Hi,
Ver:1000
there is a bug in WEBCIT front end.. if a pipe"|" is in the subject field it causes an error with permissions when trying to send. Once removed it works.
regards,
Craig.
Might be a dumb idea, but just block the ports during the install? ( personally anything i install new or update i take it totally off the internet until its ready to go live again.... )
What I undertood from practice is that I do not need to open ports with firewalld to use the ports needed by Citadel. Citadel open them. Am I right?
Or I need to open them before use Citadel?
If I am right how I block the ports?
What I understand from you is that I can only not open the ports, no? And they are blocked, no?
Could you please provide some link how to do it?
its all based on your network setup.
Could you please provide some link how to do it?
What I undertood from practice is that I do not need to open ports
with firewalld to use the ports needed by Citadel. Citadel open them.
Citadel will not configure your firewall.
If you are interested in using something like `firewalld` to open and close ports on your Citadel host, that is absolutely what those tools are for, but Citadel Server does not interact with them. You might try finding a `firewalld` forum and asking there. (I don't use that tool so I don't have an answer.)
Subject: Re: WebCit Version:1000 subject line bug.
there is a bug in WEBCIT front end.. if a pipe"|" is in the subject
field it causes an error with permissions when trying to send. Once
removed it works.
Thanks for the bug report, we'll have a look at that.
Dear All,
I am having problems with ssl Keys in Citadel. (see please the picture below)
I am migrating from Centos 7 to Centos 9.
I am using the keys of Apache of Centos 7 in Citadel Centos 9.
Can someone help me?
Must I reissued the Keys with different settings?
Thanks,
Luis Gonçalves.
I generate new keys with the Centos 9. Aand reissued in the provider.
Dear All,
I managed to access the Web interface through SSL. It was the citadel.cer that did not have the full chain. I put first the certificate a next the remainer of the chain. I generated a 2048 Key.
But I only achieve to configure Thunderbird full open. I do not found way to configure StartTLS and TLS. And I suppose I have some experience of this. It gives something of Handshake problem or version o TLS.
Some help needed.
Thanks,
Luis Gonçalves
Dear All,
I managed to access the Web interface through SSL. It was the citadel.cer that did not have the full chain. I put first the certificate a next the remainer of the chain. I generated a 2048 Key.
But I only achieve to configure Thunderbird full open. I do not found way to configure StartTLS and TLS. And I suppose I have some experience of this. It gives something of Handshake problem or version o TLS.
Some help needed.
Thanks,
Luis Gonçalves
I do not found way to configure StartTLS and SSL.
It was the hostname that it was not set correctly.
But I can not configure send by SSL, with 465 port. (Thunderbird)
I had Citadel running.
I done something heavy and now I can not start Thunderbird that Citadel goes down.
And I try to configure throuth webcit, with the bowser, and I can not. Message in the Browser.
This program was unable to connect or stay connected to the Citadel server. Please report this problem to your system administrator.
Read More...
Before this occured, I installed SpamAssassin. Open the port 783 in Firewall and I put 127.0.0.1 in the configuration with the browser. Something wrong here?
Can anyone give sugestions? How to repair the databases? Try to install again the server maintaining the settings and lose all the emails?
Result of "systemctl status web-cit-https"
● webcit-https.service - Citadel web service with encryption
Loaded: loaded (/etc/systemd/system/webcit-https.service; enabled; preset: disabled)
Active: active (running) since Sat 2024-06-01 17:46:08 WEST; 1h 0min ago
Main PID: 689 (webcit)
Tasks: 5 (limit: 17526)
Memory: 13.5M
CPU: 155ms
CGroup: /system.slice/webcit-https.service
└─689 /usr/local/webcit/webcit -s -p8080 uds /usr/local/citadel
Jun 01 18:46:09 someserver webcit[689]: webcit[689]: Ending SSL/TLS
Jun 01 18:46:09 someserver webcit[689]: SSL/TLS using (NONE) on (NONE) (0 of -1176308480 bits)
Jun 01 18:46:09 someserver webcit[689]: SSL started
Jun 01 18:46:09 someserver webcit[689]: SSL_write in client_read
Jun 01 18:46:09 someserver webcit[689]: SSL_read in client_read: record layer failure
Jun 01 18:46:09 someserver webcit[689]: Ending SSL/TLS
Jun 01 18:46:20 someserver webcit[689]: webcit[689]: Can't connect [/usr/local/citadel/citadel.socket]: Connection refused
Jun 01 18:46:20 someserver webcit[689]: webcit[689]: HTTP: 200 [11.012700] GET
Jun 01 18:46:20 someserver webcit[689]: Can't connect [/usr/local/citadel/citadel.socket]: Connection refused
Jun 01 18:46:20 someserver webcit[689]: HTTP: 200 [11.012700] GET
I installed again. It is very simple to install and configure.
