the citadel server posts "New user account <> has been created, from host []." every few minutes as message in the aide room. this is causing severe spam as i'm getting a message every few minutes. i assume this isn't supposed to happen but i dont know whats wrong.

Obviously it shouldn't be doing that.   I wonder if you could run citserver in the foreground (shut down the service and then run citserver -x9) and then catch a few screenfuls of logging while that problem is happening.  Maybe it would show the source of those messages.

Hi All! I just installed CITADEL on my CentOS7 webserver and was pleased to see it install quickly.

first installer run failed with 'couldn't create /usr/local/citadel/ but after i manually created that, it all just breezed thru.

this is development server and its already running webs on port 80 ( apache) so I installed to a different port.

I located the existing letsencrypt key and cert files for the hostname domain and copied them to /usr/local/citadel/keys/ and then renamed them citadel.key and citadel.cer

restarted everything and now i can get a secure page to the WebCit interface. Its working fine, sending and receiving mails on both the domains I specified. Very nice!

The one thing I want to clear up is when i do a mail server test over at mxtoolbox.com it passes everything BUT reports "Warning - Does not support TLS." ( Your SMTP email server does advertise support for TLS.  After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support. )

What do I need to do to get the citadel server connections encrypted? I haven't found that in the docs online yet.   TIA!

Fri Aug 05 2022 16:20:47 EDT from rockandroller Subject: making TLS work...

Hi All! I just installed CITADEL on my CentOS7 webserver and was pleased to see it install quickly.

first installer run failed with 'couldn't create /usr/local/citadel/ but after i manually created that, it all just breezed thru.

this is development server and its already running webs on port 80 ( apache) so I installed to a different port.

I located the existing letsencrypt key and cert files for the hostname domain and copied them to /usr/local/citadel/keys/ and then renamed them citadel.key and citadel.cer

restarted everything and now i can get a secure page to the WebCit interface. Its working fine, sending and receiving mails on both the domains I specified. Very nice!

The one thing I want to clear up is when i do a mail server test over at mxtoolbox.com it passes everything BUT reports "Warning - Does not support TLS." ( Your SMTP email server does advertise support for TLS.  After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support. )

What do I need to do to get the citadel server connections encrypted? I haven't found that in the docs online yet.   TIA!

 

PS: Interestingly, if i check the details of mails sent from my CITADEL to gmail, gmail reports that they are encrypted just fine, with standard encryption ( (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); ).

Not sure why mxtoolbox "fails" the test, it always used to pass that when i was running Postfix on this box...

it seems the issue is with a user (managed service account created automatically by windows) who's ID is already taken 

citserver[344]: ldap: found CN=krbtgt,CN=Users,DC=feathersfirst,DC=local

citserver[344]: ldap: uid = 1888212710

citserver[344]: ldap: display name: <> , uid = <1888212710>

citserver[344]: user_ops: 7803 maps to 

citserver[344]: openid: uid:1888212710 already belongs to another user

TRANSLATE with x

English

Arabic	Hebrew	Polish
Bulgarian	Hindi	Portuguese
Catalan	Hmong Daw	Romanian
Chinese Simplified	Hungarian	Russian
Chinese Traditional	Indonesian	Slovak
Czech	Italian	Slovenian
Danish	Japanese	Spanish
Dutch	Klingon	Swedish
English	Korean	Thai
Estonian	Latvian	Turkish
Finnish	Lithuanian	Ukrainian
French	Malay	Urdu
German	Maltese	Vietnamese
Greek	Norwegian	Welsh
Haitian Creole	Persian

 

TRANSLATE with

COPY THE URL BELOW

Back

EMBED THE SNIPPET BELOW IN YOUR SITE

Enable collaborative features and customize widget: Bing Webmaster Portal

Back

i was able to hunt own the account it was whining about and put it in a special folder i made just for managed service accounts.. and it hasn't complained /yet/ about it in the aide channel. i've created an actual account since and it shows actual logs now, not just spam! its 419 pages long so i'm wondering, is there a way to nuke it and clean it out without messing anything up? i assume deleting and recreating it would causes permissions issues or something. but if not, its really not too big a deal. it seems to have stopped completely so i'm happy.

i was able to go to https://mail.example.com/dotskip?room=Aide&view=1# and delete around 500 messages at a time until all multiple 10s of thousands of messages were deleted

TRANSLATE with x

English

Arabic	Hebrew	Polish
Bulgarian	Hindi	Portuguese
Catalan	Hmong Daw	Romanian
Chinese Simplified	Hungarian	Russian
Chinese Traditional	Indonesian	Slovak
Czech	Italian	Slovenian
Danish	Japanese	Spanish
Dutch	Klingon	Swedish
English	Korean	Thai
Estonian	Latvian	Turkish
Finnish	Lithuanian	Ukrainian
French	Malay	Urdu
German	Maltese	Vietnamese
Greek	Norwegian	Welsh
Haitian Creole	Persian

 

TRANSLATE with

COPY THE URL BELOW

Back

EMBED THE SNIPPET BELOW IN YOUR SITE

Enable collaborative features and customize widget: Bing Webmaster Portal

Back

• Im Wörterbuch speichern
   
  • Keine Wortliste für Englisch → Englisch (USA)...
     
