* Fixed problems related to saving vCards in config rooms. For starters, we were...
[citadel.git] / citadel / docs / citadel.html
blobbb028372bfd959cbb564e4bb2f092131efa56bf6
1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2 <html>
3 <head>
4 <title>Citadel Documentation</title>
5 <meta http-equiv="content-type"
6 content="text/html; charset=ISO-8859-1">
7 </head>
8 <body>
9 <div align="center">
10 <h1>C I T A D E L</h1>
11 <h2>an open source messaging and collaboration platform</h2>
12 Copyright &copy;1987-2008 by the Citadel development team:<br>
13 <br>
14 <table align="center" border="0" cellpadding="2" cellspacing="2">
15 <tbody>
16 <tr>
17 <td valign="top">Clint Adams<br>
18 </td>
19 <td valign="top"><i>portability enhancements<br>
20 </i></td>
21 </tr>
22 <tr>
23 <td valign="top">Steven M. Bellovin<br>
24 </td>
25 <td valign="top"><i>author of public domain 'parsedate' function<br>
26 </i></td>
27 </tr>
28 <tr>
29 <td valign="top">Nathan Bryant<br>
30 </td>
31 <td valign="top"><i>build system, security, database access, and
32 others<br>
33 </i></td>
34 </tr>
35 <tr>
36 <td valign="top">Art Cancro<br>
37 </td>
38 <td valign="top"><i>overall system design and lead developer<br>
39 </i></td>
40 </tr>
41 <tr>
42 <td valign="top">Brian Costello<br>
43 </td>
44 <td valign="top"><i>cosmetics, additional commands<br>
45 </i></td>
46 </tr>
47 <tr>
48 <td valign="top">Nick Georbit<br>
49 </td>
50 <td valign="top"><i>additional client features<br>
51 </i></td>
52 </tr>
53 <tr>
54 <td valign="top">David Given<br>
55 </td>
56 <td valign="top"><i>IMAP and build patches<br>
57 </i></td>
58 </tr>
59 <tr>
60 <td valign="top">Dave West<br>
61 </td>
62 <td valign="top"><i>server features<br>
63 </i></td>
64 </tr>
65 <tr>
66 <td valign="top">Wilfried Goesgens<br>
67 </td>
68 <td valign="top"><i>build system patches<br>
69 </i></td>
70 </tr>
71 <tr>
72 <td valign="top">Michael Hampton<br>
73 </td>
74 <td valign="top"><i>client software development<br>
75 </i></td>
76 </tr>
77 <tr>
78 <td valign="top">Andru Luvisi<br>
79 </td>
80 <td valign="top"><i>troubleshooting and development assistance<br>
81 </i></td>
82 </tr>
83 <tr>
84 <td valign="top">Daniel Malament<br>
85 </td>
86 <td valign="top"><i>string compare function for IMAP server<br>
87 </i></td>
88 </tr>
89 <tr>
90 <td valign="top">Stu Mark<br>
91 </td>
92 <td valign="top"><i>additional client features, IGnet protocol design<br>
93 </i></td>
94 </tr>
95 <tr>
96 <td valign="top">Edward S. Marshall<br>
97 </td>
98 <td valign="top"><i>RBL checking function design<br>
99 </i></td>
100 </tr>
101 <tr>
102 <td valign="top">Ben Mehlman<br>
103 </td>
104 <td valign="top"><i>additional client features<br>
105 </i></td>
106 </tr>
107 <tr>
108 <td valign="top">Matt Pfleger<br>
109 </td>
110 <td valign="top"><i>additional client features<br>
111 </i></td>
112 </tr>
113 <tr>
114 <td valign="top">Ari Samson<br>
115 </td>
116 <td valign="top"><i>assistance with project management<br>
117 </i></td>
118 </tr>
119 <tr>
120 <td valign="top">Trey Van Riper<br>
121 </td>
122 <td valign="top"><i>QA and portability enhancements<br>
123 </i></td>
124 </tr>
125 <tr>
126 <td valign="top">John Walker<br>
127 </td>
128 <td valign="top"><i>author of public domain base64 encoder/decoder<br>
129 </i></td>
130 </tr>
131 <tr>
132 <td valign="top">Steve Williams<br>
133 </td>
134 <td valign="top"><i>documentation<br>
135 </i></td>
136 </tr>
137 <tr>
138 <td valign="top">Ethan Young<br>
139 </td>
140 <td valign="top"><i>IGnet protocol design<br>
141 </i></td>
142 </tr>
143 <tr>
144 <td valign="top">Edward Flick<br>
145 </td>
146 <td valign="top"><i>ClamAV integration module<br>
147 </i></td>
148 </tr>
149 </tbody>
150 </table>
151 </div>
152 <br>
153 <div align="justify">The entire package is open source software. You may
154 redistribute and/or modify it under the terms of the GNU General Public
155 License, version 3, which is included in this manual.<br>
156 <br>
157 This program is distributed in the hope that it will be useful, but
158 WITHOUT ANY WARRANTY; without even the implied warranty of
159 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
160 General Public License for more details. </div>
161 <div align="justify"><br>
162 For more information, visit either of these locations on
163 the web:<br>
164 <ul>
165 <li>The Citadel home page: <a href="http://www.citadel.org">http://www.citadel.org</a></li>
166 <li>UNCENSORED! BBS, the home of Citadel: <a
167 href="http://uncensored.citadel.org">http://uncensored.citadel.org</a></li>
168 </ul>
169 <hr size="2" width="100%">
170 <h2 align="center">Table of Contents</h2>
171 <ol>
172 <li><a href="#GPL">License</a></li>
173 <li><a href="#Installation">Installation</a></li>
174 <ol>
175 <li><a href="#Everything_in_its_place...">Everything in its
176 place...</a></li>
177 <li><a href="#ctdl_login_acct">Creating a system account for Citadel</a></li>
178 <li><a href="#bypassing_login">Bypassing the login:
179 prompt</a></li>
180 <li><a href="#Compiling_the_programs">Compiling the programs</a></li>
181 <li><a href="#Upgrading">Upgrading</a></li>
182 <li><a href="#rc_file">The citadel.rc file</a></li>
183 <li><a href="#Using_an_external_editor_for_message">Using an
184 external editor for message composition</a></li>
185 <li><a href="#Printing_messages">Printing messages</a></li>
186 <li><a href="#URL_viewing">URL viewing</a></li>
187 <li><a href="#Setup_and_login">Setup and login</a></li>
188 <li><a href="#Configuring_your_host_system_to_start">Configuring
189 your host system to start the service</a></li>
190 <li><a href="#first_time_login">Logging in for
191 the first time</a></li>
192 <li><a href="#Welcoming_new_users">Welcoming new users</a></li>
193 <li><a href="#adding_doors">Space for adding
194 your own client features (doors)</a></li>
195 <li><a href="#Troubleshooting_and_getting_help">Troubleshooting and
196 getting help</a><br>
197 </li>
198 </ol>
199 <li><a href="#sysop">System Administration</a></li>
200 <ol>
201 <li><a href="#Overview_">Overview</a></li>
202 <li><a href="#Aide_commands">Aide commands</a></li>
203 <li><a href="#Editing_rooms">Editing rooms</a></li>
204 <li><a href="#File_directories">File directories</a></li>
205 <li><a href="#Creating_and_editing_user_accounts">Creating and
206 editing user accounts</a></li>
207 <li><a href="#Deleting_and_moving_messages">Deleting and moving
208 messages</a></li>
209 <li><a href="#Customizing_the_help_files">Customizing the help files</a></li>
210 <li><a href="#Site_configuration">Site configuration</a><br>
211 </li>
212 </ol>
213 <li> <a href="#Configuring_Citadel_for_Internet_e-mail">Configuring
214 Citadel for Internet e-mail</a></li>
215 <ol>
216 <li><a href="#Introduction">Introduction</a></li>
217 <li><a href="#Basic_site_configuration">Basic site configuration</a></li>
218 <li><a href="#Enabling_the_Internet_mail_protocols">Enabling the
219 Internet mail protocols</a></li>
220 <li><a href="#Hosting_an_Internet_mailing_list">Hosting an Internet
221 mailing list</a><br>
222 </li>
223 <li><a href="#citmail">Using Citadel in conjunction with another MTA</a></li>
224 </ol>
225 <li><a href="#Building_or_joining_a_Citadel_network">Building or
226 joining a Citadel network</a></li>
227 <ol>
228 <li><a href="#Overview__">Overview</a></li>
229 <li><a href="#Conventions_and_etiquette_when">Conventions and
230 etiquette when connecting to the public Citadel network</a></li>
231 <li><a href="#Getting_ready_to_join_the_network">Getting ready
232 to join the network</a></li>
233 <li><a href="#Defining_neighbor_nodes">Defining neighbor nodes</a></li>
234 <li><a href="#Sharing_rooms">Sharing rooms</a></li>
235 <li><a href="#Sending_mail">Sending mail</a></li>
236 <li><a href="#Changing_the_polling_interval">Changing the polling
237 interval</a></li>
238 </ol>
239 <li><a href="#Database_maintenance">Database maintenance</a></li>
240 <ol>
241 <li><a href="#Introduction_">Introduction</a></li>
242 <li><a href="#Backing_up_your_Citadel_database">Backing up your
243 Citadel database</a><br>
244 </li>
245 <li><a href="#Database_repair">Database repair</a></li>
246 <li><a href="#ImportingExporting_your_Citadel">Importing/Exporting
247 your Citadel database</a><br>
248 </li>
249 </ol>
250 <li><a href="#crypto">Cryptography support (TLS/SSL)</a></li>
251 <ol>
252 <li><a href="#crypto_intro">Overview</a></li>
253 <li><a href="#real_cert">Generating and installing a Trusted
254 Certificate</a></li>
255 </ol>
256 <li><a href="#LDAP_Directory_Support">LDAP directory support</a></li>
257 <ol>
258 <li><a href="#Introduction_ldap">Introduction</a></li>
259 <li><a href="#Preparing_your_LDAP_server_for_Citadel">Preparing
260 your LDAP server for Citadel connections</a><br>
261 </li>
262 <li><a href="#Configuring_the_LDAP_Connector_for">Configuring the
263 LDAP Connector for Citadel</a><br>
264 </li>
265 </ol>
266 <li><a href="#utilities">Included utilities</a></li>
267 <ol>
268 <li><a href="#overview">Overview</a></li>
269 <li><a href="#aidepost">aidepost</a></li>
270 <li><a href="#whobbs">whobbs</a></li>
271 <li><a href="#msgform">msgform</a></li>
272 <li><a href="#userlist">userlist</a></li>
273 <li><a href="#sendcommand">sendcommand</a></li>
274 </ol>
275 </ol>
276 <br>
277 <hr size="2" width="100%"><br>
278 <h2 align="center"><a name="GPL"></a>GNU General Public License<br>
279 </h2>
280 </div>
282 <p style="text-align: center;">Version 3, 29 June 2007</p>
284 <p>Copyright (C) 2007 Free Software Foundation, Inc. &lt;http://fsf.org/&gt;</p><p>
286 Everyone is permitted to copy and distribute verbatim copies
287 of this license document, but changing it is not allowed.</p>
289 <h3><a name="preamble"></a>Preamble</h3>
291 <p>The GNU General Public License is a free, copyleft license for
292 software and other kinds of works.</p>
294 <p>The licenses for most software and other practical works are designed
295 to take away your freedom to share and change the works. By contrast,
296 the GNU General Public License is intended to guarantee your freedom to
297 share and change all versions of a program--to make sure it remains free
298 software for all its users. We, the Free Software Foundation, use the
299 GNU General Public License for most of our software; it applies also to
300 any other work released this way by its authors. You can apply it to
301 your programs, too.</p>
303 <p>When we speak of free software, we are referring to freedom, not
304 price. Our General Public Licenses are designed to make sure that you
305 have the freedom to distribute copies of free software (and charge for
306 them if you wish), that you receive source code or can get it if you
307 want it, that you can change the software or use pieces of it in new
308 free programs, and that you know you can do these things.</p>
310 <p>To protect your rights, we need to prevent others from denying you
311 these rights or asking you to surrender the rights. Therefore, you have
312 certain responsibilities if you distribute copies of the software, or if
313 you modify it: responsibilities to respect the freedom of others.</p>
315 <p>For example, if you distribute copies of such a program, whether
316 gratis or for a fee, you must pass on to the recipients the same
317 freedoms that you received. You must make sure that they, too, receive
318 or can get the source code. And you must show them these terms so they
319 know their rights.</p>
321 <p>Developers that use the GNU GPL protect your rights with two steps:
322 (1) assert copyright on the software, and (2) offer you this License
323 giving you legal permission to copy, distribute and/or modify it.</p>
325 <p>For the developers' and authors' protection, the GPL clearly explains
326 that there is no warranty for this free software. For both users' and
327 authors' sake, the GPL requires that modified versions be marked as
328 changed, so that their problems will not be attributed erroneously to
329 authors of previous versions.</p>
331 <p>Some devices are designed to deny users access to install or run
332 modified versions of the software inside them, although the manufacturer
333 can do so. This is fundamentally incompatible with the aim of
334 protecting users' freedom to change the software. The systematic
335 pattern of such abuse occurs in the area of products for individuals to
336 use, which is precisely where it is most unacceptable. Therefore, we
337 have designed this version of the GPL to prohibit the practice for those
338 products. If such problems arise substantially in other domains, we
339 stand ready to extend this provision to those domains in future versions
340 of the GPL, as needed to protect the freedom of users.</p>
342 <p>Finally, every program is threatened constantly by software patents.
