SYS_Citadel
Syslog has this when it works correctly.:
Jan 9 03:00:05 serv citserver[645]: citserver[645]: user_ops: <SYS_Citadel> is logged in; not deleting
Jan 9 03:00:05 serv citserver[645]: user_ops: <SYS_Citadel> is logged in; not deleting
Jan 9 03:00:05 serv citserver[645]: citserver[645]: Purged 1 users.
Jan 9 03:00:05 serv citserver[645]: Purged 1 users.
Jan 9 03:00:06 serv citserver[645]: citserver[645]: Expired 645 messages
Jan 19 03:00:57 server citserver[15494]: citserver[15494]: Purged 0 users.
Jan 19 03:00:57 server citserver[15494]: context: scheduled 1 idle sessions for termination
Jan 19 03:00:57 server citserver[15494]: Auto-purger: starting.
Jan 19 03:00:57 server citserver[15494]: Purged 0 users.
Jan 19 03:00:57 server citserver[15494]: citserver[15494]: context: [18720]SRV[SMTP-MTA] Session ended.
Jan 19 03:00:57 server citserver[15494]: context: [18720]SRV[SMTP-MTA] Session ended.
Jan 19 03:00:59 server citserver[15494]: citserver[15494]: Expired 1011 messages.
it forwards external name to internal IP. Retains the same port.
However it may be moot, tinyproxy is crashing again after too many sessions. Bumped up resources and ti runs about 3 hours then poof it dies. I'm thinking i'm going to read up on ngnix, set that up and see if it can handle the flood better.
I'm more interested in what conditions are configured to cause an HTTP connection to be forwarded to WebCit. Are you doing it by name, by path, by port, something else...?
Subject: Easy Install of fresh Ubuntu server ONLY listens on IPv6
Hello all,
I just stumbled upon this tool and love what it appears to do, so I thought I would give it a shot!
I spun up a new Ubuntu VPS, ran all my updates and upgrades, then ran the Easy Install!
I went through all the setup steps and selected '*' to listen on both IPv4 and IPv6 interfaces. When Citadel started I was not able to access it. I checked my netstat and all of the cit services are ONLY listening on IPv6. I know this server has an IPv4 interface, as that is the address I am using to SSH to it. Any ideas why it would only be using IPv6?
Subject: Re: User SYS_Citadel is not getting autopurged
and here is when SYS_Citadel is not getting autopurged.
For now, don't worry about it. We're actually trying to get rid of SYS_Citadel so you don't see it anymore.
Subject: Re: Easy Install of fresh Ubuntu server ONLY listens on IPv6
I went through all the setup steps and selected '*' to listen on both
IPv4 and IPv6 interfaces. When Citadel started I was not able to
access it. I checked my netstat and all of the cit services are ONLY
listening on IPv6. I know this server has an IPv4 interface, as that
is the address I am using to SSH to it. Any ideas why it would only
be using IPv6?
That may be misleading. On a Linux system (unlike, say, OpenBSD) listening on IPv6 with an address like "*" will also make it listen on IPv4. Can you post the output of "ss -lt" so we can see where it thinks it's listening?
I suspect the problem might be somewhere else.
Subject: Re: Easy Install of fresh Ubuntu server ONLY listens on IPv6
It does appear to be listening on all interfaces...hmm...
Found it. It was UFW. That is usually disabled on Ubuntu installs by default.
I allowed 80 and 443 through the firewall and we are all good! Thanks!
Subject: Re: Easy Install of fresh Ubuntu server ONLY listens on IPv6
For what its worth, i switched to using Apache as the reverse proxy, things are ok now.
Tried to use Pound after Tinyproxy, and while i think it woudl work ( and is small, etc ) but it does a https redirect on every call, and it seems you cant turn it off. Sure, that might be the 'best' way these days, and one should never do anything that isn't SSL, but until i have certs on everything that breaks me.
So I quickly followed the directions in the docs in regards to the docker install (which there are no -p docs for it seems?) and I have the server up and running, but logging into it interactively and trying to run setup results in an error that 'setup could not connect to a running citadel server.: No such file or directory citadel-admin.socket'. How does one 'setup' the docker container install?
sorry if I missed the docs on this somewhere!
