Language:
switch to room list switch to menu My folders
Go to page: First ... 22 23 24 25 [26] 27 28
[#] Thu Sep 30 2021 18:00:12 EDT from wintpe

[Reply] [ReplyQuoted] [Headers] [Print]

ok so i realised my mistake, in reading the doc on keys and have successfully generated the 3 for citadel and 3 for webcit, but 

still ssl connections dont work via webcit or 993/143, 587

any pointers in where to check would be apreciated.

im not using externaly signed certs, but im happy to use thunderbird in non strict conections.

everything is working fine in non secure mode by the way.

regards peter



[#] Fri Oct 01 2021 05:52:12 EDT from wintpe

Subject: Re: Docker container of Citadel is now ready to download

[Reply] [ReplyQuoted] [Headers] [Print]

 

Sat Aug 21 2021 19:08:24 EDT from IGnatius T Foobar Subject: Docker container of Citadel is now ready to download

Docker images are ready for testing :)

Go to https://www.citadel.org/docker.html to learn more. So far, this is working way better than the AppImage distribution was, and most of the work we did on that has translated very nicely to the container. It's extremely stable and should be compatible with any host system on which Docker will run.

We have 64-bit AMD/Intel and 32-bit ARM containers available.

It is currently considered a test build, but our intention is to make it the primary way people run the Citadel system, both on your own hardware and in the cloud.

hi, i posted a couple of messages in the support forum, re the docker images.

the download site did not mension it was for testing only, or maybe it was not obvious.

i have no prob running on test release if it works though so moving on.....

im now running the docker image as my home system, and its very stable, only thing that did not work, and whats not 

obvious , a way to fix was the generation of the keys.

 

im running it on rocky linux 8, essentialy centos/redhat.

 

i ran the three openssl commands to generatev the 3 keys for webcit and citadel in the citadel-data directory, and restarted

 

but i still cant enable non strict ssl or starttls on thunderbird or access webcit through https, whereas i could on my old citadel 8 rpm version.

any pointers?

 

regards peter

 



[#] Fri Oct 01 2021 14:08:20 EDT from IGnatius T Foobar

Subject: Re: Easy Install witouth Systemd

[Reply] [ReplyQuoted] [Headers] [Print]

Very, VERY VERY NICE. It's all integrated, i've actually found the
ports way back, but i tought, they were referring to the "webcit
client" ports, and i didn't know it would actually change ports.

Correct. WebCit doesn't speak to Citadel Server using all those ports. It speaks to Citadel Server either on port 504 or on a unix domain socket.
That screen in WebCit configures the ports that Citadel Server listens on for all those protocols.

[#] Fri Oct 01 2021 14:08:47 EDT from IGnatius T Foobar

Subject: Re: managesieve port

[Reply] [ReplyQuoted] [Headers] [Print]

it seems managesieve port is not saved in [Administration -> Edit
site-wide configuration -> SMTP], it's always "0", at least in the
latest docker container.

managesieve is no longer supported because Citadel no longer uses Sieve.

[#] Fri Oct 01 2021 14:09:45 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

ok so i realised my mistake, in reading the doc on keys and have
successfully generated the 3 for citadel and 3 for webcit, but 

still ssl connections dont work via webcit or 993/143, 587

When you generate new key and certificate, you need to give them the same file names as the automatically generated ones, and then restart the server.

[#] Sat Oct 02 2021 09:49:31 EDT from leemon

Subject: Re: managesieve port

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri Oct 01 2021 14:08:47 EDT from IGnatius T Foobar Subject: Re: managesieve port
it seems managesieve port is not saved in [Administration -> Edit
site-wide configuration -> SMTP], it's always "0", at least in the
latest docker container.

managesieve is no longer supported because Citadel no longer uses Sieve.

Ah, thanx! :)



[#] Mon Oct 04 2021 09:42:24 EDT from cfriend

Subject: Ongoing issue with Citserver crashing

[Reply] [ReplyQuoted] [Headers] [Print]

Good morning,

My Citserver keeps crashing intermittently and taking the database with it.  I ran for years on CentOS 5 with no trouble but every since I moved to Ubuntu 18 and then 20 I've had DB corruption issues.  dbrecover and other database cleanup tools do not solve the corruption in this case, it seems to obliterate cdb.02 completely when it dies.