343 States should not allow patents to restrict development and use of
344 software on general-purpose computers, but in those that do, we wish to
345 avoid the special danger that patents applied to a free program could
346 make it effectively proprietary. To prevent this, the GPL assures that
347 patents cannot be used to render the program non-free.</p>
349 <p>The precise terms and conditions for copying, distribution and
350 modification follow.</p>
352 <h3><a name="terms"></a>TERMS AND CONDITIONS</h3>
354 <h4><a name="section0"></a>0. Definitions.</h4>
356 <p>&ldquo;This License&rdquo; refers to version 3 of the GNU General Public License.</p>
358 <p>&ldquo;Copyright&rdquo; also means copyright-like laws that apply to other kinds of
359 works, such as semiconductor masks.</p>
362 <p>&ldquo;The Program&rdquo; refers to any copyrightable work licensed under this
363 License. Each licensee is addressed as &ldquo;you&rdquo;. &ldquo;Licensees&rdquo; and
364 &ldquo;recipients&rdquo; may be individuals or organizations.</p>
366 <p>To &ldquo;modify&rdquo; a work means to copy from or adapt all or part of the work
367 in a fashion requiring copyright permission, other than the making of an
368 exact copy. The resulting work is called a &ldquo;modified version&rdquo; of the
369 earlier work or a work &ldquo;based on&rdquo; the earlier work.</p>
371 <p>A &ldquo;covered work&rdquo; means either the unmodified Program or a work based
372 on the Program.</p>
374 <p>To &ldquo;propagate&rdquo; a work means to do anything with it that, without
375 permission, would make you directly or secondarily liable for
376 infringement under applicable copyright law, except executing it on a
377 computer or modifying a private copy. Propagation includes copying,
378 distribution (with or without modification), making available to the
379 public, and in some countries other activities as well.</p>
381 <p>To &ldquo;convey&rdquo; a work means any kind of propagation that enables other
382 parties to make or receive copies. Mere interaction with a user through
383 a computer network, with no transfer of a copy, is not conveying.</p>
385 <p>An interactive user interface displays &ldquo;Appropriate Legal Notices&rdquo;
386 to the extent that it includes a convenient and prominently visible
387 feature that (1) displays an appropriate copyright notice, and (2)
388 tells the user that there is no warranty for the work (except to the
389 extent that warranties are provided), that licensees may convey the
390 work under this License, and how to view a copy of this License. If
391 the interface presents a list of user commands or options, such as a
392 menu, a prominent item in the list meets this criterion.</p>
394 <h4><a name="section1"></a>1. Source Code.</h4>
396 <p>The &ldquo;source code&rdquo; for a work means the preferred form of the work
397 for making modifications to it. &ldquo;Object code&rdquo; means any non-source
398 form of a work.</p>
400 <p>A &ldquo;Standard Interface&rdquo; means an interface that either is an official
401 standard defined by a recognized standards body, or, in the case of
402 interfaces specified for a particular programming language, one that
403 is widely used among developers working in that language.</p>
405 <p>The &ldquo;System Libraries&rdquo; of an executable work include anything, other
406 than the work as a whole, that (a) is included in the normal form of
407 packaging a Major Component, but which is not part of that Major
408 Component, and (b) serves only to enable use of the work with that
409 Major Component, or to implement a Standard Interface for which an
410 implementation is available to the public in source code form. A
411 &ldquo;Major Component&rdquo;, in this context, means a major essential component
412 (kernel, window system, and so on) of the specific operating system
413 (if any) on which the executable work runs, or a compiler used to
414 produce the work, or an object code interpreter used to run it.</p>
416 <p>The &ldquo;Corresponding Source&rdquo; for a work in object code form means all
417 the source code needed to generate, install, and (for an executable
418 work) run the object code and to modify the work, including scripts to
419 control those activities. However, it does not include the work's
420 System Libraries, or general-purpose tools or generally available free
421 programs which are used unmodified in performing those activities but
422 which are not part of the work. For example, Corresponding Source
423 includes interface definition files associated with source files for
424 the work, and the source code for shared libraries and dynamically
425 linked subprograms that the work is specifically designed to require,
426 such as by intimate data communication or control flow between those
427 subprograms and other parts of the work.</p>
429 <p>The Corresponding Source need not include anything that users
430 can regenerate automatically from other parts of the Corresponding
431 Source.</p>
433 <p>The Corresponding Source for a work in source code form is that
434 same work.</p>
436 <h4><a name="section2"></a>2. Basic Permissions.</h4>
438 <p>All rights granted under this License are granted for the term of
439 copyright on the Program, and are irrevocable provided the stated
440 conditions are met. This License explicitly affirms your unlimited
441 permission to run the unmodified Program. The output from running a
442 covered work is covered by this License only if the output, given its
443 content, constitutes a covered work. This License acknowledges your
444 rights of fair use or other equivalent, as provided by copyright law.</p>
446 <p>You may make, run and propagate covered works that you do not
447 convey, without conditions so long as your license otherwise remains
448 in force. You may convey covered works to others for the sole purpose
449 of having them make modifications exclusively for you, or provide you
450 with facilities for running those works, provided that you comply with
451 the terms of this License in conveying all material for which you do
452 not control copyright. Those thus making or running the covered works
453 for you must do so exclusively on your behalf, under your direction
454 and control, on terms that prohibit them from making any copies of
455 your copyrighted material outside their relationship with you.</p>
457 <p>Conveying under any other circumstances is permitted solely under
458 the conditions stated below. Sublicensing is not allowed; section 10
459 makes it unnecessary.</p>
461 <h4><a name="section3"></a>3. Protecting Users' Legal Rights From Anti-Circumvention Law.</h4>
463 <p>No covered work shall be deemed part of an effective technological
464 measure under any applicable law fulfilling obligations under article
465 11 of the WIPO copyright treaty adopted on 20 December 1996, or
466 similar laws prohibiting or restricting circumvention of such
467 measures.</p>
469 <p>When you convey a covered work, you waive any legal power to forbid
470 circumvention of technological measures to the extent such circumvention
471 is effected by exercising rights under this License with respect to
472 the covered work, and you disclaim any intention to limit operation or
473 modification of the work as a means of enforcing, against the work's
474 users, your or third parties' legal rights to forbid circumvention of
475 technological measures.</p>
477 <h4><a name="section4"></a>4. Conveying Verbatim Copies.</h4>
479 <p>You may convey verbatim copies of the Program's source code as you
480 receive it, in any medium, provided that you conspicuously and
481 appropriately publish on each copy an appropriate copyright notice;
482 keep intact all notices stating that this License and any
483 non-permissive terms added in accord with section 7 apply to the code;
484 keep intact all notices of the absence of any warranty; and give all
485 recipients a copy of this License along with the Program.</p>
487 <p>You may charge any price or no price for each copy that you convey,
488 and you may offer support or warranty protection for a fee.</p>
490 <h4><a name="section5"></a>5. Conveying Modified Source Versions.</h4>
492 <p>You may convey a work based on the Program, or the modifications to
493 produce it from the Program, in the form of source code under the
494 terms of section 4, provided that you also meet all of these conditions:</p>
496 <ul>
497 <li>a) The work must carry prominent notices stating that you modified
498 it, and giving a relevant date.</li>
500 <li>b) The work must carry prominent notices stating that it is
501 released under this License and any conditions added under section
502 7. This requirement modifies the requirement in section 4 to
503 &ldquo;keep intact all notices&rdquo;.</li>
505 <li>c) You must license the entire work, as a whole, under this
506 License to anyone who comes into possession of a copy. This
507 License will therefore apply, along with any applicable section 7
508 additional terms, to the whole of the work, and all its parts,
509 regardless of how they are packaged. This License gives no
510 permission to license the work in any other way, but it does not
511 invalidate such permission if you have separately received it.</li>
513 <li>d) If the work has interactive user interfaces, each must display
514 Appropriate Legal Notices; however, if the Program has interactive
515 interfaces that do not display Appropriate Legal Notices, your
516 work need not make them do so.</li>
517 </ul>
519 <p>A compilation of a covered work with other separate and independent
520 works, which are not by their nature extensions of the covered work,
521 and which are not combined with it such as to form a larger program,
522 in or on a volume of a storage or distribution medium, is called an
523 &ldquo;aggregate&rdquo; if the compilation and its resulting copyright are not
524 used to limit the access or legal rights of the compilation's users
525 beyond what the individual works permit. Inclusion of a covered work
526 in an aggregate does not cause this License to apply to the other
527 parts of the aggregate.</p>
529 <h4><a name="section6"></a>6. Conveying Non-Source Forms.</h4>
531 <p>You may convey a covered work in object code form under the terms
532 of sections 4 and 5, provided that you also convey the
533 machine-readable Corresponding Source under the terms of this License,
534 in one of these ways:</p>
536 <ul>
537 <li>a) Convey the object code in, or embodied in, a physical product
538 (including a physical distribution medium), accompanied by the
539 Corresponding Source fixed on a durable physical medium
540 customarily used for software interchange.</li>
542 <li>b) Convey the object code in, or embodied in, a physical product
543 (including a physical distribution medium), accompanied by a
544 written offer, valid for at least three years and valid for as
545 long as you offer spare parts or customer support for that product
546 model, to give anyone who possesses the object code either (1) a
547 copy of the Corresponding Source for all the software in the
548 product that is covered by this License, on a durable physical
549 medium customarily used for software interchange, for a price no
550 more than your reasonable cost of physically performing this
551 conveying of source, or (2) access to copy the
552 Corresponding Source from a network server at no charge.</li>
554 <li>c) Convey individual copies of the object code with a copy of the
555 written offer to provide the Corresponding Source. This
556 alternative is allowed only occasionally and noncommercially, and
557 only if you received the object code with such an offer, in accord
558 with subsection 6b.</li>
560 <li>d) Convey the object code by offering access from a designated
561 place (gratis or for a charge), and offer equivalent access to the
562 Corresponding Source in the same way through the same place at no
563 further charge. You need not require recipients to copy the
564 Corresponding Source along with the object code. If the place to
565 copy the object code is a network server, the Corresponding Source
566 may be on a different server (operated by you or a third party)
567 that supports equivalent copying facilities, provided you maintain
568 clear directions next to the object code saying where to find the
569 Corresponding Source. Regardless of what server hosts the
570 Corresponding Source, you remain obligated to ensure that it is
571 available for as long as needed to satisfy these requirements.</li>
573 <li>e) Convey the object code using peer-to-peer transmission, provided
574 you inform other peers where the object code and Corresponding
575 Source of the work are being offered to the general public at no
576 charge under subsection 6d.</li>
577 </ul>
579 <p>A separable portion of the object code, whose source code is excluded
580 from the Corresponding Source as a System Library, need not be
581 included in conveying the object code work.</p>
583 <p>A &ldquo;User Product&rdquo; is either (1) a &ldquo;consumer product&rdquo;, which means any
584 tangible personal property which is normally used for personal, family,
585 or household purposes, or (2) anything designed or sold for incorporation
586 into a dwelling. In determining whether a product is a consumer product,
587 doubtful cases shall be resolved in favor of coverage. For a particular
588 product received by a particular user, &ldquo;normally used&rdquo; refers to a
589 typical or common use of that class of product, regardless of the status
590 of the particular user or of the way in which the particular user
591 actually uses, or expects or is expected to use, the product. A product
592 is a consumer product regardless of whether the product has substantial
593 commercial, industrial or non-consumer uses, unless such uses represent
594 the only significant mode of use of the product.</p>
596 <p>&ldquo;Installation Information&rdquo; for a User Product means any methods,
597 procedures, authorization keys, or other information required to install
598 and execute modified versions of a covered work in that User Product from
599 a modified version of its Corresponding Source. The information must
600 suffice to ensure that the continued functioning of the modified object
601 code is in no case prevented or interfered with solely because
602 modification has been made.</p>
604 <p>If you convey an object code work under this section in, or with, or
605 specifically for use in, a User Product, and the conveying occurs as
606 part of a transaction in which the right of possession and use of the
607 User Product is transferred to the recipient in perpetuity or for a
608 fixed term (regardless of how the transaction is characterized), the
609 Corresponding Source conveyed under this section must be accompanied
610 by the Installation Information. But this requirement does not apply
611 if neither you nor any third party retains the ability to install
612 modified object code on the User Product (for example, the work has
613 been installed in ROM).</p>
615 <p>The requirement to provide Installation Information does not include a
616 requirement to continue to provide support service, warranty, or updates
617 for a work that has been modified or installed by the recipient, or for
618 the User Product in which it has been modified or installed. Access to a
619 network may be denied when the modification itself materially and
620 adversely affects the operation of the network or violates the rules and
621 protocols for communication across the network.</p>
623 <p>Corresponding Source conveyed, and Installation Information provided,
624 in accord with this section must be in a format that is publicly
625 documented (and with an implementation available to the public in
626 source code form), and must require no special password or key for
627 unpacking, reading or copying.</p>
629 <h4><a name="section7"></a>7. Additional Terms.</h4>
631 <p>&ldquo;Additional permissions&rdquo; are terms that supplement the terms of this
632 License by making exceptions from one or more of its conditions.
633 Additional permissions that are applicable to the entire Program shall
634 be treated as though they were included in this License, to the extent
635 that they are valid under applicable law. If additional permissions
636 apply only to part of the Program, that part may be used separately
637 under those permissions, but the entire Program remains governed by
638 this License without regard to the additional permissions.</p>
640 <p>When you convey a copy of a covered work, you may at your option
641 remove any additional permissions from that copy, or from any part of
642 it. (Additional permissions may be written to require their own
643 removal in certain cases when you modify the work.) You may place
644 additional permissions on material, added by you to a covered work,
645 for which you have or can give appropriate copyright permission.</p>
647 <p>Notwithstanding any other provision of this License, for material you
648 add to a covered work, you may (if authorized by the copyright holders of
649 that material) supplement the terms of this License with terms:</p>
651 <ul>
652 <li>a) Disclaiming warranty or limiting liability differently from the
653 terms of sections 15 and 16 of this License; or</li>
655 <li>b) Requiring preservation of specified reasonable legal notices or
656 author attributions in that material or in the Appropriate Legal
657 Notices displayed by works containing it; or</li>
659 <li>c) Prohibiting misrepresentation of the origin of that material, or
660 requiring that modified versions of such material be marked in
661 reasonable ways as different from the original version; or</li>
663 <li>d) Limiting the use for publicity purposes of names of licensors or
664 authors of the material; or</li>
666 <li>e) Declining to grant rights under trademark law for use of some
667 trade names, trademarks, or service marks; or</li>
669 <li>f) Requiring indemnification of licensors and authors of that
670 material by anyone who conveys the material (or modified versions of
671 it) with contractual assumptions of liability to the recipient, for
672 any liability that these contractual assumptions directly impose on
673 those licensors and authors.</li>
674 </ul>
676 <p>All other non-permissive additional terms are considered &ldquo;further
677 restrictions&rdquo; within the meaning of section 10. If the Program as you
678 received it, or any part of it, contains a notice stating that it is
679 governed by this License along with a term that is a further
680 restriction, you may remove that term. If a license document contains
681 a further restriction but permits relicensing or conveying under this
682 License, you may add to a covered work material governed by the terms
683 of that license document, provided that the further restriction does
684 not survive such relicensing or conveying.</p>
686 <p>If you add terms to a covered work in accord with this section, you
687 must place, in the relevant source files, a statement of the
688 additional terms that apply to those files, or a notice indicating
689 where to find the applicable terms.</p>
691 <p>Additional terms, permissive or non-permissive, may be stated in the
692 form of a separately written license, or stated as exceptions;
693 the above requirements apply either way.</p>
695 <h4><a name="section8"></a>8. Termination.</h4>
697 <p>You may not propagate or modify a covered work except as expressly
698 provided under this License. Any attempt otherwise to propagate or
699 modify it is void, and will automatically terminate your rights under
700 this License (including any patent licenses granted under the third
701 paragraph of section 11).</p>
703 <p>However, if you cease all violation of this License, then your
704 license from a particular copyright holder is reinstated (a)
705 provisionally, unless and until the copyright holder explicitly and
706 finally terminates your license, and (b) permanently, if the copyright
707 holder fails to notify you of the violation by some reasonable means
708 prior to 60 days after the cessation.</p>
710 <p>Moreover, your license from a particular copyright holder is
711 reinstated permanently if the copyright holder notifies you of the
712 violation by some reasonable means, this is the first time you have