I have a DKIM extension/plugin in my Thunderbird that test the DKIM in arriving emails.
Is is giving that all emails arriving says "DKIM invalid: Email changed" (more and less this). I tested send a email from my gmail account:
- when sent to my email server (domain) gives the message above.
- when sent to another servers gives DKIM Ok.
Is this something with the Citadel Server? Does it changes the message?
But my DKIM (of Citadel for my domain) works. When I send from my domain (Citadel) email to to other Emails accounts it gives DKIM Ok.
************************************
And I have problems using SMTP with SSL. Works with StartTLS.
Is this something with the Citadel Server? Does it changes the
message?
Citadel does not do anything with DKIM for incoming messages. If you have SpamAssassin connected to Citadel it can look at incoming signatures, but Citadel Server does not do anything with them.
The new DKIM functionality in Citadel Server v1000 strictly applies to outgoing mail. DKIM signatures are added to outgoing messages at the moment of delivery.
It's done by the SMTP delivery agent, so you won't even see the signature in your Sent Items folder.
If you are getting DKIM mismatch in Thunderbird I am not surprised; Citadel does rewrite the headers for incoming messages. It doesn't change the information but it stores the headers in a format other than RFC2822 so by the time Thunderbird sees a message, the header appearance can be ever so *slightly* different -- and that's enough to make DKIM fail. I don't think we have a way to work around that, so if you care about incoming DKIM you should probably set it up further back in the chain (for example, with SpamAssassin).
I really think that it is a drawback of Citadel. In the future will you change that? Some funcionalitty to migrate the storage to new format that is compatible with DKIM.
And if I forward that message will it not go the SPAM in the other email account?
I already received a message of a forward that a message is not compatible with RFC (I do not know which RFC).
Another thing. A good feature is to turn on and off the rules without cleaning them.
If someone has to populate the INBOX from a local folder (e.g. with Thunderbird) and it has a forward rule the other account will receive a bunch of annoying emails. It happened to me.
I hope I am not being rude.
Thank you much for you suggestion. I will definetly explore the Static VPN option :)
Any recommendations on SMART Hosts that is no google so that the sender appears under my domain and not the External SMTP Servers Domain?
If you're using gmail as a smart host, then yes it's going to do that.
You might try Twilio SendGrid. I haven't used it myself but I've heard good things about that.
You might also try using a Static IP VPN that will place your Citadel Server into a "good neighborhood" with controllable static IP and reverse DNS, and then you can set things up to deliver directly without a smart host. (This is what uncensored.citadel.org is using, by the way. The server is running in a residential environment but has a Static IP VPN.)
Subject: unsubscribed a while ago, and now getting emails again
Hi I unsubscribed from this list, why am I getting emails again? How do I unsubscribe from here can someone give me a link?
Thanks.
JH
Thank you much for you suggestion. I will definetly explore the Static VPN
option :)
Here's the one I use:
[ https://www.aceinnovative.com/internet-access/static-ip-vpn/ ]
I'm not associated with them at all, just a VERY happy customer. They even send you the router. (I don't use the router because I implemented the tunnel in software, but most people will simply plug their servers into the router.)
Subject: Re: unsubscribed a while ago, and now getting emails again
Hi I unsubscribed from this list, why am I getting emails again? How doI unsubscribe from here can someone give me a link?
https://uncensored.citadel.org/listsub
You'll also find a "List-Unsubscribe:" link in the headers of each email from the list, if you want to attempt a One Click Unsubscribe. I hope that someday Google trusts us enough to turn that into an Unsubscribe button.