Language:
switch to room list switch to menu My folders
Go to page: First ... 17 18 19 20 [21] 22 23 24 25 ... Last
[#] Wed Jan 13 2021 04:41:51 EST from yousif

Subject: sending mails error

[Reply] [ReplyQuoted] [Headers] [Print]

i can receive emails but can't send and i have the attached error 

(550 (Requested action not taken: mailbox unavailable or relaying denied)



12.PNG (image/png, 21631 bytes) [ View | Download ]
[#] Wed Jan 13 2021 06:04:06 EST from hosamgamal636gmail.com

Subject: Sending Mail Problem

[Reply] [ReplyQuoted] [Headers] [Print]

Hello
No email is sent and this error appears
requested action not taken mailbox unavailable or relaying denied

Possible solution to this error !?

Thanks



[#] Wed Jan 13 2021 14:40:57 EST from omatnet

Subject: Re: Citadel log level

[Reply] [ReplyQuoted] [Headers] [Print]

Thanks Michael,

I also noticed that warbaby posted a 'Quick and dirty fail2ban filter for Citadel' in the Citadel Security room:

http://uncensored.citadel.org/webcit/webcit/dotgoto?room=Citadel%20Security

 

Wed Jan 13 2021 02:04:12 EST from Michael Subject: Re: Citadel log level

omatnet,

take a look at the attachments.  I am using spamassassin and have the "
Perform RBL checks upon connect instead of after RCPT" option checked (citadel smtp administration tab). My failregex ckecks for smtp auth errors and rbls.

Verify the paths work for you (e.g. path to citadel or your log files)

Let me know if it worked.

Michael

Sun Jan 10 2021 18:25:58 EST from omatnet Subject: Re: Citadel log level

Glad I was able to help Michael,

Do have a fail2ban filter file for citadel, something that would be under the 'filter.d'? I wasn't able to find a proper filter that would work for citadel with fail2ban.

If yes, could you please share it? (will save me time instead of building the filter file from scratch).

Thanks!

Sat Jan 09 2021 08:31:26 EST from Michael Subject: Re: Citadel log level

Works

syslog: mail citserver[1467]: citserver[1467]: user_ops: bad password specified for <> Service <SMTP-MTA> Port <port #> Remote <OP address / IP addrress>

mail.log: mail citserver[1467]: user_ops: bad password specified for <> Service <SMTP-MTA> Port <port #> Remote <OP address / IP addrress>

 

Sat Jan 09 2021 08:13:52 EST from Michael Subject: Re: Citadel log level

Thanks a bunch for taking another look at it. I implemented the change to citadel.service and will do some smpt auth testing later today. FYI - there is a failregex sample described in the Citadel Security room here on this bbs

Fri Jan 08 2021 20:22:13 EST from omatnet Subject: Re: Citadel log level

I may have found the solution to the problem I experienced in my previous answer/solution below: The '-d' parameter was originally supposed to cause Citserver to run as a daemon. But possibly with systemd it is not needed anymore, or not supported correctly since in fact it caused citserver to have two instances in memory. I removed the '-d' parameter so the line in /etc/systemd/system/citadel.service is now:

/usr/local/citadel/citserver -lmail -x6

and now I am able to see bad login attempts in /var/log/mail.log so fail2ban mail filter should be able to find it and activate blocking. The bad login attempt error line contains the text "user_ops: bad password specified for" as well as the IP number of the offending machine trying to log in, which can be used in the fail2ban filter. I haven't tested yet with fail2ban, but will do so shortly.

By the way, in case you need, the highest level of logging is X7 (the levels are 0-7, 0 being the minimum and 7 being the maximum)

 

Fri Jan 08 2021 19:47:14 EST from omatnet Subject: Re: Citadel log level

I have a partial answer for you, but also extend your question so hope that someone else would be able to complete the answer - since I am also trying to use fail2ban with Citadel and it doesn't work as it should:

In previous versions of Citadel, there was an option to add command line parameters that will set the log level. I used to use: 

/usr/local/citadel/citserver -lmail -d -x6

which means using the most verbose logging level and using /var/log/mail.log as the log file (although I think it is the default now, in the past it went only to syslog)

With systemd Citadel is running as a service, so I tried to make this changes to the /etc/systemd/system/citadel.service file but I after the change and restart I am not seeing any difference in the log level. I can verify (with 'ps x | grep citserver') that the command line parameters are sent to citserver, BUT I DO NOT see any difference in the log level at mail.log

Another problem - I can see that some of the Citadel logging data is saved at /var/log/mail.log and some of it is at /var/log/syslog - specifically the login authorization data (bad login attempts, which fail2ban needs to monitor).