713 received notice of violation of this License (for any work) from that
714 copyright holder, and you cure the violation prior to 30 days after
715 your receipt of the notice.</p>
717 <p>Termination of your rights under this section does not terminate the
718 licenses of parties who have received copies or rights from you under
719 this License. If your rights have been terminated and not permanently
720 reinstated, you do not qualify to receive new licenses for the same
721 material under section 10.</p>
723 <h4><a name="section9"></a>9. Acceptance Not Required for Having Copies.</h4>
725 <p>You are not required to accept this License in order to receive or
726 run a copy of the Program. Ancillary propagation of a covered work
727 occurring solely as a consequence of using peer-to-peer transmission
728 to receive a copy likewise does not require acceptance. However,
729 nothing other than this License grants you permission to propagate or
730 modify any covered work. These actions infringe copyright if you do
731 not accept this License. Therefore, by modifying or propagating a
732 covered work, you indicate your acceptance of this License to do so.</p>
734 <h4><a name="section10"></a>10. Automatic Licensing of Downstream Recipients.</h4>
736 <p>Each time you convey a covered work, the recipient automatically
737 receives a license from the original licensors, to run, modify and
738 propagate that work, subject to this License. You are not responsible
739 for enforcing compliance by third parties with this License.</p>
741 <p>An &ldquo;entity transaction&rdquo; is a transaction transferring control of an
742 organization, or substantially all assets of one, or subdividing an
743 organization, or merging organizations. If propagation of a covered
744 work results from an entity transaction, each party to that
745 transaction who receives a copy of the work also receives whatever
746 licenses to the work the party's predecessor in interest had or could
747 give under the previous paragraph, plus a right to possession of the
748 Corresponding Source of the work from the predecessor in interest, if
749 the predecessor has it or can get it with reasonable efforts.</p>
751 <p>You may not impose any further restrictions on the exercise of the
752 rights granted or affirmed under this License. For example, you may
753 not impose a license fee, royalty, or other charge for exercise of
754 rights granted under this License, and you may not initiate litigation
755 (including a cross-claim or counterclaim in a lawsuit) alleging that
756 any patent claim is infringed by making, using, selling, offering for
757 sale, or importing the Program or any portion of it.</p>
759 <h4><a name="section11"></a>11. Patents.</h4>
761 <p>A &ldquo;contributor&rdquo; is a copyright holder who authorizes use under this
762 License of the Program or a work on which the Program is based. The
763 work thus licensed is called the contributor's &ldquo;contributor version&rdquo;.</p>
765 <p>A contributor's &ldquo;essential patent claims&rdquo; are all patent claims
766 owned or controlled by the contributor, whether already acquired or
767 hereafter acquired, that would be infringed by some manner, permitted
768 by this License, of making, using, or selling its contributor version,
769 but do not include claims that would be infringed only as a
770 consequence of further modification of the contributor version. For
771 purposes of this definition, &ldquo;control&rdquo; includes the right to grant
772 patent sublicenses in a manner consistent with the requirements of
773 this License.</p>
775 <p>Each contributor grants you a non-exclusive, worldwide, royalty-free
776 patent license under the contributor's essential patent claims, to
777 make, use, sell, offer for sale, import and otherwise run, modify and
778 propagate the contents of its contributor version.</p>
780 <p>In the following three paragraphs, a &ldquo;patent license&rdquo; is any express
781 agreement or commitment, however denominated, not to enforce a patent
782 (such as an express permission to practice a patent or covenant not to
783 sue for patent infringement). To &ldquo;grant&rdquo; such a patent license to a
784 party means to make such an agreement or commitment not to enforce a
785 patent against the party.</p>
787 <p>If you convey a covered work, knowingly relying on a patent license,
788 and the Corresponding Source of the work is not available for anyone
789 to copy, free of charge and under the terms of this License, through a
790 publicly available network server or other readily accessible means,
791 then you must either (1) cause the Corresponding Source to be so
792 available, or (2) arrange to deprive yourself of the benefit of the
793 patent license for this particular work, or (3) arrange, in a manner
794 consistent with the requirements of this License, to extend the patent
795 license to downstream recipients. &ldquo;Knowingly relying&rdquo; means you have
796 actual knowledge that, but for the patent license, your conveying the
797 covered work in a country, or your recipient's use of the covered work
798 in a country, would infringe one or more identifiable patents in that
799 country that you have reason to believe are valid.</p>
802 <p>If, pursuant to or in connection with a single transaction or
803 arrangement, you convey, or propagate by procuring conveyance of, a
804 covered work, and grant a patent license to some of the parties
805 receiving the covered work authorizing them to use, propagate, modify
806 or convey a specific copy of the covered work, then the patent license
807 you grant is automatically extended to all recipients of the covered
808 work and works based on it.</p>
810 <p>A patent license is &ldquo;discriminatory&rdquo; if it does not include within
811 the scope of its coverage, prohibits the exercise of, or is
812 conditioned on the non-exercise of one or more of the rights that are
813 specifically granted under this License. You may not convey a covered
814 work if you are a party to an arrangement with a third party that is
815 in the business of distributing software, under which you make payment
816 to the third party based on the extent of your activity of conveying
817 the work, and under which the third party grants, to any of the
818 parties who would receive the covered work from you, a discriminatory
819 patent license (a) in connection with copies of the covered work
820 conveyed by you (or copies made from those copies), or (b) primarily
821 for and in connection with specific products or compilations that
822 contain the covered work, unless you entered into that arrangement,
823 or that patent license was granted, prior to 28 March 2007.</p>
825 <p>Nothing in this License shall be construed as excluding or limiting
826 any implied license or other defenses to infringement that may
827 otherwise be available to you under applicable patent law.</p>
829 <h4><a name="section12"></a>12. No Surrender of Others' Freedom.</h4>
831 <p>If conditions are imposed on you (whether by court order, agreement or
832 otherwise) that contradict the conditions of this License, they do not
833 excuse you from the conditions of this License. If you cannot convey a
834 covered work so as to satisfy simultaneously your obligations under this
835 License and any other pertinent obligations, then as a consequence you may
836 not convey it at all. For example, if you agree to terms that obligate you
837 to collect a royalty for further conveying from those to whom you convey
838 the Program, the only way you could satisfy both those terms and this
839 License would be to refrain entirely from conveying the Program.</p>
841 <h4><a name="section13"></a>13. Use with the GNU Affero General Public License.</h4>
843 <p>Notwithstanding any other provision of this License, you have
844 permission to link or combine any covered work with a work licensed
845 under version 3 of the GNU Affero General Public License into a single
846 combined work, and to convey the resulting work. The terms of this
847 License will continue to apply to the part which is the covered work,
848 but the special requirements of the GNU Affero General Public License,
849 section 13, concerning interaction through a network will apply to the
850 combination as such.</p>
852 <h4><a name="section14"></a>14. Revised Versions of this License.</h4>
854 <p>The Free Software Foundation may publish revised and/or new versions of
855 the GNU General Public License from time to time. Such new versions will
856 be similar in spirit to the present version, but may differ in detail to
857 address new problems or concerns.</p>
859 <p>Each version is given a distinguishing version number. If the
860 Program specifies that a certain numbered version of the GNU General
861 Public License &ldquo;or any later version&rdquo; applies to it, you have the
862 option of following the terms and conditions either of that numbered
863 version or of any later version published by the Free Software
864 Foundation. If the Program does not specify a version number of the
865 GNU General Public License, you may choose any version ever published
866 by the Free Software Foundation.</p>
868 <p>If the Program specifies that a proxy can decide which future
869 versions of the GNU General Public License can be used, that proxy's
870 public statement of acceptance of a version permanently authorizes you
871 to choose that version for the Program.</p>
873 <p>Later license versions may give you additional or different
874 permissions. However, no additional obligations are imposed on any
875 author or copyright holder as a result of your choosing to follow a
876 later version.</p>
878 <h4><a name="section15"></a>15. Disclaimer of Warranty.</h4>
880 <p>THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
881 APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
882 HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM &ldquo;AS IS&rdquo; WITHOUT WARRANTY
883 OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
884 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
885 PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
886 IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
887 ALL NECESSARY SERVICING, REPAIR OR CORRECTION.</p>
889 <h4><a name="section16"></a>16. Limitation of Liability.</h4>
891 <p>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
892 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
893 THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
894 GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
895 USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
896 DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
897 PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
898 EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
899 SUCH DAMAGES.</p>
901 <h4><a name="section17"></a>17. Interpretation of Sections 15 and 16.</h4>
903 <p>If the disclaimer of warranty and limitation of liability provided
904 above cannot be given local legal effect according to their terms,
905 reviewing courts shall apply local law that most closely approximates
906 an absolute waiver of all civil liability in connection with the
907 Program, unless a warranty or assumption of liability accompanies a
908 copy of the Program in return for a fee.</p>
910 <p>END OF TERMS AND CONDITIONS</p>
912 <br>
913 <hr size="2" width="100%"><br>
914 <div align="center">
915 <h2><a name="Installation"></a>Installation</h2>
916 </div>
917 <div align="justify">
918 <h3>Overview</h3>
919 <p>Citadel is an advanced, multiuser, client/server messaging system
920 suitable for BBS, e-mail, and groupware applications. It is designed to
921 handle the needs of both small dialup systems and large-scale
922 Internet-connected systems. It was originally developed on an Altos
923 system running Xenix, and has been installed and tested on various Unix
924 and Unix-like platforms. The current development environment (and
925 public BBS) is an ordinary Linux system. The current distribution
926 includes: </p>
927 <ul>
928 <li>The Citadel server (this is the back end that does all
929 processing) </li>
930 <li>A text-based client program designed with the traditional Citadel
931 "look and feel" (room prompts, dot commands, and the like) </li>
932 <li>Setup programs </li>
933 <li>A set of utilities for system administration and maintenance </li>
934 <li>Documentation </li>
935 </ul>
936 <p>Some knowledge of the Unix system is necessary to install and manage
937 the system. It is mandatory that the sysop have "root" access to the
938 operating system. The following are required to install Citadel: </p>
939 <ul>
940 <li>A unix-like operating system (Linux, FreeBSD, Solaris, etc.) </li>
941 <li>The GNU build tools (<a href="http://gcc.gnu.org/">GCC</a> with <a
942 href="http://www.gnu.org/software/make/make.html">gmake</a> is the
943 recommended build environment) </li>
944 <li><a href="http://www.sleepycat.com">Berkeley DB</a> v4.1 or newer</li>
945 <li><a href="http://www.aurore.net/projects/libical/">libical</a> v0.26 or
946 newer (if you want the calendar service to work)</li>
947 <li><a href="http://libsieve.sourceforge.net">libSieve</a> v2.2.3 or newer
948 (if you want mail filtering/scripting to work)</li>
949 <li>Enough disk space to hold all of the programs and data </li>
950 </ul>
951 <p>If you are running Citadel on a Linux system, it is STRONGLY
952 recommended that you run it on a recent distribution (such as CentOS
953 4.1 or newer). A new-ish
954 distribution will have many of the prerequisite tools and
955 libraries already integrated for you.</p>
956 <h3>Other pieces which complete the Citadel system:</h3>
957 <ul>
958 <li>"WebCit", a gateway program to allow full access to Citadel via
959 the World Wide Web. Interactive access through any Web browser. </li>
960 <li>Access to Citadel via <i>any</i> standards-compliant e-mail
961 program, thanks to Citadel's built-in SMTP, POP, and IMAP services.
962 You can use Mozilla, Netscape, Evolution, Eudora, Pine, Outlook, etc.
963 with Citadel.</li>
964 <li>Access to Citadel's calendar and address book functions using any
965 PIM client that supports Webcal or GroupDAV (requires WebCit).<br>
966 </li>
967 </ul>
968 <h3>Coming soon:</h3>
969 <ul>
970 <li>More integration with third-party software.<br>
971 </li>
972 </ul>
973 <h3><a name="Everything_in_its_place..."></a>Everything in its place...</h3>
974 <p>Hopefully you've unpacked the distribution archive into its own
975 directory. This is the directory in which all Citadel files are located
976 and in
977 which all activity will take place. Several subdirectories have already
978 been created during the unpacking process, and others may be created
979 by the software if needed. Make sure you have Berkeley DB installed on
980 your system, and that you have all the development libraries and
981 headers
982 in place so that you can compile against them. If you don't, you can
983 get the latest Berkeley DB at
984 <a href="http://www.sleepycat.com">http://www.sleepycat.com</a>.
985 If your operating system uses a separate library to support POSIX
986 threads (pthreads), make sure that library is installed as well. This
987 is almost never the case with Linux, but some commercial Unix flavors
988 might need it.<br>
989 <br>
990 </p>
991 <h3><a name="ctdl_login_acct"></a>Creating a system account for Citadel</h3>
992 <p>As with many Unix programs, Citadel wants to run under its own user
993 ID. Unlike other programs, however, this user ID will do double-duty as
994 a public login for your system if you are running a BBS. This account
995 is typically called "bbs" or "citadel" or something to that effect. You
996 will tell Citadel what the user-id of that account is, and when someone
997 logs in under that account, Citadel will prompt for a user name.</p>
998 <p>The Citadel user should have a unique uid. The home directory should
999 be the one your Citadel installation resides in (in this example we
1000 will use <tt>/usr/local/citadel</tt>) and the shell should be either
1001 "citadel" in
1002 that directory, or a script that will start up the citadel client.
1003 Example:</p>
1004 <pre>citadel::100:1:Citadel Login:/usr/local/citadel:/usr/local/citadel/citadel<br></pre>
1005 <p>When you run setup later, you will be required to tell it the
1006 username or user ID of the account you created is, so it knows what
1007 user to run as. If you create an account called <tt>citadel, bbs</tt>,
1008 or <tt>guest</tt>, the setup program will automatically pick up the
1009 user ID by default.</p>
1010 <p>For all other users in <tt>/etc/passwd</tt> (or in some other name
1011 service such as NIS), Citadel can automatically set up
1012 such as NIS), Citadel can automatically set up
1013 an account using the full name (or 'gecos' in Unixspeak) of the user.
1014 It'll also ignore any password you supply, because it uses the user's
1015 password on the host system. This allows a 'single sign on' type of
1016 environment.
1017 Note that this does have to be enabled at setup time -- it's the
1018 option called &quot;host based authentication mode&quot;. Keep in
1019 mind that these users can use *either* their Citadel login name or
1020 their login name on the host computer, and their password on the
1021 host computer.</p>
1022 <h3><a name="bypassing_login"></a>Bypassing the <tt>login:</tt>
1023 prompt</h3>
1024 <p>If you normally log in to your host system using some method other
1025 than telnet (such as ssh), you might want the telnet service to go
1026 straight into Citadel, instead of displaying the <tt>login:</tt>
1027 prompt first. You
1028 can do this by having telnetd start citadel directly instead of
1029 <tt>/bin/login</tt>. The <tt>setup</tt> program will offer to
1030 configure
1031 this automatically for you if it sees a configuration it understands.
1032 If you would prefer to configure it manually, all you need to do is
1033 make a
1034 simple change to your <tt>inetd</tt> or <tt>xinetd</tt>
1035 configuration. Here are some configuration examples.</p>
1036 <p>An example for <tt>inetd</tt> (put the following line in <tt>/etc/inetd.conf</tt>,
1037 replacing any existing telnet configuration line already there):</p>
1038 <pre>telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -L /usr/local/citadel/citadel<br></pre>
1039 <p>An example for <tt>xinetd</tt> (if you have a file called <tt>/etc/xinetd.d/telnet</tt>
1040 then simply replace that file with this one):</p>
1041 <pre>service telnet<br>{<br> flags = REUSE<br> socket_type = stream<br> wait = no<br> user = root<br> server = /usr/sbin/in.telnetd<br> server_args = -L /usr/local/citadel/citadel<br> log_on_failure += USERID<br> disable = no<br>}<br></pre>
1042 <p>Please make sure you know what you're doing before you install this!
1044 you are going to put Citadel somewhere other than <tt>/usr/local/citadel</tt>
1045 then change the directory name accordingly. If you know of any other
1046 local peculiarities which need to be observed, edit the above
1047 configuration
1048 accordingly as well. And, of course, if you're working remotely, make
1049 sure you can successfully log in using SSH <b>before</b> you start
1050 making
1051 changes to telnet, because if you accidentally break telnet and don't
1052 have
1053 SSH running, you'll have effectively locked yourself out of your system
1054 until you can get physical access to the console.<br>
1055 <br>
1056 </p>
1057 <h3><a name="Compiling_the_programs"></a>Compiling the programs</h3>
1058 <p>You can easily compile the Citadel system with the following
1059 commands:</p>
1060 <pre>./configure<br>make<br>make install<br></pre>
1061 <p>The 'configure' script will generate a Makefile from the
1062 Makefile.in,
1063 and it will also write the file "sysdep.h" to your Citadel directory.
1064 Please do not edit sysdep.h or Makefile.in yourself. The configure
1065 script will
1066 figure out your system dependencies and set everything correctly.</p>
1067 <p>Mac OS X 10.1 and later are now supported. (Sorry, 10.0 cannot be
1068 supported, now or in the future.) You need to install the Developer
1069 Tools CD, which you can purchase or download for free from <a
1070 href="http://developer.apple.com">http://developer.apple.com</a>. Then
1071 run configure like this:</p>
1072 <pre>env CC=/usr/bin/cc ./configure (options - see below)<br></pre>
1073 <p>By default, the Citadel system will install in <tt>/usr/local/citadel</tt>.
