Please wait...
0 files
Where are the webcit static files? In docker that is.
I can't find them anywhere, well the find command can't find them.
They should be in /usr/local/webcit/static but that directory is completely empty.
I still haven't figured out why STARTTLS isn't supported here?
Following is the output:
telnet mail.hansaray.pw 587 1635.108s 15:23
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.
I still haven't figured out why STARTTLS isn't working here.
Following is the output:
telnet mail.hansaray.pw 587 1635.108s 15:23
Trying 107.189.21.115...
Connected to mail.hansaray.pw.
Escape character is '^]'.
220 mail.hansaray.pw ESMTP Citadel server ready.
ehlo
250-Hello (37.155.91.16 [37.155.91.16])
250-HELP
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
starttls
554 TLS not supported here
quit
221 Goodbye...
Connection closed by foreign host.
Where are the webcit static files? In docker that is.
I can't find them anywhere, well the find command can't find them.They should be in /usr/local/webcit/static but that directory is completely empty.
I figured this out. I had added a volume and that removed it of coarse. I know I am an idiot.
This is what I did add to docker run
--volume=/usr/local/webcit/static:/usr/local/webcit/static \
Subject: Re: Help need in "Fully qualified domain name" configuration.
Good morning (there),
About "And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?"
Can I put two private keys etc in the same file (/usr/local/citadel/keys/citadel.key) (and also in the other keys files)? One private key for "host.net" and other for "mail.host.net".
Thanks,
Luís.
Fri Apr 04 2025 09:40:23 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.I forgot to ask.
And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?
And a new DKIM key will be generated or it will be the same?
Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.
Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.Dear All,
I want to configure my server with "Fully qualified domain name".
The email subdomain will be mail.host.net (as an example).
There is a setting of "Fully qualified domain name" in the Citadel.
I have several questions:
1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?
Yes,
- Just go in to the mail.host.net/select_user_to_edit
- Select user from "Edit or Delete users"
- Select Edit configuration
- modify Primary Internet e-mail address to xxx@host.net
- below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net
2nd What to put in the below setting? "host.net"?
Local host aliases(domains for which this host receives mail)Yes, You can add multiples, separate with coma such as host.net, mail.host.net
3th I suppose I must set my DNS registry to answer also to "mail.host.net"
Yes
4th I suppose I must put the reverse DNS as "mail.host.net"
Yes
5th In the email client configuration the servers will be "mail.host.net".
Yes
Thank you for the possible answers,
Luís Gonçalves.
Subject: Re: Help need in "Fully qualified domain name" configuration.
Read this page, specially the part about contacting support.
We are not a paid employees here, and will not react kindly to demands.
Fri Apr 04 2025 13:00:11 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.Good morning (there),
About "And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?"
Can I put two private keys etc in the same file (/usr/local/citadel/keys/citadel.key) (and also in the other keys files)? One private key for "host.net" and other for "mail.host.net".
Thanks,
Luís.
Fri Apr 04 2025 09:40:23 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.I forgot to ask.
And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?
And a new DKIM key will be generated or it will be the same?
Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.
Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.Dear All,
I want to configure my server with "Fully qualified domain name".
The email subdomain will be mail.host.net (as an example).
There is a setting of "Fully qualified domain name" in the Citadel.
I have several questions:
1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?
Yes,
- Just go in to the mail.host.net/select_user_to_edit
- Select user from "Edit or Delete users"
- Select Edit configuration
- modify Primary Internet e-mail address to xxx@host.net
- below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net
2nd What to put in the below setting? "host.net"?
Local host aliases(domains for which this host receives mail)Yes, You can add multiples, separate with coma such as host.net, mail.host.net
3th I suppose I must set my DNS registry to answer also to "mail.host.net"
Yes
4th I suppose I must put the reverse DNS as "mail.host.net"
Yes
5th In the email client configuration the servers will be "mail.host.net".
Yes
Thank you for the possible answers,
Luís Gonçalves.
Dear All,
I did not report about the follow up of this.
I changed a password of a user (not administrator but own by me). The user had a password related with the login name (equal but with some capital letters and some numbers added). I suppose that the password was gotten by brut force.
Also to answer to an old thread that I said that the Client SSL email configuration in thunderbird does not work with citadel. Some time ago I managed to put to work despite I do not know what happened before.
Thanks,
Luís Gonçalves
data directory until disk full and citadel become unusable.
Please give me a solution. This way citadel become unusable.
You're either being spammed hard or someone has acquired the password to an account on your system. Didn't this happen to you before? I wonder if maybe the account they used didn't get locked down?
Really the only way to find out what's going on is to watch your syslogs and see what citserver is doing.
I still haven't figured out why STARTTLS isn't working here.
You have to turn that on. Administration --> Site Configuration --> SMTP --> Offer STARTTLS
It isn't turned on by default because offering STARTTLS with a self-signed certificate is far worse than not offering it at all. This is unfortunate from the perspective of easy deployment but there's little we can do about it because it has to do with the policy of *other* sites.
