Please wait...
0 files
Hello,
My Citserver stopped listening on port 25. If I change the SMTP port to 2525 it will listen on that port.
Where are the log files and how can I set the level of logging for debugging? Where are the startup parameters stored? Are they in the database?
Thanks!
Mark
the citadel server posts "New user account <> has been created, from host []." every few minutes as message in the aide room. this is causing severe spam as i'm getting a message every few minutes. i assume this isn't supposed to happen but i dont know whats wrong.
- Afrikaans
- Albanisch
- Amharisch
- Arabisch
- Armenisch
- Aserbaidschanisch
- Bengalisch
- Birmanisch
- Bulgarisch
- Chinesisch (traditionell)
- Chinesisch (vereinfacht)
- Deutsch
- Dänisch
- Englisch
- Estnisch
- Finnisch
- Französisch
- Griechisch
- Gujarati
- Haitianisch
- Hebräisch
- Hindi
- Indonesisch
- Isländisch
- Italienisch
- Japanisch
- Kannada
- Kasachisch
- Katalanisch
- Khmer
- Koreanisch
- Kroatisch
- Kurdisch (kurmandschi)
- Lao
- Lettisch
- Litauisch
- Malagasy
- Malayalam
- Malaysisch
- Maltesisch
- Maori
- Marathi
- Nepalesisch
- Niederländisch
- Norwegisch
- Paschtu
- Persisch
- Polnisch
- Portugiesisch
- Punjabi
- Rumänisch
- Russisch
- Samoanisch
- Schwedisch
- Slowakisch
- Slowenisch
- Spanisch
- Tamil
- Telugu
- Thailändisch
- Tschechisch
- Türkisch
- Ukrainisch
- Ungarisch
- Urdu
- Vietnamesisch
- Walisisch
Subject: Re: Debugging Citserver not listening on port 25
if you're using debian linux, the system by default has a postfix server running for internal user mailboxes within the system itself. run "service postfix stop" and disable it with systemctl... then see if it listens.
Subject: Re: Debugging Citserver not listening on port 25
My Citserver stopped listening on port 25. If I change the SMTP port to 2525 it will listen on that port.
Where are the log files and how can I set the level of logging for debugging? Where are the startup parameters stored? Are they in the database?
Does something else answer on port 25? If you do "ss -ltn" does something else show on port 25?
Startup parameters are in /etc/systemd/system/citadel.service and you can adjust whatever you need, or you can start up citserver manually with "-x9" for maximum debugging.
the citadel server posts "New user account <> has been created, from host []." every few minutes as message in the aide room. this is causing severe spam as i'm getting a message every few minutes. i assume this isn't supposed to happen but i dont know whats wrong.
Obviously it shouldn't be doing that. I wonder if you could run citserver in the foreground (shut down the service and then run citserver -x9) and then catch a few screenfuls of logging while that problem is happening. Maybe it would show the source of those messages.
Hi All! I just installed CITADEL on my CentOS7 webserver and was pleased to see it install quickly.
first installer run failed with 'couldn't create /usr/local/citadel/ but after i manually created that, it all just breezed thru.
this is development server and its already running webs on port 80 ( apache) so I installed to a different port.
I located the existing letsencrypt key and cert files for the hostname domain and copied them to /usr/local/citadel/keys/ and then renamed them citadel.key and citadel.cer
restarted everything and now i can get a secure page to the WebCit interface. Its working fine, sending and receiving mails on both the domains I specified. Very nice!
The one thing I want to clear up is when i do a mail server test over at mxtoolbox.com it passes everything BUT reports "Warning - Does not support TLS." ( Your SMTP email server does advertise support for TLS. After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support. )
What do I need to do to get the citadel server connections encrypted? I haven't found that in the docs online yet. TIA!
Hi All! I just installed CITADEL on my CentOS7 webserver and was pleased to see it install quickly.
first installer run failed with 'couldn't create /usr/local/citadel/ but after i manually created that, it all just breezed thru.
this is development server and its already running webs on port 80 ( apache) so I installed to a different port.