That is a problem since fail2ban can only monitor a single log file per 'jail'. Of course I can try and bypass and create 2 fail2ban jails for Citadel but that complicate things quite a bit and it is not supposed to be that way.

Can anyone share further advice on that? Thank you!

 

Thu Jan 07 2021 14:45:00 EST from mkuhn Subject: Citadel log level

Hi,

Happy new year!

I'm running Citadel 930 and Webcit 927, installed with easyinstall on my Odroid C2 (updating config.guess in libcitadel.tar and citadel-easyinstall.tar would be great). 

I would like to change the log level for smtp events to let Fail2ban block IPs (i.e. telnet connects on port 25).  What would I need to do to generate that information in either mail.log or syslog?

Regards.

Michael

 



 



 



 



 



 



 



 



sendmail-buffered.conf (application/octet-stream, 3874 bytes) [ View | Download ]
citserver.conf (application/octet-stream, 1166 bytes) [ View | Download ]
sendmail-whois-ipjailmatches.conf (application/octet-stream, 1438 bytes) [ View | Download ]
sendmail.conf (application/octet-stream, 1174 bytes) [ View | Download ]
sendmail-common.conf (application/octet-stream, 2514 bytes) [ View | Download ]
fail2ban.conf (application/octet-stream, 3277 bytes) [ View | Download ]
sendmail-whois-lines.conf (application/octet-stream, 1775 bytes) [ View | Download ]
jail.local (application/octet-stream, 963 bytes) [ View | Download ]
jail.conf (application/octet-stream, 436 bytes) [ View | Download ]
sendmail-geoip-lines.conf (application/octet-stream, 2408 bytes) [ View | Download ]
sendmail-whois.conf (application/octet-stream, 1337 bytes) [ View | Download ]
sendmail-whois-matches.conf (application/octet-stream, 1361 bytes) [ View | Download ]
sendmail-whois-ipmatches.conf (application/octet-stream, 1414 bytes) [ View | Download ]
[#] Fri Jan 15 2021 03:37:10 EST from ColP

Subject: Re: My citadel is no longer functioning

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Jan 11 2021 14:56:24 EST from calcmandan Subject: My citadel is no longer functioning

My citadel server, which is being used only for email, has degraded to the point that it no longer runs. I can't log into the web interface. My devices can't fetch mail. It is running on an ubuntu server and was configured after easy install.

After it stopped working, I attempted to do an easy install from an updated package. When I ssh into the box I get the following messages:

citserver[3250]: db: cdb_fetch(9): BDB0075 DB_PAGE_NOTFOUND: Requested page not found

I was seeing these messages even before attempting to patch with the latest. Not sure what to do from here.



Hi,

I‘m by no means an expert, but every problem I’ve had so far with Citadel has been a database one.

If it’s not happy with the data, the server won’t start. Do you have any backups of the data directory?



[#] Fri Jan 15 2021 18:00:40 EST from w1kgk

Subject: login

[Reply] [ReplyQuoted] [Headers] [Print]

I type the address of 192.168.1.xxx  of the raspberry pi to get the citadel login page...no login page appears?

How do i get the login page to come up?



[#] Fri Jan 15 2021 18:45:03 EST from ParanoidDelusions

Subject: Re: login

[Reply] [ReplyQuoted] [Headers] [Print]

On the Pi, open the browser, and try http://127.0.0.1 

Did you leave it on the default port (80?) 

If so, do you have Apache running and installed on the default port too? 

 

Fri Jan 15 2021 18:00:40 EST from w1kgk Subject: login

I type the address of 192.168.1.xxx  of the raspberry pi to get the citadel login page...no login page appears?

How do i get the login page to come up?



 



[#] Fri Jan 15 2021 23:43:38 EST from sethmhur

Subject: trying to configure nntp on private citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

So as the subject says I'm trying to configure nntp access for my rooms on a private server how would I do this?



[#] Sat Jan 16 2021 13:47:42 EST from Syd

Subject: logging in

[Reply] [ReplyQuoted] [Headers] [Print]

Hi, If you wish to bad mouth me well OK

I have or think I have installed CITADEL but cannot find out how to log in.