1074 If you wish to place it in a different directory, you can instead do:</p>
1075 <pre>./configure --prefix=/export/home/citadel (or whatever)<br></pre>
1076 <p>If you've got Berkeley DB installed in a non-standard location, you
1077 can help the configure script find it by doing something like this:</p>
1078 <pre>./configure --with-db=/usr/local/BerkeleyDB-4.1<br></pre>
1079 <p>Keep in mind that if you're using Berkeley DB from a non-standard
1080 location,
1081 you'll have to make sure that location is available at runtime.</p>
1082 <p>File permissions are always a bother to work with. You don't want
1083 Citadel to crash because someone couldn't access a file, but you also
1084 don't want shell users peeking into the binaries to do things like
1085 reading others' mail, finding private rooms, etc. The Citadel server
1086 needs to be started as root in order to bind to privileged ports, but
1087 as soon as its initialization is finished, it changes its user ID to
1088 your Citadel user in order to avoid security holes.</p>
1089 <h3><a name="Upgrading"></a>Upgrading</h3>
1090 <p>Any existing Citadel installation which is at version 5.50 or newer
1091 may be upgraded in place without the need to discard your existing data
1092 files.</p>
1093 <p>Upgrading to a new version uses the same build procedure as
1094 compiling
1095 the program for a fresh install, except that you want to do <tt>make
1096 upgrade</tt> instead of <tt>make install</tt>. This will
1097 overwrite the programs but not your data. <b>Be sure to shut down
1098 citserver during this process!</b> If Citadel is running while you
1099 upgrade, you may face data corruption issues.<br>
1100 </p>
1101 <p>After doing <tt>make upgrade</tt>, you should run <tt>setup</tt>
1102 again to bring your data files up to date. Please see the setup section
1103 below for more information on this.</p>
1104 <h3><a name="rc_file"></a>The <tt>citadel.rc</tt> file</h3>
1105 <p>The text-based client included with Citadel is suitable for BBS
1106 applications. Much of its command set and other behavior is
1107 configurable through a Run Control (RC) file. The standard client looks
1108 for this file in the following locations: </p>
1109 <ul>
1110 <li><tt>$HOME/.citadelrc</tt></li>
1111 <li><i>your-Citadel-directory</i><tt>/citadel.rc</tt></li>
1112 <li><tt>/etc/citadel.rc</tt></li>
1113 <li><i>current-directory</i><tt>/citadel.rc</tt></li>
1114 </ul>
1115 The next couple of sections deal with client-side configuration.
1116 <h3><a name="Using_an_external_editor_for_message"></a>Using an
1117 external editor
1118 for message composition</h3>
1119 <p>Citadel has a built-in message editor. However, you can also use
1120 your favorite text editor to write messages. To do this you simply put
1121 a line in your citadel.rc file like this:</p>
1122 <pre>editor=/usr/bin/vi<br></pre>
1123 <p>The above example would make Citadel call the vi editor when using
1124 the <tt><b>.E</b>nter <b>E</b>ditor</tt> command, or when a user
1125 selects the &quot;Always compose messages with the full-screen
1126 editor&quot; option. You can also make
1127 it the default editor for the <tt><b>E</b>nter</tt> command by editing
1128 the <tt>citadel.rc</tt> file. <b>But be warned:</b> external editors
1129 on public systems can
1130 be a security hole, because they usually provide users with the ability
1131 to drop into a shell on the host system, or save files using names
1132 other
1133 than the name of the temporary file they are editing. If you intend to
1134 use an external editor on a public BBS, make sure you use one that has
1135 been
1136 hardened for such a purpose -- one which has had the 'shell' and 'save
1138 commands disabled, as well as any other functions which a destructive
1139 user could use to gain unauthorized access to your host system.</p>
1140 <h3><a name="Printing_messages"></a>Printing messages</h3>
1141 <p>Citadel can send messages to a printer, or just about anywhere
1142 else in your system. The variable <tt>PRINTCMD</tt> in <tt>citadel.rc</tt>
1143 specifies what command you use to print. Text is sent to the standard
1144 input (stdin) of the print command.</p>
1145 <p>So if you did this:</p>
1146 <pre>printcmd="a2ps -o - |lpr -Plocal"<br></pre>
1147 <p>...that would convert the printed text to PostScript, then print on
1149 printer named "local". There's tons of stuff you can do with this
1150 feature. For example, you could use a command like <tt>cat
1151 &lt;&lt;$HOME/archive</tt> to save copies of important messages in a
1152 textfile. Again, this is probably something you don't want to configure
1153 for a public BBS host -- most system administrators don't want remote
1154 users sending arbitrary things to local printers.</p>
1155 <h3><a name="URL_viewing"></a>URL viewing</h3>
1156 <p>This is one more feature which is appropriate for local users. While
1157 reading
1158 a message that has Internet URL's in it, you can select the <tt><b>U</b>RL-view</tt>
1159 command, and it will perform some pre-defined action (usually, this is
1160 to open up the URL in a web browser). For example:</p>
1161 <pre>urlcmd=netscape -remote "openURL(%s)"<br></pre>
1162 <p>In the above example, it would open up the URL in an open <a
1163 href="http://www.netscape.com/download">Netscape</a> window.<br>
1164 <br>
1165 </p>
1166 <h3><a name="Setup_and_login"></a>Setup and login</h3>
1167 <p>Before logging in for the first time, you must run the setup
1168 program. To begin this procedure, enter the following commands:</p>
1169 <pre>cd /usr/local/citadel<br>./setup<br></pre>
1170 <p>The setup program will guide you through a simple configuration
1171 procedure. It will ask you what directory to place your data files in
1172 -- the default is the current directory, which is usually the sensible
1173 thing to select. If you want to run more than one instance of Citadel
1174 on the same host, however, you can specify a different directory here
1175 -- just remember to specify the directory name again when you start up
1176 the server later on.</p>
1177 <p><tt>setup</tt> will then shut down the Citadel service if it is
1178 found to
1179 be running.</p>
1180 <p>You will then be prompted for the name of the system administrator.
1181 This is not merely a cosmetic option -- when you log in to your system
1182 a little while from now, you'll log in with this name, and it will
1183 automatically assign your account the highest access level.</p>
1184 <p>Next, you will be prompted for the User ID of the Citadel account on
1185 your host system. If you have an account called <tt>bbs</tt>, <tt>guest</tt>,
1186 or <tt>citadel</tt>, that account's UID will be the default. If you
1187 are upgrading or reconfiguring an existing system, the existing value
1188 will be preserved.</p>
1189 <p>Then you will be prompted for a server port number. This is the TCP
1190 port which Citadel clients use to connect to your Citadel server. In
1191 almost all cases, you want to use the default -- port 504, which is the
1192 official port number assigned by the IANA for Citadel implementations.</p>
1193 <p><tt>setup</tt> will then ask you about authentication mode. <i>Please
1194 understand this question thoroughly before answering it.</i> You have a
1195 choice of two authentication modes:
1196 <ul>
1197 <li><i>Native authentication</i> - Citadel maintains its own user database.
1198 This is the normal mode of authentication. Citadel operates as a "black
1199 box" and your users do not have to have accounts or home directories on the
1200 host server.
1201 <li><i>Host based authentication</i> - access to Citadel is authenticated
1202 against the user database (<tt>/etc/passwd</tt> or perhaps NIS, etc.).
1203 </ul>
1204 You will be asked if you wish to use host based authentication. If you
1205 wish to do so, answer "Yes" at the prompt. For most installations, "No"
1206 is the appropriate answer.
1207 </p>
1208 <p>The Citadel service will then be started, and you will see the
1209 following message:</p>
1210 <pre>Setup is finished. You may now log in.<br></pre>
1211 <p>Setup is now complete, on most systems, anyway. Please see below to
1212 find out if you need to do anything else:</p>
1213 <h3><a name="Configuring_your_host_system_to_start"></a>Configuring
1214 your host
1215 system to start the service</h3>
1216 <p><b>Please note:</b> this topic involves modifications made to <tt>/etc/services</tt>
1217 and <tt>/etc/inittab</tt> in order to configure your host system to
1218 automatically start the Citadel service. <tt>setup</tt> will
1219 automatically perform these steps if it can, and if you allow it to --
1220 just answer 'Yes' when prompted, and everything will be taken care of
1221 for you. If you answer 'No' -- or if your system is a little bit odd
1222 (for example, BSD systems don't have <tt>/etc/inittab</tt>) -- read
1223 this section and do what you need to in order to get things configured.</p>
1224 <p>Before you can use Citadel, you must define the "citadel" service to
1225 your system. This is accomplished by adding a line to your
1226 /etc/services file that looks something like this:</p>
1227 <pre>citadel 504/tcp # Citadel Server<br></pre>
1228 <p>504 is the port number officially designated by the IANA for use by
1229 Citadel. There should not be any need to use a different port number,
1230 unless you are running multiple Citadels on the same computer and
1231 therefore need
1232 a different port for each one.</p>
1233 <p>The next step is to arrange for the server to start. The <tt>citserver</tt>
1234 program is the main Citadel server. Before we cover the recommended
1235 method of starting the server, let's examine its usage options:</p>
1236 <pre>citserver [-hHomeDir] [-xDebugLevel] [-tTraceFile] [-lLogFacility] [-d] [-f]<br></pre>
1237 <p>The options are as follows:</p>
1238 <p><tt>-hHomeDir</tt> - the directory your Citadel data files live in.
1239 This should, of course, be a directory that you've run the <tt>setup</tt>
1240 program against to set up some data files. If a directory is not
1241 specified, the directory
1242 name which was specified in the <tt>Makefile</tt> will be used.</p>
1243 <p><tt>-xDebugLevel</tt> - Set the verbosity of trace messages printed.
1244 When -x is used, it will suppress messages sent to syslog (see below).
1246 other words, syslog will never see certain messages if -x is used.
1247 Normally
1248 you should configure logging through syslog, but -x may still be useful
1250 some circumstances. The available debugging levels are: </p>
1251 <ul>
1252 <li>0 - Emergency condition; Citadel will exit immediately </li>
1253 <li>1 - Severe errors; Citadel may be unable to continue without
1254 attention </li>
1255 <li>2 - Critical errors; Citadel will continue with degraded
1256 functionality </li>
1257 <li>3 - Error conditions; Citadel will recover and continue normally </li>
1258 <li>4 - Warning messages; Citadel will continue normally </li>
1259 <li>5 - Normal operational messages </li>
1260 <li>6 - Informational messages, progress reports, etc. </li>
1261 <li>7 - Debugging messages; extremely verbose </li>
1262 </ul>
1263 <p><tt>-tTraceFile</tt> - Tell the server where to send its debug/trace
1264 output. Normally it is sent to stdout.</p>
1265 <p><tt>-lLogFacility</tt> - Tell the server to send its debug/trace
1266 output
1267 to the <tt>syslog</tt> service on the host system <i>instead of</i>
1268 to a
1269 trace file. <tt>LogFacility</tt> must be one of: <tt><i>kern, user,
1270 mail,
1271 daemon, auth, syslog, lpr, news, uucp, local0, local1, local2, local3,
1272 local4, local5, local6, local7</i></tt>. Please note that use of the
1273 <tt>-l</tt> option will cancel any use of the <tt>-t</tt> option; that
1275 if you specify a trace file <i>and</i> a syslog facility, log output
1276 will
1277 only go to the syslog facility.
1278 </p>
1279 <p><tt>-d</tt> - Run as a daemon; i.e. in the background. This switch
1280 would be necessary if you were starting the Citadel server, for
1281 example, from an rc.local script (which is not recommended, because
1282 this won't allow the server to automatically restart when it is shut
1283 down).</p>
1284 <p><tt>-f</tt> - Defragment all the databases upon startup. &nbsp; This
1285 currently has no effect, as it is a vestige from the old data store.</p>
1286 <p>The preferred method of starting the Citadel server is to place an
1287 entry in your /etc/inittab file. This will conveniently bring the
1288 server up when your system is up, and terminate it gracefully when your
1289 system is shutting down. The exact syntax for your system may vary, but
1290 here's an entry that could be used on a Linux system:</p>
1291 <pre>cit:2345:respawn:/usr/local/citadel/citserver -h/usr/local/citadel -t/dev/tty9 -x6<br></pre>
1292 <p>In this example, we've chosen debugging level 6, and have the trace
1293 stuff output to one of the virtual consoles. It's important to remember
1294 to turn off any getty that is set up on that virtual console, if you do
1295 this. After making this change, the command <tt>init q</tt> works on
1296 most systems to tell init to re-read the file. If in doubt, just reboot
1297 the computer.<br>
1298 <br>
1299 </p>
1300 <h3><a name="first_time_login"></a>Logging in for the
1301 first time</h3>
1302 <p>At this point, your system is ready to run. Run the <tt>citadel</tt>
1303 program from the shell and log in as a new user. NOTE: the first user
1304 account to be created will automatically be set to access level 6
1305 (Aide). This overcomes some obvious logistical problems - normally,
1306 Aide access is given by another Aide, but since there aren't any on
1307 your system yet, this isn't possible.<br>
1308 <br>
1309 </p>
1310 <h3><a name="Welcoming_new_users"></a>Welcoming new users</h3>
1311 <p>Sometimes you might decide that you want a welcome message (or
1312 several different messages) automatically mailed to new users upon
1313 their first login. Now there is a way to do this. If you create a room
1314 called <tt>New User Greetings</tt>, and it is a <i>private</i> room
1315 (invitation-only probably makes the most sense), any messages you enter
1316 into that room will automatically be delivered to all new users upon
1317 registration.</p>
1318 <p>You can put anything you want there: a welcome message, system
1319 policies, special information, etc. You can also put as many messages
1320 there as you want to (although it really doesn't make sense to clutter
1321 new users' mailboxes with lots of junk).</p>
1322 <p>Don't worry about wasting disk space, either. Citadel has a
1323 single-instance message store, so all the new users are actually
1324 looking at the same copy of the message on disk.<br>
1325 <br>
1326 </p>
1327 <h3><a name="adding_doors"></a>Space for adding
1328 your own
1329 client features (doors)</h3>
1330 <p><b>Please take note!</b> This function really represents the "old"
1331 way of doing things, and it doesn't fit in well with the client/server
1332 paradigm. Please consider it "deprecated" because it may be removed
1333 someday.</p>
1334 <p>The "doorway" feature is just a generic way to add features to the
1335 system. It is called "Doorway" to make it resemble the doors on
1336 non-Unix boards, but as we all know, us Unix types don't have to write
1337 special code to access the modem. :-) Anyway, when a user hits the <tt><b>*</b></tt>
1338 (doorway) command, Citadel does...</p>
1339 <pre>USERNAME=(username); export USERNAME<br>./subsystem (user-number) (screen-width) (access level)<br></pre>
1340 <p>...so you can put whatever you want in there. I suggest putting in a
1341 menu
1342 program to allow the users to pick one of a number of programs, etc. Do
1343 be aware that door programs will only be available when the client and
1344 server
1345 programs are running on the <i>same</i> computer, and when the user is
1346 running
1347 the text-mode client. Because of these restrictions, Door programs are
1348 being
1349 utilized less and less every day.<br>
1350 <br>
1351 </p>
1352 <h3><a name="Troubleshooting_and_getting_help"></a>Troubleshooting and
1353 getting help</h3>
1354 <p>That's just about all the information you need to install the
1355 system. But if you get stuck, you can visit <a
1356 href="http://uncensored.citadel.org">UNCENSORED! BBS</a> and report a
1357 problem or ask for help. But if you intend to report a problem getting
1358 the Citadel server to run, <i>please</i> double-check the following
1359 things first: </p>
1360 <ul>
1361 <li>Did you do <tt>./configure &amp;&amp; make &amp;&amp; make
1362 install</tt> ?? </li>
1363 <li>Did you run setup? </li>
1364 <li>Did you start the server? </li>
1365 </ul>
1366 <p>To report a problem, you can log on to <a
1367 href="http://uncensored.citadel.org">UNCENSORED!</a> or any other BBS
1368 on the Citadel network which carries the <tt>Citadel/UX&gt;</tt> room.
1369 Please DO NOT e-mail the developers directly. Post a request for help
1370 on the BBS, with all of the following information: </p>
1371 <ul>
1372 <li>The exact nature of your difficulty </li>
1373 <li>A transcript of the error message(s) if possible </li>
1374 <li>The version of Citadel you are running </li>
1375 <li>The version of Berkeley DB present on your system </li>
1376 <li>Which operating system you are running, and what version </li>
1377 <li>If you are running a Linux system, we need to know which
1378 distribution, and the version of the kernel, libc, and pthreads you
1379 are using (it would help to post the output of a <tt>ldd ./citserver</tt>
1380 command). </li>
1381 </ul>
1382 </div>
1383 <div align="center">
1384 <hr size="2" width="100%">
1385 <h2><a name="sysop"></a>System Administration</h2>
1386 </div>
1387 <div align="justify">
1388 <h3><a name="Overview_"></a>Overview</h3>
1389 <p>Citadel, when installed properly, will do most of its maintenance
1390 by itself. It is intended to be run unattended for extended periods of
1391 time, and most installations do just that without any software failures.</p>
1392 <p>The system has seven access levels. Most users are at the bottom and
1393 have
1394 no special privileges. Aides are selected people who have special
1395 access within
1396 the Citadel program. Room Aides only have this access in a certain
1397 room. Preferred users can be selected by Aides for access to preferred
1398 only rooms. A sysop is anyone who has access to the various sysop
1399 utilities - these
1400 are in their own executable files, which should have their permissions
1402 to allow only sysops to run them. You should either create a sysops
1403 group
1404 in /etc/group, or use some other existing group for this purpose.</p>
1405 <p>Aides have access to EVERY room on the system, public and private
1406 (all types). They also have access to commands starting with <tt>.<b>A</b>ide</tt>
1407 in addition to being able to delete and move messages. The system room,
1408 <tt>Aide&gt;</tt>, is accessible only by those users designated as
1409 Aides.</p>
1410 <h3><a name="Aide_commands"></a>Aide commands</h3>
1411 <p>Aides have the following commands available to them that are not
1412 available to normal users. They are:</p>
1413 <table>
1414 <tbody>
1415 <tr>
1416 <td width="30%"><tt> .<b>A</b>ide <b>K</b>ill this room </tt></td>
1417 <td> Deletes the current room from the system. </td>
1418 </tr>
1419 <tr>
1420 <td width="30%"><tt> .<b>A</b>ide <b>E</b>dit this room </tt></td>
1421 <td> Allows editing of the properties of the current room. This
1422 is explained in greater detail below. </td>
1423 </tr>
1424 <tr>
1425 <td width="30%"><tt> .<b>A</b>ide <b>W</b>ho knows room </tt></td>
1426 <td> For private rooms with access controls, or mailbox rooms,
1427 this command displays a list of users who have access to the current
1428 room. </td>
1429 </tr>
1430 <tr>
1431 <td width="30%"><tt> .<b>A</b>ide edit <b>U</b>ser </tt></td>
1432 <td> Allows editing of the properties of any user account
1433 on the system. </td>
1434 </tr>
1435 <tr>
1436 <td width="30%"><tt> .<b>A</b>ide <b>V</b>alidate new users </tt></td>
1437 <td> For public access systems, this command reviews all new user
1438 registrations and allows you to set each new user's access level (or
1439 simply delete the accounts). </td>
1440 </tr>
1441 <tr>
1442 <td width="30%"><tt> .<b>A</b>ide enter <b>I</b>nfo file </tt></td>
1443 <td> Each room may contain a short textual description of
1444 its purpose, which is displayed to users upon entering the room for the
1445 first time (or in the room banner, for users of the Web client). This
1446 command allows you to enter or edit that description. </td>
1447 </tr>
1448 <tr>
1449 <td width="30%"><tt> .<b>A</b>ide <b>R</b>oom <b>I</b>nvite
1450 user </tt></td>
1451 <td> Access control command to grant any specific user access to
1452 a private room. </td>
1453 </tr>
1454 <tr>
1455 <td width="30%"><tt> .<b>A</b>ide <b>R</b>oom <b>K</b>ick
1456 out user </tt></td>
1457 <td> Access control command to revoke any specifc user's access
1458 to the current room. This works regardless of whether the room is
1459 public or private. </td>
1460 </tr>
1461 <tr>
1462 <td width="30%"><tt> .<b>A</b>ide <b>F</b>ile <b>D</b>elete </tt></td>
1463 <td> If the current room has an associated file directory, this
1464 command may be used to delete files from it. </td>
1465 </tr>
1466 <tr>
1467 <td width="30%"><tt> .<b>A</b>ide <b>F</b>ile <b>S</b>end
1468 over net </tt></td>
1469 <td> If the current room has an associated file directory, this
1470 command may be used to transmit a copy of any file in that directory to
1471 another node on a Citadel network. </td>
1472 </tr>
1473 <tr>
1474 <td width="30%"><tt> .<b>A</b>ide <b>F</b>ile <b>M</b>ove </tt></td>
1475 <td> If the current room has an associated file directory, this
1476 command may be used to move any file in that directory to another room.