I have had this happen several times over the past year, and each time my database my corrupted beyond repair and I have to restore a backup or delete the database, reconfig, and retransfer mail from my mail program (this is a personal mail server so thankfully only two users).  This time before I restored I went searching through logs and found the entries below, looks like libssl was involved.  Any ideas?  Nothing abnormal above the crash, just normal IMAP connections from my mail client.

Oct  3 04:55:52 nadia kernel: [2314146.493749] citserver[43094]: segfault at 30 ip 00007f87953bd744 sp 00007f87916259c8 error 4 in libssl.so.1.1[7f879539d000+4f000]
Oct  3 04:55:52 nadia kernel: [2314146.493761] Code: 38 01 00 00 00 c7 47 44 00 00 00 00 e8 55 23 01 00 48 8b 45 08 48 89 ef 48 8b 40 28 48 89 45 30 5d e9 00 fa ff ff f3 0f 1e fa <48> 83 7f 30 00 74 05 e9 f0 e5 ff ff 48 83 ec 18 48 89 7c 24 08 e8
Oct  3 04:55:52 nadia systemd[1]: citadel.service: Maingv process exited, code=killed, status=11/SEGV
Oct  3 04:55:52 nadia systemd[1]: citadel.service: Failed with result 'signal'.
Oct  3 04:55:52 nadia systemd[1]: citadel.service: Scheduled restart job, restart counter is at 9.
Oct  3 04:55:52 nadia systemd[1]: Stopped Citadel Server.
Oct  3 04:55:52 nadia systemd[1]: Started Citadel Server.
Oct  3 04:55:53 nadia citserver:
Oct  3 04:55:53 nadia citserver:
Oct  3 04:55:53 nadia citserver: *** Citadel server engine ***
Oct  3 04:55:53 nadia citserver: Version 931 (build 100b6a90d) ***
Oct  3 04:55:53 nadia citserver: Copyright (C) 1987-2021 by the Citadel development team.
Oct  3 04:55:53 nadia citserver:
Oct  3 04:55:53 nadia citserver: This program is open source software: you can redistribute it and/or
Oct  3 04:55:53 nadia citserver: modify it under the terms of the GNU General Public License, version 3.
Oct  3 04:55:53 nadia citserver:
Oct  3 04:55:53 nadia citserver: This program is distributed in the hope that it will be useful,
Oct  3 04:55:53 nadia citserver: but WITHOUT ANY WARRANTY; without even the implied warranty of
Oct  3 04:55:53 nadia citserver: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Oct  3 04:55:53 nadia citserver: GNU General Public License for more details.
Oct  3 04:55:53 nadia citserver:
Oct  3 04:55:53 nadia citserver: libcitadel(unnumbered)
Oct  3 04:55:53 nadia citserver: main: running in data directory /usr/local/citadel
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: Checking directory access
Oct  3 04:55:53 nadia citserver[43903]: Checking directory access
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: Opening databases
Oct  3 04:55:53 nadia citserver[43903]: Opening databases
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: db: mounting databases
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: Initializing configuration system
Oct  3 04:55:53 nadia citserver[43903]: Initializing configuration system
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: Creating base rooms (if necessary)
Oct  3 04:55:53 nadia citserver[43903]: Creating base rooms (if necessary)
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: Seeding the pseudo-random number generator...
Oct  3 04:55:53 nadia citserver[43903]: Seeding the pseudo-random number generator...
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: control: sanity checking the recorded highest message and room numbers
Oct  3 04:55:53 nadia citserver[43903]: control: sanity checking the recorded highest message and room numbers
Oct  3 04:55:53 nadia citserver[43903]: citserver[43903]: db: cdb_fetch(4): BDB0075 DB_PAGE_NOTFOUND: Requested page not found
Oct  3 04:55:53 nadia citserver[43903]: db: cdb_fetch(4): BDB0075 DB_PAGE_NOTFOUND: Requested page not found
Oct  3 04:55:53 nadia systemd[1]: citadel.service: Main process exited, code=exited, status=105/n/a
Oct  3 04:55:53 nadia systemd[1]: citadel.service: Failed with result 'exit-code'.
Oct  3 04:55:54 nadia systemd[1]: citadel.service: Scheduled restart job, restart counter is at 10.
Oct  3 04:55:54 nadia systemd[1]: Stopped Citadel Server.
Oct  3 04:55:54 nadia systemd[1]: Started Citadel Server.

etc... If restarted over and over again and finally gave up.



