | grep shrink

I'll see if I can trigger a nightly cleanup on my dev box and let everyone know how it goes..

 


 



[#] Tue Oct 20 2020 22:07:43 EDT from warbaby @ Uncensored

Subject: How to auto compact db files [Tutorial] and a Proof of Concept...

[Reply] [ReplyQuoted] [Headers] [Print]

Since there are a few people out there hoping for a full procedure to use c_db_shrink_files, and get their database under control, it became a DOCUMENTATION PROJECT.

I wrote my notes in markdown (instead of email), and pandoc'd it to Latex...

This can also be pandoc'ed to a "web page".. re, our 'markdown -> html -> tex -> pdf" conversation in Citadel News.

Here are the documents.  I did a little more editing on the Latex, but all can be easily automated.. [mainly typeface and hypreref link colors. .]

Assume, "How to" as the prefix for these titles and file names..[to reduce character count for SEO in the url]

eg:

siteroot/how-to/automatically-compact-citadel-database-files-using-c_shrink_db_files

Take care, and keep those Citadel boxes running..

We've got a world to save from Gmail!

 



automatically-compact-citadel-database-files-with-c_shrink_db_files.html (text/html, 19106 bytes) [View| Download]
set-auto-purger-time-to-run.png (image/png, 127810 bytes) [ View | Download ]
automatically-compact-citadel-database-files-with-c_shrink_db_files.tex (text/x-tex, 22897 bytes) [ View | Download ]
automatically-compact-citadel-database-files-with-c_shrink_db_files.pdf (application/pdf, 453039 bytes) [ View | Download ]
automatically-compact-citadel-database-files-with-c_shrink_db_files.md (text/markdown, 17467 bytes) [ View | Download ]
[#] Tue Oct 20 2020 23:10:29 EDT from IGnatius T Foobar @ Uncensored

Subject: Re: Port 25

[Reply] [ReplyQuoted] [Headers] [Print]

Once I tried to add a rule that only my trusted IPs can use port 25.
Unfortunately then I didn't receive any emails from other people
anymore because it seems like the whole world is using port 25 to
send emails and not 587.
So I never found a better solution for this than redirecting port 25
to 587 - how are you guys handling this?

Incoming email from the rest of the Internet uses port 25. The service on port 25 is an MTA (Mail Transport Agent) and it is universally used for sending email from site to site. There is no way around this.

Port 587 is the same service, but configured as an MSA (Mail Submission Agent).
An MSA is only used for the site's own users to submit mail into the system.
In a typical configuration, 587 requires authentication, but bypasses the spam filters because the users are trusted.

In a Citadel system, we also enforce the following rules:

1. If a connection is *not* authenticated, we do not accept mail that claims to be from our own domain(s), because it is obviously forged.

2. If a connection *is* authenticated, we ensure that the From: line in the message either is, or is changed to, a valid address for the user who authenticated.

So that's pretty much as far as we can go -- port 587 for SMTP from your own users' email clients, port 25 for the rest of the world to send mail to your site.

[#] Tue Oct 20 2020 23:12:29 EDT from IGnatius T Foobar @ Uncensored

Subject: Re: Is there a problem of incorrect displaying of Subject: header?

[Reply] [ReplyQuoted] [Headers] [Print]

What I am seeing on 9.17 is incorrect displaying or not displaying at all
of
Subject: header in RSS feed rooms.

I have noticed this on occasion as well. It's got to be a buffer size issue somewhere but so far I haven't been able to figure out where it is. We'll keep looking.

[#] Wed Oct 21 2020 04:05:46 EDT from attikus @ Uncensored

Subject: Re: Port 25

[Reply] [ReplyQuoted] [Headers] [Print]

thank you for this detailed answer!

is there a way in citadel to force authentication on port 25? because how I understand it, citadel drops unauthenticated mails that claims to be from my domains but if a hijacker uses any different domain he can use it as a relay. so forced authentication on port 25 should do the job.