1477 The target room must also have an associated file directory. </td>
1478 </tr>
1479 <tr>
1480 <td width="30%"><tt> .<b>A</b>ide <b>M</b>essage edit </tt></td>
1481 <td> This command allows editing of any of the various system
1482 banners and messages which are displayed to users. Type the name of
1483 the banner or message you wish to edit. </td>
1484 </tr>
1485 <tr>
1486 <td width="30%"><tt> .<b>A</b>ide <b>P</b>ost </tt></td>
1487 <td> This is the functional equivalent of the <tt><b>E</b>nter
1488 message</tt> command available to all users, except that it allows you
1489 to post using any user name. </td>
1490 </tr>
1491 <tr>
1492 <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration <b>G</b>eneral
1493 </tt></td>
1494 <td> This command allows configuration of a large number of
1495 global settings for your Citadel system. These settings will be
1496 explained in greater detail below. </td>
1497 </tr>
1498 <tr>
1499 <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration <b>I</b>nternet
1500 </tt></td>
1501 <td> This command allows configuration of settings which affect
1502 how your Citadel system sends and receives messages on the Internet. </td>
1503 </tr>
1504 <tr>
1505 <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration
1506 check <b>M</b>essage base </tt></td>
1507 <td> Perform a consistency check on your message store. This is a
1508 very time-consuming operation which should not be performed unless you
1509 have reason to believe there is trouble with your database. </td>
1510 </tr>
1511 <tr>
1512 <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration <b>N</b>etwork
1513 </tt></td>
1514 <td> Configure networking (e-mail, room sharing, etc.) with other
1515 Citadel nodes. </td>
1516 </tr>
1517 <tr>
1518 <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration
1519 network <b>F</b>ilter list </tt></td>
1520 <td> If you are on a large public or semi-public network of
1521 Citadel nodes and you find content from certain systems or individuals
1522 objectionable, you can use this command to define a rule set to
1523 automatically reject those messages when they arrive on your system. </td>
1524 </tr>
1525 <tr>
1526 <td width="30%"><tt> .<b>A</b>ide <b>T</b>erminate server <b>N</b>ow
1527 </tt></td>
1528 <td> Immediately shut down the Citadel service, disconnecting any
1529 users who are logged in. Please keep in mind that it will start
1530 right back up again if you are running the service from <tt>/etc/inittab</tt>,
1531 so in practice this command will probably not get much use. </td>
1532 </tr>
1533 <tr>
1534 <td width="30%"><tt> .<b>A</b>ide <b>T</b>erminate server <b>S</b>cheduled
1535 </tt></td>
1536 <td> Shut down the Citadel service the next time there are zero
1537 users connected. This allows you to automatically wait until all users
1538 are logged out. </td>
1539 </tr>
1540 <tr>
1541 <td width="30%"><tt> .<b>A</b>ide mailing <b>L</b>ist recipients
1542 </tt></td>
1543 <td> Any room may be made into a mailing list. Enter this command
1544 to open an editor window containing the list of Internet e-mail
1545 addresses to which every message posted in the room will be sent. </td>
1546 </tr>
1547 <tr>
1548 <td width="30%"><tt> .<b>A</b>ide mailing list <b>D</b>igest
1549 recipients </tt></td>
1550 <td> Similar to the regular mailing list command, except the
1551 messages will be sent out in 'digest' form -- recipients will see
1552 messages from the address of the room itself rather than the address of
1553 the author of each message, and a digest may contain more than one
1554 message. Each room may have any combination of List and Digest
1555 recipients. </td>
1556 </tr>
1557 <tr>
1558 <td width="30%"><tt> .<b>A</b>ide <b>N</b>etwork room sharing </tt></td>
1559 <td> Configures the sharing of the current room's contents with
1560 other Citadel nodes. Messages posted in this room on any Citadel system
1561 will automatically be replicated to other Citadel systems carrying the
1562 room. </td>
1563 </tr>
1564 </tbody>
1565 </table>
1566 <br>
1567 <br>
1568 <h3><a name="Editing_rooms"></a>Editing rooms</h3>
1569 <p>This command allows any aide to change the parameters of a room. Go
1570 to the room you wish to edit and enter the <tt><b>.A</b>ide <b>E</b>dit
1571 room</tt> command. A series of prompts will be displayed. The existing
1572 parameters will be displayed in brackets; simply press return if you
1573 want
1574 to leave any or all of them unchanged.</p>
1575 <pre> <br>Room name [IG's Fun Room]:<br></pre>
1576 <p>...the name of the room.</p>
1577 <pre>Private room [Yes]? <br></pre>
1578 <p>...enter Yes if you wish to restrict access to the room, or no if
1579 the room
1580 is to be accessible by all users. Note that Citadel doesn't bother
1581 users
1582 about access to rooms every time they need to access the room. Once a
1583 user
1584 gains access to a private room, it then behaves like a public room to
1585 them.
1586 The following four questions will only be asked if you selected
1587 Private...</p>
1588 <pre>Accessible by guessing room name [No]?<br></pre>
1589 <p>...if you enter Yes, the room will not show up in users' <tt><b>K</b>nown
1590 rooms</tt> listing, but if they <tt><b>.G</b>oto</tt> the room (typing
1591 the room's full name), they will gain access to the room.</p>
1592 <pre>Accessible by entering a password [No]?<br>Room password [mypasswd]: <br></pre>
1593 <p>...this adds an additional layer of security to the room, prompting
1594 users for a password before they can gain access to the room.</p>
1595 <p>If you did not select guessname or passworded, then the only way
1596 users can access the room is if an Aide explicitly invites them to the
1597 room using the <tt><b>.A</b>ide <b>R</b>oom <b>I</b>nvite user</tt>
1598 command.</p>
1599 <pre>Cause current users to forget room [No] ? No<br></pre>
1600 <p>Enter Yes if you wish to kick out anyone who currently has access to
1601 the room.</p>
1602 <pre>Preferred users only [No]? No<br></pre>
1603 <p>Enter Yes if you wish to restrict the room to only users who have
1604 level 5 (Preferred User) status (and Aides too, of course). You should
1605 make the room public if you intend to do this, otherwise the two
1606 restrictions will be COMBINED.</p>
1607 <pre>Read-only room [No]? No<br></pre>
1608 <p>If you set a room to Read-Only, then normal users will not be
1609 allowed to
1610 post messages in it. Messages may only be posted by Aides, and by
1611 utility programs such as the networker and the "aidepost" utility. This
1613 useful in situations where a room is used exclusively for important
1614 announcements, or if you've set up a room to receive an Internet
1615 mailing
1616 list and posting wouldn't make sense. Other uses will, of course,
1617 become
1618 apparent as the need arises.</p>
1619 <p>Now for a few other attributes...</p>
1620 <pre>Directory room [Yes]? Yes<br></pre>
1621 <p>...enter Yes if you wish to associate a directory with this room.
1622 This can be used as a small file repository for files relevant to the
1623 topic of the room. If you enter Yes, you will also be prompted with the
1624 following four questions:</p>
1625 <pre>Directory name [mydirname]: <br></pre>
1626 <p>...the name of the subdirectory to put this room's files in. The
1627 name of the directory created will be <tt><i>&lt;your Citadel
1628 directory&gt;</i>/files/<i>&lt;room dir name&gt;</i></tt>.</p>
1629 <pre>Uploading allowed [Yes]? Yes<br></pre>
1630 <p>...enter Yes if users are allowed to upload to this room.</p>
1631 <pre>Downloading allowed [Yes]? Yes<br></pre>
1632 <p>...enter Yes if users are allowed to download from this room.</p>
1633 <pre>Visible directory [Yes]? Yes<br></pre>
1634 <p>...enter Yes if users can read the directory of this room.</p>
1635 <pre>Network shared room [No]? No<br></pre>
1636 <p>...you can share a room over a network without setting this flag,
1638 vice versa, but what this flag does is twofold: </p>
1639 <ul>
1640 <li>It prevents people with no network access from entering messages
1641 here </li>
1642 <li>Messages are displayed with the name of their originating
1643 system in the header. </li>
1644 </ul>
1645 <pre>Permanent room [No]? No<br></pre>
1646 <p>Citadel contains an 'auto purger' which is capable of removing rooms
1647 which have not been posted in for a pre-defined period of time (by
1648 default
1649 this is set to two weeks). If you wish to keep this from happening to
1650 a particular room, you can set this option. (Keep in mind that <tt>Lobby&gt;</tt>,
1651 <tt>Aide&gt;</tt>, any private mailbox rooms, any network shared rooms,
1652 and any rooms with a file directory are automatically permanent.)</p>
1653 <pre>Anonymous messages [No]? No<br>Ask users whether to make messages anonymous [No]? No<br></pre>
1654 <p>...you can have rooms in which all messages are automatically
1655 anonymous, and you can have rooms in which users are prompted whether
1656 to make a
1657 message anonymous when they enter it. The real identity of the author
1658 of each message is still revealed to the Room Aide for this room, as
1659 well
1660 as any system-wide Aides.</p>
1661 <pre>Room aide [Joe Responsible]: <br></pre>
1662 <p>...on larger systems, it helps to designate a person to be
1663 responsible for a room. Room Aides have access to a restricted set of
1664 Aide commands, ONLY when they are in the room in which they have this
1665 privilege. They can edit the room, delete the room, delete and move
1666 messages, and invite or kick out users (if it is a private room), but
1667 they cannot perform aide commands that are not room-related (such as
1668 changing users access levels).</p>
1669 <pre>Listing order [64]: <br></pre>
1670 <p>This is just a simple way to try to control the order rooms are
1671 listed in when users call up a <tt><b>K</b>nown Rooms</tt> listing.
1672 Rooms with a lower listing order are displayed prior to rooms with a
1673 higher listing order. It has no other effect. For users who list rooms
1674 in floor order, the display will sort first by floor, then by listing
1675 order.</p>
1676 <pre>Message expire policy (? for list) [0]:<br></pre>
1677 <p>This provides you with the opportunity to select how long each
1678 message will remain in a room before automatically being deleted. Press
1679 <tt><b>?</b></tt> for a list of options. You can choose to keep
1680 messages around forever (or until they are manually deleted), until
1681 they become a certain number of days old, or until a certain number of
1682 additional messages are posted in the room, at which time the oldest
1683 ones will scroll out.</p>
1684 <p>When a new Citadel system is first installed, the default
1685 system-wide
1686 expire policy is set to 'manual' -- no automatic purging of messages
1687 takes place anywhere. For public message boards, you will probably want
1688 to set some sort of automatic expire policy, in order to prevent your
1689 message base from growing forever.</p>
1690 <p>You will notice that you can also fall back to the default expire
1691 policy for the floor upon which the room resides. This is the default
1692 setting. You can change the floor's default with the <tt><b>;A</b>ide <b>E</b>dit
1693 floor</tt> command. The default setting for the floor default, in turn,
1694 is the system default setting, which can be changed using the <tt><b>.A</b>ide
1695 <b>S</b>ystem configuration <b>G</b>eneral</tt> command.</p>
1696 <pre>Save changes (y/n)? Yes<br></pre>
1697 <p>...this gives you an opportunity to back out, if you feel you really
1698 messed things up while editing.<br>
1699 <br>
1700 </p>
1701 <h3><a name="File_directories"></a>File directories</h3>
1702 <p>If you have created any directory rooms, you can attach file
1703 descriptions to the filenames through a special file called <tt>filedir</tt>.
1704 Each line contains the name of a file in the directory, followed by a
1705 space and then a description of the file, such as:</p>
1706 <pre>myfile.txt This is a description of my file.<br>phluff A phile phull of phluff!<br></pre>
1707 <p>...this would create file descriptions for the files <tt>myfile.txt</tt>
1708 and <tt>phluff</tt> which would be displayed along with the directory.
1709 It should also be noted that when users upload files to your system,
1710 they will be prompted for file descriptions, which will be added to the
1711 <tt>filedir</tt> file. If one does not exist, it will be created.<br>
1712 <br>
1713 </p>
1714 <h3><a name="Creating_and_editing_user_accounts"></a>Creating and
1715 editing user accounts</h3>
1716 <p>Anyone with Aide level access may use the <tt><b>.A</b>ide edit <b>U</b>ser</tt>
1717 command to create and/or edit user accounts. There are several
1718 parameters which can be set here.</p>
1719 <p>To create a user:</p>
1720 <pre>Lobby&gt; . Aide edit User <br>User name: New User Name<br>No such user.<br>Do you want to create this user? Yes<br></pre>
1721 <p>At this point, the new user account has been created, and the
1722 command will
1723 continue as if you were editing an existing account. Therefore the
1724 remainder
1725 of this procedure is the same for creating and editing:</p>
1726 <pre>Lobby&gt; . Aide edit User <br>User name: person of significance<br>User #70 - Person of Significance PW: <br><br>,<br><br>Current access level: 4 (Network User)<br></pre>
1727 <p>The blank lines are the user's 'registration' information --
1728 personal
1729 information such as full name, address, telephone number, etc. This
1730 information
1731 will comprise the user's vCard in both their user profile and in the
1732 Global
1733 Address Book.</p>
1734 <pre>Change password [No]: No<br></pre>
1735 <p>...answer Yes to set or change the password for this account.</p>
1736 <pre>Access level [4]: <br></pre>
1737 <p>...this allows you to set or change the access level for this
1738 account. The access levels available are as follows: </p>
1739 <ul>
1740 <li>0 - Deleted. (This immediately deletes the account.) </li>
1741 <li>1 - New, unvalidated user </li>
1742 <li>2 - Problem user (severely restricts account - use for
1743 probationary access) </li>
1744 <li>3 - User with no network privileges. Same access as a normal user
1745 except cannot post messages in rooms shared on a network. </li>
1746 <li>4 - Normal user </li>
1747 <li>5 - Preferred user (access is granted to privileged rooms) </li>
1748 <li>6 - Aide (administrative access to the whole system) </li>
1749 </ul>
1750 <pre>Permission to send/receive Internet mail [ No]? No<br></pre>
1751 <p>If your system is configured to only allow Internet mail privileges
1752 to certain users, this is where you can grant or revoke that privilege.</p>
1753 <pre>Ask user to register again [Yes]: Yes<br></pre>
1754 <p>If you answer Yes to this question, the user will be presented with
1756 'registration' screen or set of prompts, the next time they log in
1757 using
1758 a Citadel client. This will prompt them for their full name, address,
1759 telephone
1760 number, etc.</p>
1761 <pre>Times called [0]: <br>Messages posted [0]: <br></pre>
1762 <p>These statistics are available for informational purposes only, so
1763 there is normally no need to change them.</p>
1764 <pre>Set last call to now [No]: No<br>Purge time (in days, 0 for system default [0]: <br></pre>
1765 <p>Citadel contains an auto-purger which is capable of automatically
1766 deleting accounts which have not been accessed in a predefined period
1767 of time. If you choose to perform this operation, you can 'touch' the
1768 account
1769 of a wayward user by setting their 'last call' time to 'now'. You can
1770 also adjust, on a per-user basis, the amount of time which must pass
1771 before
1772 their account is purged by the system. This time is set in days. You
1773 can also specify 0 days to indicate that you wish to use the system
1774 default
1775 setting.<br>
1776 <br>
1777 </p>
1778 <h3><a name="Deleting_and_moving_messages"></a>Deleting and moving
1779 messages</h3>
1780 <p>Aides and Room Aides have the ability to delete and move messages.
