Language:
switch to room list switch to menu My folders
Go to page: First ... 13 14 15 16 [17] 18 19
[#] Wed Aug 03 2022 09:14:06 EDT from IGnatius T Foobar

Subject: Re: Citadel causing severe spam

[Reply] [ReplyQuoted] [Headers] [Print]

the citadel server posts "New user account <> has been created, from host []." every few minutes as message in the aide room. this is causing severe spam as i'm getting a message every few minutes. i assume this isn't supposed to happen but i dont know whats wrong.

Obviously it shouldn't be doing that.   I wonder if you could run citserver in the foreground (shut down the service and then run citserver -x9) and then catch a few screenfuls of logging while that problem is happening.  Maybe it would show the source of those messages.



[#] Fri Aug 05 2022 16:20:47 EDT from rockandroller

Subject: making TLS work...

[Reply] [ReplyQuoted] [Headers] [Print]

Hi All! I just installed CITADEL on my CentOS7 webserver and was pleased to see it install quickly.

first installer run failed with 'couldn't create /usr/local/citadel/ but after i manually created that, it all just breezed thru.

this is development server and its already running webs on port 80 ( apache) so I installed to a different port.

I located the existing letsencrypt key and cert files for the hostname domain and copied them to /usr/local/citadel/keys/ and then renamed them citadel.key and citadel.cer

restarted everything and now i can get a secure page to the WebCit interface. Its working fine, sending and receiving mails on both the domains I specified. Very nice!

The one thing I want to clear up is when i do a mail server test over at mxtoolbox.com it passes everything BUT reports "Warning - Does not support TLS." ( Your SMTP email server does advertise support for TLS.  After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support. )

What do I need to do to get the citadel server connections encrypted? I haven't found that in the docs online yet.   TIA!

 



[#] Fri Aug 05 2022 16:37:17 EDT from rockandroller

Subject: Re: making TLS work...

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri Aug 05 2022 16:20:47 EDT from rockandroller Subject: making TLS work...

Hi All! I just installed CITADEL on my CentOS7 webserver and was pleased to see it install quickly.

first installer run failed with 'couldn't create /usr/local/citadel/ but after i manually created that, it all just breezed thru.

this is development server and its already running webs on port 80 ( apache) so I installed to a different port.

I located the existing letsencrypt key and cert files for the hostname domain and copied them to /usr/local/citadel/keys/ and then renamed them citadel.key and citadel.cer

restarted everything and now i can get a secure page to the WebCit interface. Its working fine, sending and receiving mails on both the domains I specified. Very nice!

The one thing I want to clear up is when i do a mail server test over at mxtoolbox.com it passes everything BUT reports "Warning - Does not support TLS." ( Your SMTP email server does advertise support for TLS.  After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support. )

What do I need to do to get the citadel server connections encrypted? I haven't found that in the docs online yet.   TIA!

 



PS: Interestingly, if i check the details of mails sent from my CITADEL to gmail, gmail reports that they are encrypted just fine, with standard encryption ( (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); ).

Not sure why mxtoolbox "fails" the test, it always used to pass that when i was running Postfix on this box...



[#] Sat Aug 06 2022 05:27:54 EDT from mrsfeathers

Subject: Re: Debugging Citserver not listening on port 25

[Reply] [ReplyQuoted] [Headers] [Print]

it seems the issue is with a user (managed service account created automatically by windows) who's ID is already taken 

 

citserver[344]: ldap: found CN=krbtgt,CN=Users,DC=feathersfirst,DC=local

citserver[344]: ldap: uid = 1888212710

citserver[344]: ldap: display name: <> , uid = <1888212710>

citserver[344]: user_ops: 7803 maps to 

citserver[344]: openid: uid:1888212710 already belongs to another user

 


[#] Sat Aug 06 2022 13:26:27 EDT from mrsfeathers

Subject: Re: Debugging Citserver not listening on port 25

[Reply] [ReplyQuoted] [Headers] [Print]

i was able to hunt own the account it was whining about and put it in a special folder i made just for managed service accounts.. and it hasn't complained /yet/ about it in the aide channel. i've created an actual account since and it shows actual logs now, not just spam! its 419 pages long so i'm wondering, is there a way to nuke it and clean it out without messing anything up? i assume deleting and recreating it would causes permissions issues or something. but if not, its really not too big a deal. it seems to have stopped completely so i'm happy.



[#] Sun Aug 07 2022 20:26:01 EDT from mrsfeathers

Subject: Re: Debugging Citserver not listening on port 25

[Reply] [ReplyQuoted] [Headers] [Print]

i was able to go to https://mail.example.com/dotskip?room=Aide&view=1# and delete around 500 messages at a time until all multiple 10s of thousands of messages were deleted

 
  • Im Wörterbuch speichern
     
    • Keine Wortliste für Englisch → Englisch (USA)...
       
    • Eine neue Wortliste erstellen...
  • Kopieren


[#] Tue Aug 09 2022 11:24:17 EDT from josephmmmorgan

Subject: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

Can I host more than one certificate on a single Citadel server?  

That is, can I host    xxx.yyy.com     and    aaa.bbb.com    on the same server just by installing more than one certificate/key pair?

 

 



[#] Tue Aug 09 2022 12:25:45 EDT from mrsfeathers

Subject: Re: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^



[#] Tue Aug 09 2022 17:45:26 EDT from josephmmmorgan

Subject: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

Can I host more than one certificate on a single Citadel server?  