[#] Mon Oct 04 2021 14:47:02 EDT from IGnatius T Foobar

Subject: Re: Ongoing issue with Citserver crashing

[Reply] [ReplyQuoted] [Headers] [Print]


Citadel 939 fixes an issue that has plagued a number of sites (including this one) for a long time. It was kind of an embarrassing problem, too: if a client attempted to STARTTLS on a session that was already encrypted, you would get a segfault inside the OpenSSL library, just like your example suggests.
Normal clients don't act this way, but there are malicious scanners out there that are looking for bugs to exploit.

Upgrade to 939 and the problem goes away. However, the database should *not* be corrupted by the server crashing in this way. We had this site's server crash hundreds of times and it's never harmed the database. I wonder if there is something else going on on your system? Disk full? Filesystem problem?
Database logs being deleted too early?

Definitely do the upgrade, but until we figure out the database problem, I would suggest putting your Citadel installation on a btrfs filesystem and backing it up using nightly snapshots. btrfs snapshots are awesome for backups.

[#] Tue Oct 05 2021 10:12:50 EDT from wintpe

[Reply] [ReplyQuoted] [Headers] [Print]

i guessed that and have generated in /citadel-data webcit.* and citadel.*

if ive missread this somewhere then please correct me

but currently no ssl connections work

regards peter 



[#] Tue Oct 05 2021 10:14:07 EDT from wintpe

[Reply] [ReplyQuoted] [Headers] [Print]

 

Tue Oct 05 2021 10:12:50 EDT from wintpe

i guessed that and have generated in /citadel-data webcit.* and citadel.*

if ive missread this somewhere then please correct me

but currently no ssl connections work

regards peter 



sorry that was in replay to 

 

When you generate new key and certificate, you need to give them the same file names as the automatically generated ones, and then restart the server.



[#] Tue Oct 05 2021 10:24:13 EDT from wintpe

Subject: Re: Docker container of Citadel is now ready to download

[Reply] [ReplyQuoted] [Headers] [Print]

you might have posted that on the forum, in the announcement, but thats not what you see if you go direct to the download page or the documentation.
 
from the download page or documentation the docker build looks like an official release
 

 

regards peter 
Fri Oct 01 2021 05:52:12 EDT from wintpe Subject: Re: Docker container of Citadel is now ready to download

 

Sat Aug 21 2021 19:08:24 EDT from IGnatius T Foobar Subject: Docker container of Citadel is now ready to download

Docker images are ready for testing :)

Go to https://www.citadel.org/docker.html to learn more. So far, this is working way better than the AppImage distribution was, and most of the work we did on that has translated very nicely to the container. It's extremely stable and should be compatible with any host system on which Docker will run.

We have 64-bit AMD/Intel and 32-bit ARM containers available.

It is currently considered a test build, but our intention is to make it the primary way people run the Citadel system, both on your own hardware and in the cloud.

hi, i posted a couple of messages in the support forum, re the docker images.

the download site did not mension it was for testing only, or maybe it was not obvious.

i have no prob running on test release if it works though so moving on.....

im now running the docker image as my home system, and its very stable, only thing that did not work, and whats not 

obvious , a way to fix was the generation of the keys.

 

im running it on rocky linux 8, essentialy centos/redhat.

 

i ran the three openssl commands to generatev the 3 keys for webcit and citadel in the citadel-data directory, and restarted

 

but i still cant enable non strict ssl or starttls on thunderbird or access webcit through https, whereas i could on my old citadel 8 rpm version.

any pointers?

 

regards peter

 

you might have posted that on the forum, in the announcement, but thats not what you see if you go direct to the download page or the documentation.
 
from the download page or documentation the docker build looks like an official release
 
regards peter 

 



[#] Thu Oct 07 2021 15:58:35 EDT from cfriend

Subject: Re: Ongoing issue with Citserver crashing

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Oct 04 2021 14:47:02 EDT from IGnatius T Foobar Subject: Re: Ongoing issue with Citserver crashing

Citadel 939 fixes an issue that has plagued a number of sites (including this one) for a long time. It was kind of an embarrassing problem, too: if a client attempted to STARTTLS on a session that was already encrypted, you would get a segfault inside the OpenSSL library, just like your example suggests.
Normal clients don't act this way, but there are malicious scanners out there that are looking for bugs to exploit.