1781 After each message, the normal prompt appears:</p>
1782 <pre>(8) &lt;B&gt;ack &lt;A&gt;gain &lt;Q&gt;uote &lt;R&gt;eply &lt;N&gt;ext &lt;S&gt;top m&lt;Y&gt; next &lt;?&gt;help -&gt;<br></pre>
1783 <p>Entering <tt><b>D</b>elete</tt> will delete the message. A <tt>(y/n)</tt>
1784 prompt will appear to confirm that you really want to delete the
1785 message. Entering <tt><b>M</b>ove</tt> will prompt for a room to which
1786 the message should be moved.<br>
1787 <br>
1788 </p>
1789 <h3><a name="Customizing_the_help_files"></a>Customizing the help files</h3>
1790 <p>The subdirectory called <tt>help</tt> contains your system's help
1791 files. There's nothing hard-coded into the system that dictates what
1792 files
1793 should be there. Whenever a user types the command <tt><b>.H</b>elp</tt>
1794 followed by the name of a help file, it displays the contents of that
1795 help file.</p>
1796 <p>The help files that come with the system, of course, are enough to
1797 guide a user through its operation. But you can add, change, or remove
1798 help files to suit whatever is appropriate for your system.</p>
1799 <p>There are several strings that you can put in help files that will
1800 be automatically
1801 substituted with other strings. They are:</p>
1802 <pre> <br> ^nodename = The node name of your system on a Citadel network<br> ^humannode = Human-readable node name (also your node name on C86Net)<br> ^fqdn = Your system's fully-qualified domain name<br> ^username = The name of the user reading the help file<br> ^usernum = The user number of the user reading the help file<br> ^sysadm = The name of the system administraor (i.e., you)<br> ^variantname = The name of the software you're running<br> ^bbsdir = The directory on the host system in which you have<br> installed the Citadel system.<br></pre>
1803 <p>So, for example, you could create a help file which looked like:</p>
1804 <pre> "Lots of help, of course, is available right here on ^humannode. Of<br>course, if you still have trouble, you could always bug ^sysadm about it!"<br><br></pre>
1805 <h3><a name="Site_configuration"></a>Site configuration</h3>
1806 <p>Once your Citadel server is up and running, the first thing you'll
1807 want to do is customize and tune it. This can be done from the
1808 text-based client with the <tt><b>.A</b>ide <b>S</b>ystem
1809 configuration <b>G</b>eneral</tt> command, or from WebCit (if you have
1810 it installed) by clicking 'Advanced Options' followed by 'Edit
1811 site-wide configuration.' Either method will offer the same
1812 configuration options. This document shows the text mode client being
1813 used.</p>
1814 <p>The first set of options deal with the identification of your system.</p>
1815 <pre>Lobby&gt; . Aide System configuration General<br>Node name [uncnsrd]: <br>Fully qualified domain name [uncensored.citadel.org]: <br>Human readable node name [Uncensored]: <br>Modem dialup number [US 914 999 9999]: <br>Geographic location of this system [Mount Kisco, NY]: <br>Name of system administrator [IGnatius T Foobar]: <br>Paginator prompt [<jinkies
1816 !="" more="" text="" on="" the="" next="" screen="">]: <br></jinkies></pre>
1817 <p>'Node name' refers to the short, unqualified node name by which your
1818 system is known on a Citadel network. Generally it will be the same as
1819 the unqualified host name of your computer; this is, in fact, the
1820 default setting.</p>
1821 <p>Then enter the fully-qualified domain name (FQDN) of your system. If
1823 are not on the Internet, you can simply set it to the same as your
1824 unqualified host name. Otherwise you should set this value to the host
1825 name by which your system is most commonly known.</p>
1826 <p>The field called 'Human-readable node name' (also known as the 'node
1827 title' or 'organization name' in other software) is used solely for
1828 display purposes. Set it to the actual name of your system as you want
1829 it to appear in
1830 banners, messages, etc.</p>
1831 <p>If you have a modem or bank of modems answering data calls for your
1832 system, enter it in the field marked 'Modem dialup number.' Otherwise
1833 you may leave it blank.</p>
1834 <p>'Geographic location of this system' is another display field. Enter
1835 a city and state, or city and country. </p>
1836 <p>'Name of system administrator' is important! Any user who logs on
1837 with the name you enter here will automatically be granted Aide
1838 privileges. This is one of two ways for the system administrator to
1839 grant himself/herself Aide access to the system when initially setting
1840 it up. (The other is simply to have the first account created on a new
1841 installation.)</p>
1842 <p>The next set of options are your system's security settings. Before
1843 delving into the actual options, we should review the various access
1844 levels available on the system. Citadel has seven access levels:</p>
1845 <ul>
1846 <li>0 (Deleted). A user whose access level is set to 0 will
1847 automatically be deleted by the system. </li>
1848 <li>1 (New User). Users at this level may only read messages.
1849 Entering messages is prohibited, except in the <tt>Mail&gt;</tt> room,
1850 where a message to 'sysop' may be entered. </li>
1851 <li>2 (Problem User). Also known as 'Twit.' </li>
1852 <li>3 (Local User). May enter messages, except in rooms shared on a
1853 Citadel network. </li>
1854 <li>4 (Network User). May enter messages in every accessible
1855 room. </li>
1856 <li>5 (Preferred User). Use of this level is up to the whim of the
1857 system administrator. </li>
1858 <li>6 (Aide). Access is granted to the administrative functions of
1859 the system. (This access level may also be granted to a user only for a
1860 specific room, please see 'Room Aide' for more information.) </li>
1861 </ul>
1862 <pre>Require registration for new users [No]: No<br>Disable self-service user account creation [No]: No<br>Initial access level for new users [4]:<br>Access level required to create rooms [4]: <br>Automatically give room aide privs to a user who creates a private room [No]: No<br><br>Automatically move problem user messages to twit room [Yes]: Yes<br>Name of twit room [Trashcan]: <br>Restrict Internet mail to only those with that privilege [No]: No<br>Allow Aides to Zap (forget) rooms [Yes]: Yes<br>Log all pages [No]: No<br></pre>
1863 <p>'Registration' refers to the process of a user entering various
1864 personal contact information (real name, address, telephone number,
1865 etc.) into the system. When enabled, this information is stored as a
1866 vCard object on the system in two places: the user's <tt>My Citadel
1867 Config&gt;</tt>
1868 room, and in the <tt>Global Address Book&gt;</tt> room. (Note: the
1869 latter
1870 should be made private on publicly-accessible systems, for obvious
1871 reasons.)</p>
1872 <p>If you answer Yes to 'Require registration for new users' then each
1873 new user, upon creating a new account, will immediately be entered into
1874 the registration process. On the other hand, if you answer Yes to
1875 'Disable self-service user account creation' then new users will not be
1876 able to
1877 log in at all -- all accounts must be created by an Aide.</p>
1878 <p>'Initial access level for new users' should be set to 1 (New User)
1879 if you would like to review each new user's registration info before
1880 granting them higher access. This would be done periodically with the <tt><b>.A</b>ide
1881 <b>V</b>alidate new users</tt> command. If you do not require
1882 registration, you should set the initial access level to 4 (Network
1883 User).</p>
1884 <p>Given the above options, it then becomes clear that there are
1885 generally two ways you can set up your Citadel system, depending on its
1886 purpose:</p>
1887 <ul>
1888 <li><b>A public access BBS or message board</b> - since you do
1889 not know who might want to log in, self-service account creation needs
1891 stay enabled. If you want to be strict about users identifying
1892 themselves,
1893 then you should also require users to register (just remember to post a
1894 privacy policy if you're going to collect personal information) -- then
1896 the initial access level to 1 (New User), so new users cannot post
1897 messages
1898 until after you've validated them. For a more lax environment, you can
1899 remove the registration requirement and grant new accounts level 4
1900 (Normal
1901 User) access on the first visit. </li>
1902 <li><b>A private email/groupware system for your organization</b> -
1903 in this case, disable self-service account creation; you don't want
1904 strangers welcoming themselves to your system. You'll probably also
1905 want
1906 to disable registration, because you or some other site administrator
1907 will be entering users' contact info when you create their accounts.
1908 Since this is also how you assign their Internet e-mail addresses, it's
1909 probably a good idea to do it yourself instead of expecting them to do
1910 it. </li>
1911 </ul>
1912 <p>'Access level required to create rooms' is up to you. You might wish
1914 restrict the creation of new rooms only to Aides, or you might wish to
1915 allow
1916 anyone to create a room. The latter is one of the Citadel culture's
1917 most
1918 long-standing traditions; the former may be appropriate if users are
1919 abusing
1920 this privilege.</p>
1921 <p>You have the ability to 'Automatically give room aide privs to a
1922 user who creates a private room.' If you answer Yes, then any user who
1923 creates a
1924 guess-name, passworded, or invitation-only room will automatically
1925 become the room aide, and will have access to a subset of the <tt><b>.A</b>ide</tt>
1926 command set while in that room. If you would rather grant this
1927 permission manually, answer No.</p>
1928 <p>Another tradition in the Citadel culture is to refrain from deleting
1929 problem users, but instead to 'twit' them (reduce their access level to
1931 [Problem User]). You can then 'Automatically move problem user messages
1932 to twit room' (answer Yes, then specify 'Name of twit room' and
1933 remember
1934 to create that room). If you employ this logic, any user with level 2
1935 (Problem
1936 User) access will continue to have access to the same set of rooms, but
1938 messages posted will automatically be routed to the Trashcan (or
1939 whatever
1940 you call your twit room).</p>
1941 <p>If you have Internet mail configured, you have the option of
1942 restricting its use on a user-by-user basis. If you wish to do this,
1943 answer Yes to 'Restrict Internet mail to only those with that
1944 privilege.' Obviously this makes no sense for an internal e-mail
1945 system, but for a public BBS it
1946 might be appropriate.</p>
1947 <p>Normally, Aides have access to every room, public or private.
1948 They are also forbidden from <tt><b>Z</b>ap</tt>ping
1949 rooms, because the review of content is considered one of their roles.
1950 If you wish to change these policies, the next two options allow you
1951 to. You may 'Allow Aides to Zap (forget) rooms', in which case they may
1952 use the <tt><b>Z</b>ap</tt> command just like any other user.
1953 Aides may also <tt><b>.G</b>oto</tt> any private mailbox belonging to
1955 user, using a special room name format.</p>
1956 <p>If your local security and/or privacy policy dictates that you keep
1958 log of all pages (instant messages) that go through the system, then
1959 answer
1960 Yes to 'Log all pages'. If you answer Yes, you will be prompted for the
1961 name of a room to which all pages will be logged. If you answer No,
1962 then
1963 only the sender and recipient of each individual message will receive a
1964 copy.</p>
1965 <p>The next set of options deals with the tuning of your system. It is
1966 usually safe to leave these untouched.</p>
1967 <pre>Server connection idle timeout (in seconds) [900]: <br>Maximum concurrent sessions [20]: <br>Maximum message length [10000000]: <br>Minimum number of worker threads [5]: <br>Maximum number of worker threads [256]: <br>Automatically delete committed database logs [Yes]:<br></pre>
1968 <p>The 'Server connection idle timeout' is for the connection between
1969 client and server software. It is <b>not</b> an idle timer for the
1970 user interface. 900 seconds (15 minutes) is the default and a sane
1971 setting.</p>
1972 <p>'Maximum concurrent sessions' is the highest number of user sessions
1973 you wish to allow on your system at any given time. Citadel can scale
1974 to hundreds of concurrent users, but if you have limited hardware or
1975 (more likely) limited bandwidth, you might wish to set a maximum. You
1976 can also set it to zero for no limit.</p>
1977 <p>'Maximum message length' is just that. This could be a good way to
1978 prevent enormous multimedia files from finding their way into your
1979 message base. This maximum is enforced in all protocols and is also
1980 advertised by the ESMTP service.</p>
1981 <p>The minimum and maximum number of worker threads can be tuned to
1982 your liking. Citadel will attempt to keep one worker thread running per
1983 session, within these constraints. You should be aware that due to the use of
1984 the worker thread model, Citadel can handle a large number of concurrent
1985 sessions with a much smaller thread pool. If you don't know the programming
1986 theory behind multithreaded servers, you should leave these parameters alone.<br>
1987 </p>
1988 <p>'Automatically delete committed database logs' is a <span
1989 style="font-style: italic;">crucial</span> setting which affects your
1990 system's disk utilization and backup recoverability.&nbsp; Please refer
1991 to the <a href="#Database_maintenance">database maintenance</a>
1992 section of this document to learn how the presence or absence of
1993 database logs affect your ability to reliably backup your Citadel
1994 system.<br>
1995 </p>
1996 <p>The next set of options affect how Citadel behaves on a network.</p>
1997 <pre>Server IP address (0.0.0.0 for 'any') [0.0.0.0]:<br>POP3 server port (-1 to disable) [110]:<br>POP3S server port (-1 to disable) [995]:<br>IMAP server port (-1 to disable) [143]:<br>IMAPS server port (-1 to disable) [993]:<br>SMTP MTA server port (-1 to disable) [25]:<br>SMTP MSA server port (-1 to disable) [587]:<br>SMTPS server port (-1 to disable) [465]:<br>Correct forged From: lines during authenticated SMTP [Yes]:<br>Allow unauthenticated SMTP clients to spoof my domains [No]: No<br>Instantly expunge deleted IMAP messages [No]: Yes<br></pre>
1998 <p>"Server IP address" refers to the IP address on <span
1999 style="font-style: italic;">your server</span> to which Citadel's
2000 protocol services should be bound.&nbsp; Normally you will leave this
2001 set to 0.0.0.0, which will cause Citadel to listen on all of your
2002 server's interfaces.&nbsp; However, if you are running multiple
2003 Citadels on a server with multiple IP addresses, this is where you
2004 would specify which one to bind this instance of Citadel to.</p>
2005 <p>Then you can specify TCP port numbers for the SMTP, POP3, and IMAP
2006 services. For a system being used primarily for Internet e-mail, these
2007 are essential, so you'll want to specify the standard port numbers: 25,
2008 110, and 143. If Citadel is running alongside some other mail system,
2009 though, then you might want to choose other, unused port numbers, or
2010 enter -1 for any protocol
2011 to disable it entirely.</p>
2012 <p>You'll also notice that you can specify two port numbers for SMTP:
2014 for MTA (Mail Transport Agent) and one for MSA (Mail Submission Agent).
2016 traditional ports to use for these purposes are 25 and 587. If you are
2017 running an external MTA, such as Postfix (which submits mail to Citadel
2018 using
2019 LMTP) or Sendmail (which submits mail to Citadel using the 'citmail'
2020 delivery agent), that external MTA will be running on port 25, and you
2021 should
2022 specify "-1" for the Citadel MTA port to disable it. The MSA port
2023 (again,
2024 usually 587) would be the port used by end-user mail client programs
2025 such as
2026 Aethera, Thunderbird, Eudora, or Outlook, to submit mail into the
2027 system.