Could someone kindly direct me to relevent information please or better still tell me how to

Cheers

Syd



[#] Sat Jan 16 2021 16:00:16 EST from IGnatius T Foobar

Subject: Re: logging in

[Reply] [ReplyQuoted] [Headers] [Print]


I will badmouth you for posting your support request in the LOBBY instead of in the CITADEL SUPPORT room.

But to answer your question: connect your web browser to the port specified for WebCit during the setup process. The default username is "admin" and the default password is "citadel".

[#] Sun Jan 17 2021 12:15:09 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Just a heads up... yesterday and today, when I try to send a message, the editor kind of refreshes - you know, you can see the frame resizing and the raw HTML in it, then it comes back up in the editor, not looking like the message was sent. I go and check Sent Messages, and the message is not there - but I've gotten responses on ones I thought didn't send, so my guess is that they are sending. I can't describe it more technically than this. It looks like the message didn't send, but I get a response, so it must have. 

 



[#] Sun Jan 17 2021 12:25:04 EST from w1kgk

Subject: Re: login

[Reply] [ReplyQuoted] [Headers] [Print]

Yes  i changed the citadel to 8080.  apache2 comes up with 192.168.1.50 and also 127.0.01!!

How do i get past the apache2 to citadel....sorry really new to this!!!

 

Kevin



[#] Sun Jan 17 2021 12:48:03 EST from ParanoidDelusions

Subject: Re: login

[Reply] [ReplyQuoted] [Headers] [Print]

I probably thought of this so quickly because I'm not super good at this, myself. 

Type in http://127.0.0.1:8080

or http://192.168.1.50:8080

Both should open at your Citadel screen. 

 

Sun Jan 17 2021 12:25:04 EST from w1kgk Subject: Re: login

Yes  i changed the citadel to 8080.  apache2 comes up with 192.168.1.50 and also 127.0.01!!

How do i get past the apache2 to citadel....sorry really new to this!!!

 

Kevin



 



[#] Sun Jan 17 2021 13:13:41 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Is there a way to send a systemwide page to all logged in users without restarting? 

Also: 

When trying to restart with page all users, I get: 

Message to your Users:

 

didn't find Template [box_serverrestartpage] 21 21


[#] Sun Jan 17 2021 15:52:48 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

So... 

In order to change my default port for https from 4916 to 443... 

Do I... 

run /etc/webcit ./setup and change it there to 443 

then change the redirects from lobby at /etc/systemd/system/webcit-https.service from p4916 to p443 

I've done this on my test system, and after restarting citadel, rebooting the entire machine, it no longer redirects on connect from lobby the the welcome room. 

I am connecting to https://127.0.0.1 

Is there something I'm missing? 

Warbaby was right - it does fix the broken SSL messages in my logs - and seems to speed up the response time of the Citadel - at least, when connecting to localhost. 

 



[#] Sun Jan 17 2021 16:11:06 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Something is definitely wrong.

Jan 17 14:10:49 secure webcit[3500]: Attempting to bind to port 443...
Jan 17 14:10:49 secure webcit[3500]: Can't bind: Address already in use

 

Sun Jan 17 2021 15:52:48 EST from ParanoidDelusions

So... 

In order to change my default port for https from 4916 to 443... 

Do I... 

run /etc/webcit ./setup and change it there to 443 

then change the redirects from lobby at /etc/systemd/system/webcit-https.service from p4916 to p443 

I've done this on my test system, and after restarting citadel, rebooting the entire machine, it no longer redirects on connect from lobby the the welcome room. 

I am connecting to https://127.0.0.1 

Is there something I'm missing? 

Warbaby was right - it does fix the broken SSL messages in my logs - and seems to speed up the response time of the Citadel - at least, when connecting to localhost. 

 



 



[#] Sun Jan 17 2021 19:09:22 EST from ParanoidDelusions

Subject: Change SSL Port in Webcit (Was:PD Forgot a subject again)

[Reply] [ReplyQuoted] [Headers] [Print]

I'll post my ramblings on it somewhere else - but I got it sorted. 

Sun Jan 17 2021 16:11:06 EST from ParanoidDelusions

Something is definitely wrong.