  • Eine neue Wortliste erstellen...
• Kopieren

Can I host more than one certificate on a single Citadel server?  

That is, can I host    xxx.yyy.com     and    aaa.bbb.com    on the same server just by installing more than one certificate/key pair?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

Can I host more than one certificate on a single Citadel server?  

That is, can I host    xxx.yyy.com     and    aaa.bbb.com    on the same server just by installing more than one certificate/key pair?

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

it would CERT-ainly be the easiest way, as afaik citadel was made for small use cases and only takes one cert.. so you'd have to combine them. easiest way to combine them and keep them up to date is lets encrypt.. and the mail server should be visible at least at mail.example1.com and mail.example2.com if you set it up right with multidomains.. and when you request mail.example1.com and mail.example2.com it SHOULD also grant example1.com and example2.com by default... so even if your mail server isn't the main website on the domain, it should work. for me, i have an nginx reverse proxy on my domain.tld and mail is mail.domain.tld and all my certs are handled by the reverse proxy which then just has a cron that rsyncs them to all the other web-facing servers in my network daily, so every system always has up to date certs and if a system fails, i get notified about it via the cron email thingy and i just have the rsync directory be the one that citadel takes its certs from and then just forget about it. of course, make sure you can only log into whatever user via SSH certs and not passwords, because that's safer.

TRANSLATE with x

English

Arabic	Hebrew	Polish
Bulgarian	Hindi	Portuguese
Catalan	Hmong Daw	Romanian
Chinese Simplified	Hungarian	Russian
Chinese Traditional	Indonesian	Slovak
Czech	Italian	Slovenian
Danish	Japanese	Spanish
Dutch	Klingon	Swedish
English	Korean	Thai
Estonian	Latvian	Turkish
Finnish	Lithuanian	Ukrainian
French	Malay	Urdu
German	Maltese	Vietnamese
Greek	Norwegian	Welsh
Haitian Creole	Persian

 

TRANSLATE with

COPY THE URL BELOW

Back

EMBED THE SNIPPET BELOW IN YOUR SITE

Enable collaborative features and customize widget: Bing Webmaster Portal

Back

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

Is there a way to redirect all HTTP traffic on the web client to HTTPS?

Thanks.

Is there a way to redirect all HTTP traffic on the web client to HTTPS?

Not using Citadel by itself, but you can easily do that by putting some other web server on port 80 and redirecting to HTTPS as per the normal method.

Trying to follow instructions at https://www.citadel.org/how_do_i_retrieve.html -> Webcit

First question: can the local cit server be referred to as a remote pop3? When I say no, I try to change folder settings as follows

Positioned at my room, folder Mail (INBOX) -> Advanced -> Edit or delete this room

-> Configuration. Making changes (e.g. tick File directory room, Directory name /home/pi/Mail

Upon Save changes, Webcit says "Cannot edit this room". What's required?

Some details:

citadel and webcit installed on RaspberryPi 4

User "pi" has admin privilege. Logged in locally (keyboard, mouse and screen, i.e. not ssh)

ls -ld /home/pi/Mail :: drwxrwxrwx 2 root pi 4096 Aug 15 12:53 /home/pi/Mail 

Chromium-browser URL=http://192.168.0.21:8090 functioning perfectly so far.

In the end I want to access incoming mail from a place like /var/mail/pi using a basic command like cat

/hgs_at_oso

Thanks for the hint. I'm still struggling with inconsistent settings in a range of configs. fetchmail is installed. Awaiting success...

/hgs_at_oso

On my system there's no lpr. As a workaround I defined in /etc/citadel/citadel.rc

printcmd=/usr/bin/lpr

a script intended to pipe STDIN to a file

ls -l /usr/bin/lpr

-rwxr-xr-x 1 root root 77 Aug 19 09:12 /usr/bin/lpr

cat /usr/bin/lpr

#!/bin/sh
echo "This is a fake lpr"
cat >> /home/pi/Mail/container.txt
exit

ls -l /home/pi/Mail/container.txt

-rw-rw-rw- 1 pi pi 0 Aug 18 23:01 /home/pi/Mail/container.txt

Using it from a bash command line the script is working. Restarting citserver from webcit, going to a message in my Mail room and clicking print doesn't do the intended. Instead, there's a short flash of a window too short to read. Is /etc/citadel/citadel.rc the right file to edit? What do I have to do?

Thanks in advance

/hgs_at_oso