2028 All connections to the MSA port <b>must</b> use Authenticated SMTP.<br>
2029 </p>
2030 <p>The protocols ending in "S" (POP3S, IMAPS, and SMTPS) are
2031 SSL-encrypted.&nbsp; Although all of these protocols support the
2032 STARTTLS command, older client software sometimes requires connecting
2033 to "always encrypted" server ports.&nbsp; Usually when you are looking
2034 at a client program that gives you a choice of "SSL or TLS," the SSL
2035 option will connect to one of these dedicated ports, while the TLS
2036 option will connect to the unencrypted port and then issue a STARTTLS
2037 command to begin encryption.&nbsp; (It is worth noting that this is <span
2038 style="font-style: italic;">not</span> the proper use of the acronyms
2039 SSL and TLS, but that's how they're usually used in many client
2040 programs.)<br>
2041 </p>
2042 <p>All of the default port numbers, including the encrypted ones, are
2043 the standard ones.<br>
2044 </p>
2045 <p>The question about correcting forged From: lines affects how Citadel
2046 behaves with authenticated SMTP clients. Citadel does not ever allow
2047 third-party SMTP relaying from unauthenticated clients -- any incoming
2048 messages must be
2049 addressed to a user on the system or somewhere in a Citadel network. To
2050 use Citadel with SMTP client software such as Netscape, Outlook,
2051 Eudora, or
2052 whatever, users must log in with a username and password. In order to
2053 prevent
2054 message forgeries, Citadel discards the <tt>From:</tt> line in any
2055 message
2056 entered by an authenticated user, and replaces it with a <tt>From:</tt>
2057 line
2058 containing the user's genuine name and e-mail address. Technically,
2059 this
2060 violates RFC822, because headers are never supposed to be altered, but
2061 common
2062 sense dictates that this is a good idea. Nevertheless, if you want to
2063 suppress
2064 this behavior, answer 'No' at the prompt (the default is 'Yes') and the
2065 headers
2066 will never be altered.</p>
2067 <p>&quot;Instant expunge&quot; affects what happens when IMAP users delete
2068 messages. As you may already know, messages are not <i>truly</i> deleted
2069 when an IMAP client sends a delete command; they are only <i>marked for
2070 deletion</i>. The IMAP client must also send an &quot;expunge&quot; command
2071 to actually delete the message. The Citadel server automatically expunges
2072 messages when the client logs out or selects a different folder, but if you
2073 select the Instant Expunge option, an expunge operation will automatically
2074 follow any delete operation (and the client will be notified, preventing any
2075 mailbox state problems). This is a good option to select, for example, if you
2076 have users who leave their IMAP client software open all the time and are
2077 wondering why their deleted messages show up again when they log in from a
2078 different location (such as WebCit).</p>
2079 <p>&quot;Allow spoofing&quot; refers to the security level applied to
2080 non-authenticated SMTP clients. Normally, when another host connects to
2081 Citadel via SMTP to deliver mail, Citadel will reject any attempt to send
2082 mail whose sender (From) address matches one of your host's own domains. This
2083 forces your legitimate users to authenticate properly, and prevents foreign
2084 hosts (such as spammers) from forging mail from your domains. If, however,
2085 this behavior is creating a problem for you, you can select this option to
2086 bypass this particular security check.<br>
2087 <span style="font-family: monospace;"><br>
2088 Connect this Citadel to an LDAP directory [No]: No</span><br>
2089 </p>
2090 <p>The LDAP configuration options are discussed elsewhere in this
2091 document.<br>
2092 </p>
2093 <p>The final set of options configures system-wide defaults for the
2094 auto-purger:</p>
2095 <pre>Default user purge time (days) [120]: <br>Default room purge time (days) [30]: <br>System default message expire policy (? for list) [0]: <br>Keep how many messages online? [150]:<br>Mailbox default message expire policy (? for list) [0]:<br>How often to run network jobs (in seconds) [1800]:<br>Enable full text search index (warning: resource intensive) [Yes]: Yes<br>Hour to run purges (0-23) [4]:<br>
2096 Perform journaling of email messages [No]:<br>Perform journaling of non-email messages [No]:<br>Email destination of journalized messages [example@example.com]:<br></pre>
2097 <p>Any user who does not log in for the period specified in 'Default
2098 user purge time' will be deleted the next time a purge is run. This
2099 setting may be modified on a per-user basis.</p>
2100 <p>'Default room purge time' behaves the same way, and may also be
2101 modified on a per-room basis.</p>
2102 <p>'System default message expire policy' defines the way in which old
2103 messages are expired (purged) off the system. You can specify any of:</p>
2104 <ul>
2105 <li>Purge by age (specify in days) </li>
2106 <li>Purge by message count in the room (specify number of messages) </li>
2107 <li>Do not purge at all </li>
2108 </ul>
2109 <p>Again, this setting may be overridden on a per-floor basis, and the
2110 floor setting may be overridden on a per-room basis. You'll also notice
2111 that you can set a <i>different</i> default for mailbox rooms if you
2112 want
2113 to. This can allow you, for example, to set a policy under which old
2114 messages scroll out of public rooms, but private mail stays online
2115 indefinitely
2116 until deleted by the mailbox owners.<br>
2117 </p>
2118 <p>"How often to run network jobs" refers to the sharing of content on
2120 Citadel network. If your system is on a Citadel network, this
2121 configuration
2122 item dictates how often the Citadel server will contact other Citadel
2123 servers to send and receive messages. In reality, this will happen more
2124 frequently than you specify, because other Citadel servers will be
2125 contacting yours at regular intervals as well.<br>
2126 </p>
2127 <p>"Hour to run purges" determines when expired and/or deleted objects
2128 are purged from the database.&nbsp; These purge operations are
2129 typically run overnight and automatically, sometime during whatever
2130 hour you specify.&nbsp; If your site is much busier at night than
2131 during the day, you may choose to have the auto-purger run during the
2132 day.</p>
2133 <p>"Enable full text search index," if enabled, instructs the server to
2134 build and maintain a searchable index of all messages on the
2135 system.&nbsp; This is a time and resource intensive process -- it could
2136 take days to build the index if you enable it on a large
2137 database.&nbsp; It is also fairly memory intensive; we do not recommend
2138 that you enable the index unless your host system has at least 512 MB
2139 of memory.&nbsp; Once enabled, however, it will be updated
2140 incrementally
2141 and will not have any noticeable impact on the interactive response
2142 time of your system.&nbsp; The full text index is currently only
2143 searchable when using IMAP clients; other search facilities will be
2144 made available in the near future.</p>
2145 <p>The &quot;Perform journaling...&quot; options allow you to configure
2146 your Citadel server to send an extra copy of every message, along with
2147 recipient information if applicable, to the email address of your choice.
2148 The journaling destination address may be an account on the local Citadel
2149 server, an account on another Citadel server on your network, or an Internet
2150 email address. These options, used in conjunction with an archiving service,
2151 allow you to build an archive of all messages which flow through your Citadel
2152 system. This is typically used for regulatory compliance in industries which
2153 require such things. Please refer to the <a href="journaling.html">journaling
2154 guide</a> for more details on this subject.</p>
2155 <p><span style="font-family: monospace;">Save this configuration? No</span><br>
2156 </p>
2157 <p>When you're done, enter 'Yes' to confirm the changes, or 'No' to
2158 discard the changes.</p>
2159 </div>
2160 <hr size="2" width="100%">
2161 <h2 align="center"><a name="Configuring_Citadel_for_Internet_e-mail"></a>Configuring
2162 Citadel for Internet e-mail</h2>
2163 <div align="justify">
2164 <h3><a name="Introduction"></a>Introduction</h3>
2165 As you know by now, Citadel is a completely self-contained,
2166 full-featured Internet e-mail system. &nbsp;When you run Citadel you do
2167 not need any other mail software on your host system. &nbsp;This
2168 eliminates the need for tedious mucking about with sendmail, qmail,
2169 postfix, Cyrus, the UW IMAP
2170 server, or any of countless other needlessly complex programs that lead
2171 some people to the false assumption that Unix systems are difficult to
2172 administer.<br>
2173 <br>
2174 Some of the many features supported by Citadel are:<br>
2175 <ul>
2176 <li>Built-in SMTP and ESMTP service, for delivering and receiving
2177 e-mail on the Internet</li>
2178 <li>Built-in POP3 service, for remote fetching of messages</li>
2179 <li>Built-in IMAP service, for access to mail using any standard mail
2180 client program</li>
2181 <li>Web mail (implemented using the "WebCit" middleware, which is
2182 installed separately)</li>
2183 <li>Support for mailing lists, in both "individual message" and
2184 "digest" formats</li>
2185 <li>Multiple/virtual domain support</li>
2186 <li>Any user may have multiple Internet e-mail addresses, in multiple
2187 domains</li>
2188 <li>Global address book (Users with addresses in a domain may be
2189 spread out across many servers on a Citadel network)</li>
2190 <li>Easy-to-configure integration with <a
2191 href="http://www.spamassassin.org/">SpamAssassin</a> can block spam <i>before</i>
2192 it enters the mail system</li>
2193 <li>Easy-to-configure integration with most Realtime Blackhole
2194 Lists (RBL) provide further defense against spammers</li>
2195 </ul>
2196 This section of the documentation will demonstrate how to configure
2197 these features.<br>
2198 <br>
2199 <h3><a name="Basic_site_configuration"></a>Basic site configuration</h3>
2200 <p>Basic configuration of your Citadel system for Internet e-mail
2201 begins with
2202 the <tt><b>.A</b>ide <b>S</b>ystem configuration <b>I</b>nternet</tt>
2203 command:</p>
2204 <pre>Lobby&gt; <b>.A</b>ide <b>S</b>ystem configuration <b>I</b>nternet<br><br>### Host or domain Record type<br>--- -------------------------------------------------- --------------------<br> 1<br>&lt;A&gt;dd &lt;D&gt;elete &lt;S&gt;ave &lt;Q&gt;uit -&gt;<br></pre>
2205 <p>This is a "clean" setup. For a simple, standalone e-mail system you
2206 simply have to enter the <tt><b>A</b>dd</tt> command:</p>
2207 <pre>&lt;A&gt;dd &lt;D&gt;elete &lt;S&gt;ave &lt;Q&gt;uit -&gt; <b>A</b>dd<br><br>Enter host name: schmeep.splorph.com<br> (1) localhost (Alias for this computer)<br> (2) gateway domain (Domain for all Citadel systems)<br> (3) smart-host (Forward all outbound mail to this host)<br> (4) directory (Consult the Global Address Book)<br> (5) SpamAssassin (Address of SpamAssassin server)<br> (6) RBL (domain suffix of spam hunting RBL)<br><br>Which one [1]:<br></pre>
2208 <p><b>localhost:</b> Basically what you're doing here is telling
2209 Citadel
2210 what any aliases for your machine are. If your machine were <tt>schmeep.splorph.com</tt>
2211 and you also had a DNS entry set up for <tt>blah.com</tt>, you might
2212 want to enter '1' and enter <tt>blah.com</tt> as your alias, so that
2213 e-mail
2214 sent to that address won't bounce.</p>
2215 <p><i>Important tip:</i> if your system is known by one name and <i>only</i>
2216 one domain, you might not even need to do this at all. You will recall
2217 that you entered your system's fully qualified domain name earlier when
2218 you went through the <tt><b>.A</b>ide <b>S</b>ystem configuration <b>G</b>eneral</tt>
2219 command. The domain name you entered there is automatically considered
2220 by Citadel to be a 'localhost' entry in your Internet mail
2221 configuration. It does not hurt to enter it in both locations, though.</p>
2222 <p><b>gateway domain:</b> this is a simple way of mapping various
2223 Citadel hosts in an Internet domain. For example, if you enter <tt>bar.com</tt>
2224 as a gateway domain, then mail to users at <tt>foo.bar.com</tt> will
2225 be forwarded to the host called <tt>foo</tt> on a Citadel network,
2226 mail to users
2227 at <tt>kunst.bar.com</tt> will be delivered to the Citadel server
2228 called
2229 <tt>kunst</tt>, etc. This feature has limited usefulness; if you are
2230 operating
2231 a network of Citadel servers, it is more likely that you will use the
2232 'directory'
2233 feature, explained below.</p>
2234 <p><b>smart-host:</b> Normally, Citadel sends outbound Internet e-mail
2235 directly to its destination. This may not be appropriate for some
2236 sites; you may require (due to local convention, security policy, or
2237 whatever) that all outbound mail be sent to an SMTP relay or forwarder.