I still haven't figured out why STARTTLS isn't working here.
You have to turn that on. Administration --> Site Configuration --> SMTP --> Offer STARTTLS
It isn't turned on by default because offering STARTTLS with a self-signed certificate is far worse than not offering it at all. This is unfortunate from the perspective of easy deployment but there's little we can do about it because it has to do with the policy of *other* sites.
That's not it. I also tried all 3 ports, not just 25.
Has anyone created a citadel template for fail2ban?
Subject: Re: Help need in "Fully qualified domain name" configuration.
Sorry, about something I do not understand. I did not want to be rude.
Fri Apr 04 2025 13:00:11 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.Good morning (there),
About "And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?"
Can I put two private keys etc in the same file (/usr/local/citadel/keys/citadel.key) (and also in the other keys files)? One private key for "host.net" and other for "mail.host.net".
Thanks,
Luís.
Fri Apr 04 2025 09:40:23 UTC from luisgo Subject: Re: Help need in "Fully qualified domain name" configuration.I forgot to ask.
And in the SSL certificates? I will have two. One for "host.net" and "www.host.net" and other for "mail.host.net". Do I put both in citadel?
And a new DKIM key will be generated or it will be the same?
Thu Apr 03 2025 20:58:20 UTC from TaMeR Subject: Re: Help need in "Fully qualified domain name" configuration.
Thu Apr 03 2025 15:38:03 UTCfrom luisgo Subject: Help need in "Fully qualified domain name" configuration.Dear All,
I want to configure my server with "Fully qualified domain name".
The email subdomain will be mail.host.net (as an example).
There is a setting of "Fully qualified domain name" in the Citadel.
I have several questions:
1st Can I set the Fully qualified domain name as mail.host.net and the emails addresses as xxxxxxx@host.net? What must be done for that?
Yes,
- Just go in to the mail.host.net/select_user_to_edit
- Select user from "Edit or Delete users"
- Select Edit configuration
- modify Primary Internet e-mail address to xxx@host.net
- below at Internet e-mail aliases you can add aliases such as yyy@host.net, yyy@mail.host.net. webmaster@host.net, postmaster@host.net
2nd What to put in the below setting? "host.net"?
Local host aliases(domains for which this host receives mail)Yes, You can add multiples, separate with coma such as host.net, mail.host.net
3th I suppose I must set my DNS registry to answer also to "mail.host.net"
Yes
4th I suppose I must put the reverse DNS as "mail.host.net"
Yes
5th In the email client configuration the servers will be "mail.host.net".
Yes
Thank you for the possible answers,
Luís Gonçalves.
I still haven't figured out why STARTTLS isn't working here.
You have to turn that on. Administration --> Site Configuration --> SMTP --> Offer STARTTLS
It isn't turned on by default because offering STARTTLS with a self-signed certificate is far worse than not offering it at all. This is unfortunate from the perspective of easy deployment but there's little we can do about it because it has to do with the policy of *other* sites.That's not it. I also tried all 3 ports, not just 25.
telnet srv2.tamer.pw 587 0.366s (master|💩) 22:58 Trying 107.189.21.115... Connected to srv2.tamer.pw. Escape character is '^]'. 220 srv2.tamer.pw ESMTP Citadel server ready. ehlo 250-Hello (37.155.91.16 [37.155.91.16]) 250-HELP 250-SIZE 10485760 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME starttls 554 TLS not supported here quit 221 Goodbye... Connection closed by foreign host.
I still haven't figured out why STARTTLS isn't working here.
You have to turn that on. Administration --> Site Configuration --> SMTP --> Offer STARTTLS
It isn't turned on by default because offering STARTTLS with a self-signed certificate is far worse than not offering it at all. This is unfortunate from the perspective of easy deployment but there's little we can do about it because it has to do with the policy of *other* sites.That's not it. I also tried all 3 ports, not just 25.
I had switched the citadel and webcit domain name from srv2.tamer.pw to mail.hansaray.pw
I also had created new SSL certs with Letsencrypt for mail.hansaray.pw and everything.
Thinking that that may be the problem, I switched back to srv2.tamer.pw, since that is the main hostname.
But that wasn't it either. It still doesn't work.
It advertises the STARTTLS capability, but then it errors out TLS not supported here.
Oh, and webcit https works fine, go figure. Considering it uses the same certs.
telnet srv2.tamer.pw 587 0.366s (master|💩) 22:58 Trying 107.189.21.115... Connected to srv2.tamer.pw. Escape character is '^]'. 220 srv2.tamer.pw ESMTP Citadel server ready. ehlo 250-Hello (37.155.91.16 [37.155.91.16]) 250-HELP 250-SIZE 10485760 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME starttls 554 TLS not supported here quit 221 Goodbye... Connection closed by foreign host.