Jan 17 14:10:49 secure webcit[3500]: Attempting to bind to port 443...
Jan 17 14:10:49 secure webcit[3500]: Can't bind: Address already in use

 

 

 



 



 



[#] Sun Jan 17 2021 20:38:07 EST from warbaby

Subject: Webcit & ports..

[Reply] [ReplyQuoted] [Headers] [Print]

WEBCIT/EASYINSTALL

root@mail:/etc# ag -i webcit
systemd/system/webcit-https.service
5:ExecStart=/usr/local/webcit/webcit -s -p2001 uds /usr/local/citadel

systemd/system/webcit-http.service
5:ExecStart=/usr/local/webcit/webcit -p8080 uds /usr/local/citadel
root@ellen:/etc#

OR, there are some older init scripts in /etc/init.d/webcit # if you have a package version..

You'll have to hack the files right there.. if it's in systemd, just cp or mv to some safe place, before you mess with them.. 

cp /etc/systemd/system/webcit-http ~/webcit-backup # etc.. or

cp webcit-http webcit-http.dist # something like that..

If you're using NGINX for Proxy pass, webcit is still running on a port somewhere, but NOT 80/443! .. just think your way through it..

use 'netstat -lnp' see what is running on which port..

ParanoidDelusions, remember if you want to do the Start Page, you have to add the URL to the startup line.. [I forget the exact syntax, but you should have it.. You had it setup in the past.]



[#] Sun Jan 17 2021 22:09:14 EST from ParanoidDelusions

Subject: Re: Webcit & ports..

[Reply] [ReplyQuoted] [Headers] [Print]

Thank you for the response. 

Not really familiar with ack/ag - but it looks like the lines you provided below uses ag to search for "webcit" finds the systemd/system webcit-https.service and then shows you what line the port numbers for webcit are defined on in that config file, right? 

ack/ag are not installed as default tools on either Debian or Raspbian. 

The syntax I have in webcit-https.service is
 
ExecStart=/usr/local/webcit/webcit -s -p443 -g/dotgoto?room=hello uds /usr/local/citadel

Is changing the "-pXXX" in webcit.http(s).service *setting* the port for webcit, or just defining what port webcit is listening on? That may have been my confusion. I may have set up webcit by running ./setup in the webcit directory and then went in and manually edited the file in systemd/system. 

Debian and Raspbian use some new scheme to configure network interfaces, ip address, DNS addresses and related settings. It isn't "if up" and "if down" anymore. I'm not real comfortable with the new scheme - but, netstat is depreciated under the new method - not installed by default, and I ran into some obstacle with installing it along the new tools last time I tried.

I did manage to evidently get it sorted so that it isn't throwing up bind errors and the landing page is working once again. I did it the Windows admin way - shutting down hard then powering back up. Not sure what that would have fixed that a reboot didn't - but it started working right after that.   

Sun Jan 17 2021 20:38:07 EST from warbaby Subject: Webcit & ports..

WEBCIT/EASYINSTALL

root@mail:/etc# ag -i webcit
systemd/system/webcit-https.service
5:ExecStart=/usr/local/webcit/webcit -s -p2001 uds /usr/local/citadel

systemd/system/webcit-http.service
5:ExecStart=/usr/local/webcit/webcit -p8080 uds /usr/local/citadel
root@ellen:/etc#

OR, there are some older init scripts in /etc/init.d/webcit # if you have a package version..

You'll have to hack the files right there.. if it's in systemd, just cp or mv to some safe place, before you mess with them.. 

cp /etc/systemd/system/webcit-http ~/webcit-backup # etc.. or

cp webcit-http webcit-http.dist # something like that..

If you're using NGINX for Proxy pass, webcit is still running on a port somewhere, but NOT 80/443! .. just think your way through it..

use 'netstat -lnp' see what is running on which port..

ParanoidDelusions, remember if you want to do the Start Page, you have to add the URL to the startup line.. [I forget the exact syntax, but you should have it.. You had it setup in the past.]



 



[#] Sun Jan 17 2021 22:46:44 EST from warbaby

Subject: Re: Webcit & ports..

[Reply] [ReplyQuoted] [Headers] [Print]

For the sake of argument, 'ag' is synonymous with 'grep' .. [But many times faster, and 2 letters shorter, so I highly recommend apt-get install silversearcher-ag]

[Also, I know the stupid thing Debian did about changing the default interfaces from eth0 etc.. to the literal, unpredictable device name, stupid, but probably not the cause of any actual problem with cit/webcit.. also, the nonsense with /run that broke all kinds of programs... ]

> Is changing the "-pXXX" in webcit.http(s).service *setting* the port for webcit, or just defining what port webcit is listening on?