So I quickly followed the directions in the docs in regards to the docker install (which there are no -p docs for it seems?) and I have the server up and running, but logging into it interactively and trying to run setup results in an error that 'setup could not connect to a running citadel server.: No such file or directory citadel-admin.socket'. How does one 'setup' the docker container install?
sorry if I missed the docs on this somewhere!
nevermind! got the setup to work, see the default password is 'citadel' ... duh ...
cheers ..
Help me out here, what is a "-p doc" ?
Correct, there is no setup step on the Docker version, it is already running and you just log into it.
Help me out here, what is a "-p doc" ?
apologies ... -p (parameters that you pass docker run ...)
thanks!
also, just a heads up, looks like the link for the 'example customized login screen' on https://www.citadel.org/documentation.html is incorrect ... it links to the same link as 'sample customized room view' ...
Cheers,
Jay
apologies ... -p (parameters that you pass docker run ...)
Thanks for pointing that out. I have amended https://www.citadel.org/docker.html with a section documenting all of the optional flags.
also, just a heads up, looks like the link for the 'example customized login screen' on https://www.citadel.org/documentation.html is incorrect ... it links to the same link as 'sample customized room view' ...
Thanks for pointing that out too. There were a bunch of obsolete links in that section and I have removed them.
Hi all,
I'm just about to set up a personal email server, and am considering Citadel, but have two questions.
1) Is it possible to set up "encryption on rest" (what I mean by this is that any unencrypted emails that land on the server are encrypted using a GPG key)?
2) I'm planning on having a local server on a Raspberry Pi and a remote server on a VPS (both Citadel). Any emails I send should go to my local server, get forwarded to the remote server and then sent to their intended recipient. Any emails sent to me should be sent to the remote server, and then forwarded to my local server. Basically I want the remote server to act as a private relay (which doesn't permanently store any messages, just sends them where they have to go). I saw https://www.citadel.org/relay.html but that doesn't seem to be about what I'm trying to do. Is a set up like this possible?
:)
Subject: Re: Two questions: Encryption on rest and Relays
1) There's no support for encryption-at-rest in the message store itself.
You might consider just encrypting the volume that it runs on? I don't know your specific situation but maybe that would work.
2) If you need to relay both inbound and outbound mail through an external relay, then your "local" server should be a Citadel, but the "external" server should not. You can use postfix or whatever your favorite traditional MTA is. The configuration would be something like this:
* For outbound mail, follow the smart host instructions at https://www.citadel.org/relay.html
* For inbound mail, configure the external server to relay your domain's mail to the Citadel server. If you are running Citadel from a dynamic or unpublished address then maybe configure a Wireguard tunnel to be initiated by the private server and then point the mail towards your end of the tunnel, so when the tunnel is up, the mail queue will be sent to it.
This type of setup used to be very common back in the days when a lot of sites had demand-dialed Internet connections.
Subject: Re: Two questions: Encryption on rest and Relays
Excellent. Thank you. That all sounds perfect. I'll have a go setting it up, and come back if I get stuck! :)
Sun Jan 30 2022 11:47:41 EST from IGnatius T Foobar Subject: Re: Two questions: Encryption on rest and Relays
1) There's no support for encryption-at-rest in the message store itself.
You might consider just encrypting the volume that it runs on? I don't know your specific situation but maybe that would work.
2) If you need to relay both inbound and outbound mail through an external relay, then your "local" server should be a Citadel, but the "external" server should not. You can use postfix or whatever your favorite traditional MTA is. The configuration would be something like this:
* For outbound mail, follow the smart host instructions at https://www.citadel.org/relay.html
* For inbound mail, configure the external server to relay your domain's mail to the Citadel server. If you are running Citadel from a dynamic or unpublished address then maybe configure a Wireguard tunnel to be initiated by the private server and then point the mail towards your end of the tunnel, so when the tunnel is up, the mail queue will be sent to it.
This type of setup used to be very common back in the days when a lot of sites had demand-dialed Internet connections.
Subject: Re: Two questions: Encryption on rest and Relays
Excellent. Thank you. That all sounds perfect. I'll have a go setting itup,
and come back if I get stuck! :)
Come back even if you don't get stuck. We have a great community here :)