But that wasn't it either. It still doesn't work.
It advertises the STARTTLS capability, but then it errors out TLS not
supported here.
I think I have a clue. The code that tells the SMTP server whether to offer STARTTLS doesn't actually check to see if Citadel Server is built with OpenSSL.
The code that handles the STARTTLS command, naturally, has to do that.
Let me check to see. You can check your server a couple of different ways.
First you can check the citserver binary to see if it's got OpenSSL linked into it. Also try some the other protocols to see if STARTTLS works. (Not WebCit of course, since that's a different binary.)
First you can check the citserver binary to see if it's got OpenSSL
linked into it. Also try some the other protocols to see if STARTTLS
works. (Not WebCit of course, since that's a different binary.)
Ok, so there's no such thing as a Citadel Server build that doesn't include SSL. I was pretty sure that it had become a requirement but I checked.
If you're getting "TLS not supported here" there's going to be a message in your syslog indicating what happened. Try to get that syslog message and we'll take it from there.
Hi,
without going into details: how do backup Citadel DB without stopping server? ctdldump require (accourding to docs) to stop citadel server. Is there any other way to do backup?
Kind regards
But that wasn't it either. It still doesn't work.
It advertises the STARTTLS capability, but then it errors out TLS not
supported here.
I think I have a clue. The code that tells the SMTP server whether to offer STARTTLS doesn't actually check to see if Citadel Server is built with OpenSSL.
The code that handles the STARTTLS command, naturally, has to do that.
Let me check to see. You can check your server a couple of different ways.
First you can check the citserver binary to see if it's got OpenSSL linked into it. Also try some the other protocols to see if STARTTLS works. (Not WebCit of course, since that's a different binary.)
I did some research on this.
The reason it is not working is. I had removed --network host from the docker command. (See below)
The options --network host and -a are in conflict, you can't run both!
Unless there is another way for me to change the webcit port this setup wont work for me.
I need to have a webserver for other things, and I will not run a dedicated server for mail only.
I know I started this whole docker thing, but I hate it now. Almost as much as I hate systemd.
The only reason I did try the docker thing was because easyinstall did not work on Void Linux.
Will easyinstall work on another Linux system, which does not use systemd? Such as Alpine Linux maybe?
If not, well I remember reading somewhere that easyinstall will work on FreeBSD. Maybe I have to do finally do the jump in to BSD, and kick Linux goodbye.
I am also done bothering you with this. Hope we will finally solve this issue.
docker run -d --restart=unless-stopped --hostname=${CIT_DOMAIN_NAME} \ --volume=/usr/local/citadel:/citadel-data \ --volume=/usr/local/webcit/.well-known:/usr/local/webcit/.well-known \ --volume=/usr/local/webcit/static.local:/usr/local/webcit/static.local \ -p 25:25 \ -p 110:110 \ -p 119:119 \ -p 143:143 \ -p 465:465 \ -p 504:504 \ -p 563:563 \ -p 587:587 \ -p 993:993 \ -p 995:995 \ -p 5222:5222 \ -p 8080:80 \ --name=citadel citadeldotorg/citadel
The code went of the screen. Here it is again with <pre>
docker run -d --restart=unless-stopped --hostname=${CIT_DOMAIN_NAME} \
--volume=/usr/local/citadel:/citadel-data \
--volume=/usr/local/webcit/.well-known:/usr/local/webcit/.well-known \
--volume=/usr/local/webcit/static.local:/usr/local/webcit/static.local \
-p 25:25 \
-p 110:110 \
-p 119:119 \
-p 143:143 \
-p 465:465 \
-p 504:504 \
-p 563:563 \
-p 587:587 \
-p 993:993 \
-p 995:995 \
-p 5222:5222 \
-p 8080:80 \
--name=citadel citadeldotorg/citadel
without going into details: how do backup Citadel DB without stopping
server? ctdldump require (accourding to docs) to stop citadel server. Is
there any other way to do backup?
You can back up the Citadel database directly [ https://www.citadel.org/what_is_the_best_way_to_backup_my_citadel_installation.html ] as long as you make sure the cdb.* files are backed up first, before the log.* files.
The dump format is not really intended for backups. It's intended for migrating between different architectures.
But let me tell you how I do it :)
I've got my Citadel stored on a filesystem that can do snapshots. For me, that's BTRFS, but you can use any filesystem that can do point-in-time snapshots.
So it's simple, really: take a snapshot of the volume (or subvolume) that has Citadel on it, then rsync that snapshot to wherever you want to save it.
I happen to go the extra mile and rotate my snapshots over the course of a week, but you get the idea: the snapshot is guaranteed by the filesystem to be point-in-time consistent, and Citadel Server of any version starting with 993 has absolutely rock solid recoverability as long as you've got all the recent logs still on disk.