Upgrade to 939 and the problem goes away. However, the database should *not* be corrupted by the server crashing in this way. We had this site's server crash hundreds of times and it's never harmed the database. I wonder if there is something else going on on your system? Disk full? Filesystem problem?
Database logs being deleted too early?

Definitely do the upgrade, but until we figure out the database problem, I would suggest putting your Citadel installation on a btrfs filesystem and backing it up using nightly snapshots. btrfs snapshots are awesome for backups.

I did the upgrade that afternoon and I just finished setting up and mounting a BTRFS partition. Database has been moved into the new location. I have a CRON job set to run btrfs-snap at Midnight daily and keep 10 snapshots.  We will see if there are any more issues with DB corruption, so far, so good.

Thank you for the help.

 



[#] Fri Oct 15 2021 04:24:22 EDT from lotharea

Subject: Setting up DKIM - using Submission protocol for outbound

[Reply] [ReplyQuoted] [Headers] [Print]

Hi guys!

I am looking at the possible setup to add DKIM verification to my citadel server. I've looked at the instructions found under: https://www.citadel.org/dspam.html
Given that citadel supports both 25 (SMTP) and 587 (Submission) - would it be possible to set the dkimproxy to use the Submission protocol as it's outbound SMTP server like this:

  # specify what address/port DKIMproxy should listen on
  listen    127.0.0.1:10027
  
  # specify what address/port DKIMproxy forwards mail to
  relay     127.0.0.1:587

Eliminating the need to use an external SMTP provider or a separate mail server installation locally?



[#] Sat Oct 16 2021 12:29:22 EDT from IGnatius T Foobar

Subject: Re: Setting up DKIM - using Submission protocol for outbound

[Reply] [ReplyQuoted] [Headers] [Print]

Yes, you absolutely can configure Citadel to deliver outbound mail through any proxy you want. The "smart-host" box in the Internet configuration section will accept *any* valid SMTP URL.

For example: http://username:password@127.0.0.1:10027

[#] Sat Oct 30 2021 06:53:09 EDT from sciens

[Reply] [ReplyQuoted] [Headers] [Print]

Anyone come across this?

 