I located the existing letsencrypt key and cert files for the hostname domain and copied them to /usr/local/citadel/keys/ and then renamed them citadel.key and citadel.cer
restarted everything and now i can get a secure page to the WebCit interface. Its working fine, sending and receiving mails on both the domains I specified. Very nice!
The one thing I want to clear up is when i do a mail server test over at mxtoolbox.com it passes everything BUT reports "Warning - Does not support TLS." ( Your SMTP email server does advertise support for TLS. After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support. )
What do I need to do to get the citadel server connections encrypted? I haven't found that in the docs online yet. TIA!
PS: Interestingly, if i check the details of mails sent from my CITADEL to gmail, gmail reports that they are encrypted just fine, with standard encryption ( (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); ).
Not sure why mxtoolbox "fails" the test, it always used to pass that when i was running Postfix on this box...
Subject: Re: Debugging Citserver not listening on port 25
it seems the issue is with a user (managed service account created automatically by windows) who's ID is already taken
citserver[344]: ldap: found CN=krbtgt,CN=Users,DC=feathersfirst,DC=local
citserver[344]: ldap: uid = 1888212710
citserver[344]: ldap: display name: <> , uid = <1888212710>
citserver[344]: user_ops: 7803 maps to
citserver[344]: openid: uid:1888212710 already belongs to another user
- Afrikaans
- Albanisch
- Amharisch
- Arabisch
- Armenisch
- Aserbaidschanisch
- Bengalisch
- Birmanisch
- Bulgarisch
- Chinesisch (traditionell)
- Chinesisch (vereinfacht)
- Deutsch
- Dänisch
- Englisch
- Estnisch
- Finnisch
- Französisch
- Griechisch
- Gujarati
- Haitianisch
- Hebräisch
- Hindi
- Indonesisch
- Isländisch
- Italienisch
- Japanisch
- Kannada
- Kasachisch
- Katalanisch
- Khmer
- Koreanisch
- Kroatisch
- Kurdisch (kurmandschi)
- Lao
- Lettisch
- Litauisch
- Malagasy
- Malayalam
- Malaysisch
- Maltesisch
- Maori
- Marathi
- Nepalesisch
- Niederländisch
- Norwegisch
- Paschtu
- Persisch
- Polnisch
- Portugiesisch
- Punjabi
- Rumänisch
- Russisch
- Samoanisch
- Schwedisch
- Slowakisch
- Slowenisch
- Spanisch
- Tamil
- Telugu
- Thailändisch
- Tschechisch
- Türkisch
- Ukrainisch
- Ungarisch
- Urdu
- Vietnamesisch
- Walisisch
Subject: Re: Debugging Citserver not listening on port 25
i was able to hunt own the account it was whining about and put it in a special folder i made just for managed service accounts.. and it hasn't complained /yet/ about it in the aide channel. i've created an actual account since and it shows actual logs now, not just spam! its 419 pages long so i'm wondering, is there a way to nuke it and clean it out without messing anything up? i assume deleting and recreating it would causes permissions issues or something. but if not, its really not too big a deal. it seems to have stopped completely so i'm happy.
Subject: Re: Debugging Citserver not listening on port 25
i was able to go to https://mail.example.com/dotskip?room=Aide&view=1# and delete around 500 messages at a time until all multiple 10s of thousands of messages were deleted
- Afrikaans
- Albanisch
- Amharisch
- Arabisch
- Armenisch
- Aserbaidschanisch
- Bengalisch
- Birmanisch
- Bulgarisch
- Chinesisch (traditionell)
- Chinesisch (vereinfacht)
- Deutsch
- Dänisch
- Englisch
- Estnisch
- Finnisch
- Französisch
- Griechisch
- Gujarati
- Haitianisch
- Hebräisch
- Hindi
- Indonesisch
- Isländisch
- Italienisch
- Japanisch
- Kannada
- Kasachisch
- Katalanisch
- Khmer
- Koreanisch
- Kroatisch
- Kurdisch (kurmandschi)
- Lao
- Lettisch
- Litauisch
- Malagasy
- Malayalam
- Malaysisch
- Maltesisch
- Maori
- Marathi
- Nepalesisch
- Niederländisch
- Norwegisch
- Paschtu
- Persisch
- Polnisch
- Portugiesisch
- Punjabi
- Rumänisch
- Russisch
- Samoanisch
- Schwedisch
- Slowakisch
- Slowenisch
- Spanisch
- Tamil
- Telugu
- Thailändisch
- Tschechisch
- Türkisch
- Ukrainisch
- Ungarisch
- Urdu
- Vietnamesisch
- Walisisch
- Im Wörterbuch speichern
- Keine Wortliste für Englisch → Englisch (USA)...