That is, can I host    xxx.yyy.com     and    aaa.bbb.com    on the same server just by installing more than one certificate/key pair?

 

 



[#] Tue Aug 09 2022 17:56:16 EDT from josephmmmorgan

Subject: Re: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

 

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^



 



[#] Wed Aug 10 2022 10:59:19 EDT from josephmmmorgan

Subject: Re: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

 

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^



 



[#] Wed Aug 10 2022 14:26:34 EDT from mrsfeathers

Subject: Re: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^



[#] Wed Aug 10 2022 14:36:24 EDT from mrsfeathers

Subject: Re: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

it would CERT-ainly be the easiest way, as afaik citadel was made for small use cases and only takes one cert.. so you'd have to combine them. easiest way to combine them and keep them up to date is lets encrypt.. and the mail server should be visible at least at mail.example1.com and mail.example2.com if you set it up right with multidomains.. and when you request mail.example1.com and mail.example2.com it SHOULD also grant example1.com and example2.com by default... so even if your mail server isn't the main website on the domain, it should work. for me, i have an nginx reverse proxy on my domain.tld and mail is mail.domain.tld and all my certs are handled by the reverse proxy which then just has a cron that rsyncs them to all the other web-facing servers in my network daily, so every system always has up to date certs and if a system fails, i get notified about it via the cron email thingy and i just have the rsync directory be the one that citadel takes its certs from and then just forget about it. of course, make sure you can only log into whatever user via SSH certs and not passwords, because that's safer.

 


[#] Wed Aug 10 2022 16:47:23 EDT from josephmmmorgan

Subject: Re: Is Citadel multi-tennant?

[Reply] [ReplyQuoted] [Headers] [Print]

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

 

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^



 



[#] Fri Aug 12 2022 15:53:32 EDT from kcclemo

Subject: Redirect all Traffic to HTTPS

[Reply] [ReplyQuoted] [Headers] [Print]

Is there a way to redirect all HTTP traffic on the web client to HTTPS?

Thanks.



[#] Sat Aug 13 2022 11:04:57 EDT from IGnatius T Foobar

Subject: Re: Redirect all Traffic to HTTPS

[Reply] [ReplyQuoted] [Headers] [Print]

Is there a way to redirect all HTTP traffic on the web client to HTTPS?

Not using Citadel by itself, but you can easily do that by putting some other web server on port 80 and redirecting to HTTPS as per the normal method.

 



[#] Tue Aug 16 2022 05:40:20 EDT from hgsatoso

Subject: Cannot edit room Mail (INBOX)

[Reply] [ReplyQuoted] [Headers] [Print]

Trying to follow instructions at https://www.citadel.org/how_do_i_retrieve.html -> Webcit

First question: can the local cit server be referred to as a remote pop3? When I say no, I try to change folder settings as follows

Positioned at my room, folder Mail (INBOX) -> Advanced -> Edit or delete this room

-> Configuration. Making changes (e.g. tick File directory room, Directory name /home/pi/Mail

Upon Save changes, Webcit says "Cannot edit this room". What's required?

Some details:

citadel and webcit installed on RaspberryPi 4

User "pi" has admin privilege. Logged in locally (keyboard, mouse and screen, i.e. not ssh)

ls -ld /home/pi/Mail :: drwxrwxrwx 2 root pi 4096 Aug 15 12:53 /home/pi/Mail 

Chromium-browser URL=http://192.168.0.21:8090 functioning perfectly so far.

In the end I want to access incoming mail from a place like /var/mail/pi using a basic command like cat

/hgs_at_oso



[#] Tue Aug 16 2022 22:54:20 EDT from IGnatius T Foobar

Subject: Re: Cannot edit room Mail (INBOX)

[Reply] [ReplyQuoted] [Headers] [Print]

It sounds like you want to access your Citadel mail from the command line of a Linux host? If that is the case, there is nothing to configure inside of Citadel. It is a POP3 server. Just use a utility like fetchmail to grab your mail and do whatever you want with it.

[#] Thu Aug 18 2022 11:28:18 EDT from hgsatoso

Subject: Re: Re: Cannot edit room Mail (INBOX)

[Reply] [ReplyQuoted] [Headers] [Print]

Thanks for the hint. I'm still struggling with inconsistent settings in a range of configs. fetchmail is installed. Awaiting success...

/hgs_at_oso

 



[#] Fri Aug 19 2022 04:29:20 EDT from hgsatoso

Subject: webcit cannot print

[Reply] [ReplyQuoted] [Headers] [Print]

On my system there's no lpr. As a workaround I defined in /etc/citadel/citadel.rc

printcmd=/usr/bin/lpr

a script intended to pipe STDIN to a file

ls -l /usr/bin/lpr

-rwxr-xr-x 1 root root 77 Aug 19 09:12 /usr/bin/lpr

cat /usr/bin/lpr

#!/bin/sh
echo "This is a fake lpr"
cat >> /home/pi/Mail/container.txt
exit

ls -l /home/pi/Mail/container.txt

-rw-rw-rw- 1 pi pi 0 Aug 18 23:01 /home/pi/Mail/container.txt

Using it from a bash command line the script is working. Restarting citserver from webcit, going to a message in my Mail room and clicking print doesn't do the intended. Instead, there's a short flash of a window too short to read. Is /etc/citadel/citadel.rc the right file to edit? What do I have to do?

Thanks in advance

/hgs_at_oso

 



Go to page: First ... 13 14 15 16 [17] 18 19