Oct 30 03:43:18 mailsrv01 systemd[1]: Started Citadel Server.
Oct 30 03:43:18 mailsrv01 citserver[2174]:
Oct 30 03:43:18 mailsrv01 citserver[2174]:
Oct 30 03:43:18 mailsrv01 citserver[2174]: *** Citadel server engine ***
Oct 30 03:43:18 mailsrv01 citserver[2174]: Version 939 (build 60d08101d) ***
Oct 30 03:43:18 mailsrv01 citserver[2174]: Copyright (C) 1987-2021 by the Citadel development team.
Oct 30 03:43:18 mailsrv01 citserver[2174]:
Oct 30 03:43:18 mailsrv01 citserver[2174]: This program is open source software: you can redistribute it and/or
Oct 30 03:43:18 mailsrv01 citserver[2174]: modify it under the terms of the GNU General Public License, version 3.
Oct 30 03:43:18 mailsrv01 citserver[2174]:
Oct 30 03:43:18 mailsrv01 citserver[2174]: This program is distributed in the hope that it will be useful,
Oct 30 03:43:18 mailsrv01 citserver[2174]: but WITHOUT ANY WARRANTY; without even the implied warranty of
Oct 30 03:43:18 mailsrv01 citserver[2174]: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Oct 30 03:43:18 mailsrv01 citserver[2174]: GNU General Public License for more details.
Oct 30 03:43:18 mailsrv01 citserver[2174]:
Oct 30 03:43:18 mailsrv01 citserver[2174]: libcitadel(unnumbered)
Oct 30 03:43:18 mailsrv01 citserver[2174]: main: running in data directory /usr/local/citadel
Oct 30 03:43:18 mailsrv01 citserver[2174]: citserver[2174]: Checking directory access
Oct 30 03:43:18 mailsrv01 citserver[2174]: Checking directory access
Oct 30 03:43:18 mailsrv01 citserver[2174]: citserver[2174]: Opening databases
Oct 30 03:43:18 mailsrv01 citserver[2174]: Opening databases
Oct 30 03:43:18 mailsrv01 citserver[2174]: citserver[2174]: db: mounting databases
Oct 30 03:43:18 mailsrv01 citserver[2174]: db: mounting databases
Oct 30 03:43:18 mailsrv01 citserver[2174]: citserver[2174]: Initializing configuration system
Oct 30 03:43:18 mailsrv01 citserver[2174]: Initializing configuration system
Oct 30 03:43:18 mailsrv01 citserver[2174]: Your system is configured for LDAP authentication,
Oct 30 03:43:18 mailsrv01 citserver[2174]: but you are running a server built without OpenLDAP support.
Oct 30 03:43:18 mailsrv01 systemd[1]: citadel.service: Main process exited, code=exited, status=107/n/a
Oct 30 03:43:18 mailsrv01 systemd[1]: citadel.service: Failed with result 'exit-code'.
Oct 30 03:43:18 mailsrv01 systemd[1]: citadel.service: Service RestartSec=100ms expired, scheduling restart.
Oct 30 03:43:18 mailsrv01 systemd[1]: citadel.service: Scheduled restart job, restart counter is at 5.
Oct 30 03:43:18 mailsrv01 systemd[1]: Stopped Citadel Server.
Oct 30 03:43:18 mailsrv01 systemd[1]: citadel.service: Start request repeated too quickly.
Oct 30 03:43:18 mailsrv01 systemd[1]: citadel.service: Failed with result 'exit-code'.
Oct 30 03:43:18 mailsrv01 systemd[1]: Failed to start Citadel Server.

Fresh install using the easy script and tried to configure the instance for LDAP 2307 auth.



[#] Sat Oct 30 2021 11:34:09 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Try installing the OpenLDAP development libraries (apt install libldap2-dev , or yum install openldap-devel , depending on your Linux distribution) then wipe the Citadel build and try it again.

I'm happy to see you're using LDAP authentication. It really integrates well!

[#] Sun Oct 31 2021 04:44:27 EDT from sciens

[Reply] [ReplyQuoted] [Headers] [Print]

 

Sat Oct 30 2021 11:34:09 EDT from IGnatius T Foobar
Try installing the OpenLDAP development libraries (apt install libldap2-dev , or yum install openldap-devel , depending on your Linux distribution) then wipe the Citadel build and try it again.

I'm happy to see you're using LDAP authentication. It really integrates well!

I installed openldap-devel after the fact. Ill try to rerun the install and add the openldap-devel package before running the easy script.

[root@mailsrv01 ~]# yum list installed | grep ldap
openldap.x86_64                                                    2.4.46-17.el8_4                           @anaconda
openldap-clients.x86_64                                            2.4.46-17.el8_4                           @baseos
openldap-devel.x86_64                                              2.4.46-17.el8_4                           @baseos

 



[#] Sun Oct 31 2021 06:52:07 EDT from sciens

[Reply] [ReplyQuoted] [Headers] [Print]

Yep. Same result...

Centos-8 Stream wouldn't be the problem would it?

 



[#] Mon Nov 01 2021 09:40:42 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Are you sure Easy Install built a new server? Normally it doesn't rebuild unless it sees we released a new version. If you delete all of the *.sum files in /usr/local/ctdlsupport/etc and /usr/local/citadel, it will force Easy Install to recompile everything on the next run.

If that doesn't work, we'll try to get you going using the Docker version.,

[#] Tue Nov 02 2021 03:04:07 EDT from sciens

[Reply] [ReplyQuoted] [Headers] [Print]

I did a whole OS reinstall verified the openldap packages were installed and reran the easy install. (yum install -y openldap* *ldap) just to be sure nothing was missing.

Id prefer to run on an OS since I have an all virtualized environment.

I know the easy script compiles some things but didnt know it did the entire compilation process. I presume manual compiling wouldn't give a different result.



Go to page: First ... 22 23 24 25 [26] 27 28