- Eine neue Wortliste erstellen...
- Keine Wortliste für Englisch → Englisch (USA)...
- Kopieren
Can I host more than one certificate on a single Citadel server?
That is, can I host xxx.yyy.com and aaa.bbb.com on the same server just by installing more than one certificate/key pair?
if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^
Can I host more than one certificate on a single Citadel server?
That is, can I host xxx.yyy.com and aaa.bbb.com on the same server just by installing more than one certificate/key pair?
So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?
So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex. joe@xxx.com and not also the same joe@yyy.com???
if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^
So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?
So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex. joe@xxx.com and not also the same joe@yyy.com???
if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^
if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^
it would CERT-ainly be the easiest way, as afaik citadel was made for small use cases and only takes one cert.. so you'd have to combine them. easiest way to combine them and keep them up to date is lets encrypt.. and the mail server should be visible at least at mail.example1.com and mail.example2.com if you set it up right with multidomains.. and when you request mail.example1.com and mail.example2.com it SHOULD also grant example1.com and example2.com by default... so even if your mail server isn't the main website on the domain, it should work. for me, i have an nginx reverse proxy on my domain.tld and mail is mail.domain.tld and all my certs are handled by the reverse proxy which then just has a cron that rsyncs them to all the other web-facing servers in my network daily, so every system always has up to date certs and if a system fails, i get notified about it via the cron email thingy and i just have the rsync directory be the one that citadel takes its certs from and then just forget about it. of course, make sure you can only log into whatever user via SSH certs and not passwords, because that's safer.
- Afrikaans
- Albanisch
- Amharisch
- Arabisch
- Armenisch
- Aserbaidschanisch
- Bengalisch
- Birmanisch
- Bulgarisch
- Chinesisch (traditionell)
- Chinesisch (vereinfacht)
- Deutsch
- Dänisch
- Englisch
- Estnisch
- Finnisch
- Französisch
- Griechisch
- Gujarati
- Haitianisch
- Hebräisch
- Hindi
- Indonesisch
- Isländisch
- Italienisch
- Japanisch
- Kannada
- Kasachisch
- Katalanisch
- Khmer
- Koreanisch
- Kroatisch
- Kurdisch (kurmandschi)
- Lao
- Lettisch
- Litauisch
- Malagasy
- Malayalam
- Malaysisch
- Maltesisch
- Maori
- Marathi
- Nepalesisch
- Niederländisch
- Norwegisch
- Paschtu
- Persisch
- Polnisch
- Portugiesisch
- Punjabi
- Rumänisch
- Russisch
- Samoanisch
- Schwedisch
- Slowakisch
- Slowenisch
- Spanisch
- Tamil
- Telugu
- Thailändisch
- Tschechisch
- Türkisch
- Ukrainisch
- Ungarisch
- Urdu
- Vietnamesisch
- Walisisch
So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?
So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex. joe@xxx.com and not also the same joe@yyy.com???
if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^
Is there a way to redirect all HTTP traffic on the web client to HTTPS?
Thanks.
Is there a way to redirect all HTTP traffic on the web client to HTTPS?
Not using Citadel by itself, but you can easily do that by putting some other web server on port 80 and redirecting to HTTPS as per the normal method.