Yes, it runs on the port that you specify when you launch it, it's not in the database or a config file or anything like that.

These are the files that systemd uses to stop, start and restart a service.

webcit-http.service

webcit-https.service

If you want to hack the ports manually by editing the files.. first stop the service..

service webcit-https stop

[make a backup copy, edit webcit-https.service, change ports alter command line, log level, start page, etc.. ]

service webcit-https start

you should be good to go without rebooting...

netstat is an important tool, regardless of their "feelings" about it, just install it from the packages..

Also, thank you for your work and contributions here in the support room.

 

Sun Jan 17 2021 10:09:14 PM EST from ParanoidDelusions Subject: Re: Webcit & ports..

Thank you for the response. 

Not really familiar with ack/ag - but it looks like the lines you provided below uses ag to search for "webcit" finds the systemd/system webcit-https.service and then shows you what line the port numbers for webcit are defined on in that config file, right? 

ack/ag are not installed as default tools on either Debian or Raspbian. 

The syntax I have in webcit-https.service is
 
ExecStart=/usr/local/webcit/webcit -s -p443 -g/dotgoto?room=hello uds /usr/local/citadel

Is changing the "-pXXX" in webcit.http(s).service *setting* the port for webcit, or just defining what port webcit is listening on? That may have been my confusion. I may have set up webcit by running ./setup in the webcit directory and then went in and manually edited the file in systemd/system. 

Debian and Raspbian use some new scheme to configure network interfaces, ip address, DNS addresses and related settings. It isn't "if up" and "if down" anymore. I'm not real comfortable with the new scheme - but, netstat is depreciated under the new method - not installed by default, and I ran into some obstacle with installing it along the new tools last time I tried.

I did manage to evidently get it sorted so that it isn't throwing up bind errors and the landing page is working once again. I did it the Windows admin way - shutting down hard then powering back up. Not sure what that would have fixed that a reboot didn't - but it started working right after that.   

Sun Jan 17 2021 20:38:07 EST from warbaby Subject: Webcit & ports..

WEBCIT/EASYINSTALL

root@mail:/etc# ag -i webcit
systemd/system/webcit-https.service
5:ExecStart=/usr/local/webcit/webcit -s -p2001 uds /usr/local/citadel

systemd/system/webcit-http.service
5:ExecStart=/usr/local/webcit/webcit -p8080 uds /usr/local/citadel
root@ellen:/etc#

OR, there are some older init scripts in /etc/init.d/webcit # if you have a package version..

You'll have to hack the files right there.. if it's in systemd, just cp or mv to some safe place, before you mess with them.. 

cp /etc/systemd/system/webcit-http ~/webcit-backup # etc.. or

cp webcit-http webcit-http.dist # something like that..

If you're using NGINX for Proxy pass, webcit is still running on a port somewhere, but NOT 80/443! .. just think your way through it..

use 'netstat -lnp' see what is running on which port..

ParanoidDelusions, remember if you want to do the Start Page, you have to add the URL to the startup line.. [I forget the exact syntax, but you should have it.. You had it setup in the past.]



 



 



[#] Sun Jan 17 2021 23:36:32 EST from ParanoidDelusions

Subject: Re: Webcit & ports..

[Reply] [ReplyQuoted] [Headers] [Print]

Thank you, again. This really helps clarify what is going on with this for me. It makes a lot more sense. 

And thanks for your patience with me as I figure out how to behave here. I know I'm sometimes more disruption than I'm worth, but I very rarely realize it when I'm in the middle of spinning around wildly in the middle of the china shop... :) 

I was just reading up on AG and was about to install it - but decided I'll give it a go on my test machine first, tomorrow. I'll do the same for netstat. 

Sun Jan 17 2021 22:46:44 EST from warbaby Subject: Re: Webcit & ports..

For the sake of argument, 'ag' is synonymous with 'grep' .. [But many times faster, and 2 letters shorter, so I highly recommend apt-get install silversearcher-ag]

 

netstat is an important tool, regardless of their "feelings" about it, just install it from the packages..

Also, thank you for your work and contributions here in the support room.

 

 


Go to page: First ... 17 18 19 20 [21] 22 23 24 25 ... Last