 

Tue Oct 20 2020 23:10:29 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Port 25
Once I tried to add a rule that only my trusted IPs can use port 25.
Unfortunately then I didn't receive any emails from other people
anymore because it seems like the whole world is using port 25 to
send emails and not 587.
So I never found a better solution for this than redirecting port 25
to 587 - how are you guys handling this?

Incoming email from the rest of the Internet uses port 25. The service on port 25 is an MTA (Mail Transport Agent) and it is universally used for sending email from site to site. There is no way around this.

Port 587 is the same service, but configured as an MSA (Mail Submission Agent).
An MSA is only used for the site's own users to submit mail into the system.
In a typical configuration, 587 requires authentication, but bypasses the spam filters because the users are trusted.

In a Citadel system, we also enforce the following rules:

1. If a connection is *not* authenticated, we do not accept mail that claims to be from our own domain(s), because it is obviously forged.

2. If a connection *is* authenticated, we ensure that the From: line in the message either is, or is changed to, a valid address for the user who authenticated.

So that's pretty much as far as we can go -- port 587 for SMTP from your own users' email clients, port 25 for the rest of the world to send mail to your site.

 



[#] Wed Oct 21 2020 08:41:59 EDT from platonov @ Uncensored

Subject: Re: Is there a problem of incorrect displaying of Subject: header?

[Reply] [ReplyQuoted] [Headers] [Print]

Well, yesterday I tried to do /usr/local/citadel/ctdlmigrate to xfer database from 8.24 to 9.29 node.

I was able to make it work and it did xfer the data to the new node. And, Subject: headers were magically working correctly. I did verify quite a bit of records and everything looked just fine. Does it mean it is a configuration issue?

Unfortunately, ctdlmigrate did not fully succeed and it bombed out with an error msg:

*** Citadel migration was unsuccessful. ***

Here are last few lines.

- - - - - - - - - - - - - - - - -

root@45.79.97.253:/usr/local/citadel/keys/ /usr/local/citadel/keys/
receiving incremental file list

sent 20 bytes  received 85 bytes  210.00 bytes/sec
total size is 5,286  speedup is 50.34
false
false

 *** Citadel migration was unsuccessful. ***

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

And the real bummer is that everything seemed to work just fine with imported data until you restart the citserver.

At that point, here's the status:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

$ sudo service citadel status
● citadel.service - Citadel Server
     Loaded: loaded (/etc/systemd/system/citadel.service; enabled; vendor preset                                                                                                                                   : enabled)
     Active: failed (Result: exit-code) since Tue 2020-10-20 20:42:41 UTC; 2s ag                                                                                                                                   o
    Process: 1507 ExecStart=/usr/local/citadel/citserver (code=exited, status=10                                                                                                                                   5)
   Main PID: 1507 (code=exited, status=105)

Oct 20 20:42:41 UbuToo systemd[1]: citadel.service: Scheduled restart job, resta                                                                                                                                   rt counter is at 5.
Oct 20 20:42:41 UbuToo systemd[1]: Stopped Citadel Server.
Oct 20 20:42:41 UbuToo systemd[1]: citadel.service: Start request repeated too q                                                                                                                                   uickly.
Oct 20 20:42:41 UbuToo systemd[1]: citadel.service: Failed with result 'exit-cod                                                                                                                                   e'.
Oct 20 20:42:41 UbuToo systemd[1]: Failed to start Citadel Server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

What can be done to fix this issue? I was thinking of doing a database recover kind of thing.

Tue Oct 20 2020 23:12:29 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Is there a problem of incorrect displaying of Subject: header?
What I am seeing on 9.17 is incorrect displaying or not displaying at all
of
Subject: header in RSS feed rooms.

I have noticed this on occasion as well. It's got to be a buffer size issue somewhere but so far I haven't been able to figure out where it is. We'll keep looking.

 



Go to page: First ... 19 20 21 22 [23] 24 25 26 27 ... Last