2238 To configure this
2239 functionality, simply enter the domain name or IP address of your relay
2240 as a 'smart-host' entry.</p>
2241 <p>If your relay server is running on a port other
2242 than the standard SMTP port 25, you can also specify the port number
2243 using &quot;host:port&quot; syntax; i.e. <tt>relay99.myisp.com:2525</tt></p>
2244 <p>Furthermore, if your relay server requires authentication, you can
2245 specify it using username:password@host or username:password@host:port
2246 syntax; i.e. <tt>jsmith:pass123@relay99.myisp.com:25</tt></p>
2247 <p><b>directory:</b> a domain for which you are participating in
2248 directory services across any number of Citadel nodes. For example, if
2249 users who have addresses in the domain <tt>citadel.org</tt> are spread
2250 out across multiple Citadel servers on your network, then enter <tt>citadel.org</tt>
2251 as a 'directory' entry. <i>For this to work, all Citadel servers
2252 participating in directory service <b>must</b> carry and share the <tt>Global
2253 Address Book&gt;</tt> room.</i></p>
2254 <p><b>spamassassin:</b> if you are running a <a
2255 href="http://www.spamassassin.org">SpamAssassin</a> service anywhere
2256 on your
2257 <b>local</b> network, enter its name or IP address as a 'spamassassin'
2258 entry. This may be (and, in fact, will usually be) <tt>127.0.0.1</tt>
2259 to specify
2260 that the service is running on the same host computer as the Citadel
2261 server.</p>
2262 <p>Please install SpamAssassin as per its own documentation. You will
2263 want to run SpamAssassin in client/server mode, where a <tt>spamd</tt>
2264 daemon is always running on your computer. Citadel does not utilize the
2265 <tt>spamc</tt> client; instead, it implements SpamAssassin's protocol
2266 on its own.</p>
2267 <p>Connecting to a SpamAssassin service across a wide area network is
2268 strongly discouraged. In order to determine whether an incoming e-mail
2269 is spam, Citadel must feed the <i>entire message</i> to the
2270 SpamAssassin service. Doing this over a wide area network would consume
2271 time and bandwidth,
2272 which would affect performance.</p>
2273 <p>Citadel invokes the SpamAssassin service when incoming messages are
2274 arriving via SMTP. Before a message is accepted, it is submitted to
2275 SpamAssassin. If SpamAssassin determines that the message is spam, the
2276 Citadel SMTP
2277 service <i>rejects the message,</i> causing a delivery failure on the
2278 sending
2279 host. This is superior to software which files away spam in a separate
2280 folder, because delivery failures will cause some spammers to assume
2282 address is invalid and remove it from their mailing lists.</p>
2283 <p><b>RBL:</b> Realtime Blackhole Lists (RBL's) provide defense against
2284 spammers based on their source IP address. There are many such lists
2285 available on the Internet, some of which may be utilized free of
2286 charge. Since they are DNS based, the lists do not require storage on
2287 your server -- they are queried during the SMTP conversation.</p>
2288 <p>Citadel can utilize any RBL that uses the <tt>z.y.x.w.nameoflist.org</tt>
2289 syntax, where <tt>w.x.y.z</tt> is the source IP address which is
2290 attempting to deliver mail to your server. For example, <a
2291 href="http://www.spamcop.net">SpamCop</a> would use the query <tt>2.0.0.127.bl.spamcop.net</tt>
2292 to determine whether the host at <tt>127.0.0.2</tt> is a known spammer
2293 or open relay. In this case, you simply select option '6' to add an RBL
2294 entry, and provide it with the domain suffix of <tt>bl.spamcop.net</tt>
2295 (the IP address
2296 and extra dot will be automatically prepended for each query).</p>
2297 <p>Now select <tt><b>S</b>ave</tt> and you are just about ready for
2298 Internet e-mail.</p>
2299 <h3><a name="Enabling_the_Internet_mail_protocols"></a>Enabling the
2300 Internet mail protocols</h3>
2301 <p>As previously mentioned, Citadel contains its own SMTP, POP3, and
2302 IMAP services. Enabling them is simple.</p>
2303 <p>Check for the existance of a current MTA (sendmail, qmail, etc.) by
2304 connecting to port 25 on your host. If you see something similar to the
2305 following
2306 you're running an MTA already and you'll need to shut it down:</p>
2307 <pre>smw @ pixel % telnet localhost 25<br>Trying 127.0.0.1...<br>Connected to localhost.<br>Escape character is '^]'.<br>220 pixel.citadel.org ESMTP Sendmail 8.9.3/8.9.3; Wed, 15 Mar 2000 19:00:53 -0500<br></pre>
2308 <p>In the above example, we see that the host already has Sendmail
2309 listening on port 25. Before Citadel can use port 25, Sendmail must be
2310 shut off. Please consult the documentation for your operating system
2311 for instructions on how to do this. (On a Red Hat Linux system, for
2312 example, you can run the <tt>ntsysv</tt> utility, un-checking <tt>sendmail</tt>
2313 to disable it at
2314 the next reboot; then, run <tt>service sendmail stop</tt> to shut off
2316 currently running service.)</p>
2317 <p>If you get a 'connection refused' message when you telnet to port 25
2318 there's nothing running and you should be able to continue. You might
2319 also want to turn off POP (try the above test substituting 110 for 25)
2320 and IMAP (port 143) and use Citadel's POP and IMAP services.</p>
2321 <p>Citadel will look for an existing pop/smtp server on startup. If
2322 they
2323 don't exist (and you've configured them properly) then Citadel should
2324 enable
2325 them at startup. You can check your logs to be sure, or you can start
2327 server from a shell and watch it load. It might look something like
2328 this:</p>
2329 <font size="-2"> </font>
2330 <pre><font size="-2">smw @ pixel % ./citserver<br><br>Multithreaded message server for Citadel<br>Copyright (C) 1987-2006 by the Citadel development team.<br>Citadel is open source, covered by the GNU General Public License, and<br>you are welcome to change it and/or distribute copies of it under certain<br>conditions. There is absolutely no warranty for this software. Please<br>read the 'COPYING.txt' file for details.<br><br>Loading citadel.config<br>Opening databases<br>This is GDBM version 1.8.0, as of May 19, 1999.<br>Checking floor reference counts<br>Creating base rooms (if necessary)<br>Registered a new service (TCP port 504)<br>Registered a new service (TCP port 0)<br>Initializing loadable modules<br>Registered server command CHAT (Begin real-time chat)<br>Registered server command PEXP (Poll for instant messages)<br>Registered server command GEXP (Get instant messages)<br>Registered server command SEXP (Send an instant message)<br>Registered server command DEXP (Disable instant messages)<br>Registered a new session function (type 0)<br>Registered a new x-msg function (priority 0)<br>Loaded module: $Id$<br>Registered a new session function (type 1)<br>Registered a new message function (type 201)<br>Registered a new message function (type 202)<br>Registered server command REGI (Enter registration info)<br>Registered server command GREG (Get registration info)<br>Registered a new user function (type 100)<br>Loaded module: $Id$<br>Server-hosted upgrade level is 5.62<br>Loaded module: $Id$<br>Registered server command EXPI (Expire old system objects)<br>Registered server command FSCK (Check message ref counts)<br>Loaded module: $Id$<br><b>citserver: Can't bind: Address already in use<br>ERROR: could not bind to TCP port 25.</b><br>Registered a new service (TCP port 0)<br>Registered a new session function (type 50)<br>Loaded module: $Id$<br><b>citserver: Can't bind: Address already in use<br>ERROR: could not bind to TCP port 110.</b><br>Registered a new session function (type 0)<br>Loaded module: $Id$<br>Registered a new message function (type 202)Loaded module: $Id$<br>Registered server command RWHO (Display who is online)<br>Registered server command HCHG (Masquerade hostname)<br>Registered server command RCHG (Masquerade roomname)<br>Registered server command UCHG (Masquerade username)<br>Registered server command STEL (Enter/exit stealth mode)<br>Loaded module: $Id$<br>Changing uid to 513<br>Starting housekeeper thread<br></font></pre>
2331 <p>The lines emphasized in boldface in the above log output tell you
2332 that Citadel "can't bind" to various ports. The error 'address already
2333 in use' generally means that something else is already running on the
2334 requested port. Make SURE you've followed the above steps to remove
2335 sendmail/pop and start your Citadel server again.</p>
2336 <h3><a name="citmail"></a>Using Citadel in conjunction with another MTA</h3>
2337 <p>Occationally it is not practical to remove a non-Citadel MTA on your
2338 host system. For example, you might have multiple groups of users, some
2340 which are using Citadel and some of which are using a legacy Unix mail
2341 spool. This type of configuration is discouraged, but two tools are
2342 provided
2343 to allow it.</p>
2344 <p>The tool is called <tt>citmail</tt> and it is, quite simply, a
2345 local MDA (Mail Delivery Agent) which you can configure into your MTA
2346 for final delivery of incoming messages to Citadel users. A full
2347 discussion of the finer points of complex Sendmail configurations is
2348 beyond the scope of this document; however, you might want to visit <a
2349 href="http://pixel.citadel.org/citadel/docs/">Pixel BBS</a> where some
2350 useful HOWTO documents are provided.<br>
2351 </p>
2352 <p>The other tool is an <a href="http://www.faqs.org/rfcs/rfc2033.html">RFC2033</a>
2353 compliant LMTP service running on a local socket.&nbsp; If you're
2354 running a mailer that speaks LMTP (such as <a
2355 href="http://www.postfix.org/">Postfix</a>), you can simply point your
2356 mailer at the socket called <span style="font-family: monospace;">citadel.socket</span>
2357 in your Citadel directory.&nbsp; For example, in Postfix you might put
2358 the following line into <span style="font-family: monospace;">main.cf</span>
2359 in order to tell it to use Citadel to deliver mail to local recipients:<br>
2360 </p>
2361 <pre>local_transport = lmtp:unix:/usr/local/citadel/lmtp.socket<br></pre>
2362 <p>Postfix also has something called a "fallback transport" which can
2363 be used to implement Citadel as a "secondary" mail system on your
2364 server, while keeping the existing Unix mailboxes intact.&nbsp;
2365 However, it is beyond the scope of this document to detail the finer
2366 points of the configuration of Postfix or any other mailer, so refer to
2367 the documentation to those programs and keep in mind that Citadel has
2368 LMTP support.<span style="font-family: monospace;"></span></p>
2369 <p>There are actually <i>two</i> LMTP sockets. One is called
2370 <tt>lmtp.socket</tt> and the other is called <tt>lmtp-unfiltered.socket</tt>
2371 (both are found in your Citadel directory). The difference should be
2372 obvious: messages submitted via <tt>lmtp.socket</tt> are subject to
2374 spam filtering you may have configured (such as SpamAssassin), while
2375 messages
2376 submitted via <tt>lmtp-unfiltered.socket</tt> will bypass the filters.
2378 would use the filtered socket when receiving mail from an external MTA
2379 such
2380 as Postfix, but you might want to use the unfiltered socket with
2381 utilities
2382 such as fetchmail.</p>
2383 <br>
2384 <p>For outbound mail, you
2385 can either allow Citadel to perform
2386 deliveries directly
2387 (this won't affect your other mail system because outbound mail doesn't
2389 up port 25) or enter <tt>127.0.0.1</tt> as your smart-host, which will
2390 tell
2391 Citadel to forward all of its outbound mail to your other mail system.</p>
2392 <h3><a name="Hosting_an_Internet_mailing_list"></a>Hosting an Internet
2393 mailing list</h3>
2394 <p>Citadel has built in mailing list service (known in Internet
2395 vernacular as "listserv") functionality. &nbsp;You can turn any room
2396 into a mailing list. &nbsp;Users can then choose how they participate
2397 -- by logging on to your Citadel server directly, or by having the
2398 room's contents mailed to
2399 them somewhere else. &nbsp;Configuring this is easy.</p>
2400 <p>Citadel supports two modes of mailing list delivery: </p>
2401 <ul>
2402 <li>"List mode" -- each individual message is delivered as a single
2403 e-mail to each list mode recipient. &nbsp;The "From:" header will
2404 display the address of the message's original author.</li>
2405 <li>"Digest mode" -- groups of one or more messages are delivered
2406 to digest mode recipients. &nbsp;The number of messages in the group
2407 depends on how many new messages arrived since the last batch was
2408 delivered. &nbsp;The "From:" header will display the address of the
2409 room itself, which allows replies to be posted back to the room.</li>
2410 </ul>
2411 A room may have any combination of list mode and digest mode
2412 recipients.
2413 <p>As alluded to above, every room on your Citadel system has an
2414 Internet e-mail address of its own. &nbsp;Messages sent to that address
2415 will be
2416 posted in the room (and sent back out to mailing list recipients, as
2417 well
2418 as to any other Citadels you share the room with). &nbsp;The address
2419 format
2420 is <tt>room_</tt> plus the name of the room, with any spaces replaced
2422 underscores, followed by <tt>@</tt> and your hostname. For example, if
2423 your
2424 system is known as <tt>phlargmalb.orc.org</tt> on the Internet, and
2425 you have
2426 a room called <tt>Bubblegum Collectors</tt>, you can post to that room
2427 from
2428 anywhere on the Internet simply by sending an e-mail to <tt>room_bubblegum_collectors@phlargmalb.orc.org</tt>.
2429 When the message arrives, it's automatically posted in that room.</p>
2430 <p>To manually edit the list of "list mode" recipients, simply enter
2431 the <tt><b>.A</b>ide
2432 mailing <b>L</b>ist management</tt> command. Your text editor will
2433 open
2434 up and you will be able to create or edit a list of recipients, one per
2435 line. Lines beginning with a hash (<tt>#</tt>) are comments.</p>
2436 <p>To manually edit the list of "digest mode" recipients, enter the <tt><b>.A</b>ide
2437 mailing list <b>D</b>igest recipients</tt> command. As with the
2438 previous command, the text editor will open up and you can edit the
2439 list of digest mode recipients, one per line.</p>
2440 <p>Citadel also has a facility which allows users to subscribe or
2441 unsubscribe to mailing lists using a web browser. In order to do this,
2442 WebCit must also be running on your server in addition to Citadel.
2443 WebCit is obtained and installed separately from the rest of the
2444 Citadel system.</p>
2445 <p>In order to prevent "just anyone" from subscribing to any room on
2446 your system, there is a setting in the <tt><b>.A</b>ide <b>E</b>dit
2447 room</tt> command:</p>
2448 <pre>CitaNews} . Aide Edit this room<br>
2449 Room name [CitaNews]:<br>
2450 <br>
2451 <i>(lots of other stuff omitted for brevity...)</i><br>
2452 <br>
2453 Self-service list subscribe/unsubscribe [No]: Yes<br></pre>
2454 <p>When you answer "Yes" to self-service list subscribe/unsubscribe,
2455 you are
2456 enabling that feature. Now, all you have to do is tell the world about
2458 web page they need to visit. It looks like this:</p>
2459 <center><tt>http://foobar.baz.org:2000/listsub</tt></center>
2460 <p>In this example, the server is called <tt>foobar.baz.org</tt> and
2461 WebCit is running on port 2000. Edit appropriately.</p>
2462 <p>Citadel offers a subscribe/unsubscribe facility that is more
2463 intuitive than other listservs. With most systems, sending commands to
2464 the listserv requires that you e-mail it commands in a special format.
2465 It's easy to get it wrong. Citadel simply uses your web browser. You
2466 select the list you want to subscribe or unsubscribe (hint: it's the
2467 list of rooms you've enabled self-service for), select whether you want
2468 list mode or digest mode, and enter your e-mail address. For security
2469 purposes, a confirmation message is sent to the address you enter. But
2470 you don't have to reply to the message in a weird format, either: the
2471 confirmation contains another URL which
2472 you simply click on (or paste into your browser if you can't click on
2473 URL's
2474 in your e-mail software) and the confirmation is automatically
2475 completed.</p>
2476 <hr size="2" width="100%">
2477 <center>
2478 <h2><a name="Building_or_joining_a_Citadel_network"></a>Building or
2479 joining a Citadel network</h2>
2480 </center>
2481 <h3><a name="Overview__"></a>Overview</h3>
2482 <p>If you are running Citadel as a BBS or other forum type of
2483 application, one way to 'keep the conversation going' is to share rooms
2484 with other Citadel systems. In a shared room, a message posted to the
2485 room is automatically
2486 propagated to every system on the network. It's kind of like a UseNet
2487 newsgroup, but without the spam.</p>
2488 <p>If you are using Citadel as the e-mail and groupware platform for a
2489 large organization, you can use its networking features to build a
2490 large network of Citadel servers which share content (think of rooms as
2491 public folders), redistribute e-mail throughout the organization, and
2492 integrate the global address book. &nbsp;It might make sense, for
2493 example, in a large corporation to give each department or location its
2494 own Citadel server. &nbsp;Thanks
2495 to Citadel's global address book features, you could still have all of
2496 the users share a single e-mail domain.</p>
2497 <p>Obviously, the first thing you have to do is find another Citadel to
2498 share rooms with, and make arrangements with them. The following
2499 Citadels are a good place to start:</p>
2500 <ul>
2501 <li>UNCENSORED! - <a href="http://uncensored.citadel.org">uncensored.citadel.org</a>
2502 </li>
2503 <li>The Dog Pound II - <a href="http://dogpound2.citadel.org">dogpound2.citadel.org</a>
2504 </li>
2505 </ul>
2506 <p>You don't have to be a part of the citadel.org domain to participate
2507 in the public Citadel network, but the DNS service is provided free of
2508 charge by the Citadel community if you wish to do this.</p>
2509 <h3><a name="Conventions_and_etiquette_when"></a>Conventions and
2510 etiquette when connecting to the public Citadel network</h3>
2511 <p>Before we get into the technical nitty gritty, there are two points
2512 of etiquette to keep in mind. The first thing to keep in mind is that
2513 the operator of any particular Citadel may not be willing to share some
2514 of his/her rooms. Some sites are proud to offer exclusive content in
2515 certain areas. Chances are, if a room is already being shared on the
2516 network, it's available for anyone to share; if not, it can't hurt to
2517 ask -- but take care not to demand it of them. Ask if you may share the
2518 room instead of telling them that you wish to share the room. When
2519 looking at a <tt><b>K</b></tt>nown rooms list, network rooms are the
2520 ones ending in parentheses instead of angle brackets. For example, <tt>Gateway)</tt>
2521 would be a network room, <tt>Lobby&gt;</tt> would not.</p>
2522 <p>The other point of etiquette to remember is that you should be
2523 making
2524 the arrangements in advance, and then set it up. It is extremely rude
2526 simply begin networking with another Citadel, or unilaterally start
2527 sharing
2528 a new room, without first obtaining permission from its operator.
2529 Always
2530 ask first. Most Citadel operators are more than happy to network with
2531 you. Also, if later on you decide to take your system down, please take
2532 the time
2533 to notify the operators of any other Citadels you network with, so they
2535 unconfigure their end.</p>
2536 <h3><a name="Getting_ready_to_join_the_network"></a>Getting ready to
2537 join the network</h3>
2538 <p>Ok, first things first. On a Citadel room sharing network, the first
2539 thing you need to know is your own system's node name. Presumably you
2541 this up during installation, but if you want to change it you can do so
2542 using
2543 the <tt><b>.A</b>ide <b>S</b>ysconfig <b>G</b>eneral</tt> command:</p>
2544 <pre>Lobby&gt; . Aide System configuration General<br>Node name [uncnsrd]:<br>Fully qualified domain name [uncensored.citadel.org]:<br>Human readable node name [Uncensored]:<br></pre>
2545 <p>The "node name" is important, it's how the network identifies
2546 messages coming from your system. The "human readable node name" is
2547 simply a label; it shows up in messages coming from your system. "Fully
2548 qualified domain name" is your DNS name; it's used for routing messages
2549 on the Internet. In the above example, the node name is "uncnsrd".</p>
2550 <h3><a name="Defining_neighbor_nodes"></a>Defining neighbor nodes</h3>
2551 <p>The next thing you need to do is configure your neighbor node(s).
2552 You need to do this for each node you network with. Let's say you
2553 wanted
2554 to talk to a Citadel system called "frobozz". Use the <tt><b>.A</b>ide
2555 <b>S</b>ysconfig <b>N</b>etwork</tt> command:</p>
2556 <pre>Lobby&gt; . Aide System configuration Network<br>### Node Secret Host or IP Port#<br>--- ---------------- ---------------- -------------------------------- -----<br>&lt;A&gt;dd &lt;D&gt;elete &lt;S&gt;ave &lt;Q&gt;uit -&gt; Add<br><br>Enter node name : frobozz<br>Enter shared secret: frotz<br>Enter host or IP : frobozz.magick.org<br>Enter port number : [504]: 504<br><br>### Node Secret Host or IP Port#<br>--- ---------------- ---------------- -------------------------------- -----<br> 1 frobozz frotz frobozz.magick.org 504<br>&lt;A&gt;dd &lt;D&gt;elete &lt;S&gt;ave &lt;Q&gt;uit -&gt; Save<br><br>Lobby&gt;<br></pre>
2557 <p>As you can see in the above example, you have to enter the Citadel
2558 node name, the DNS name or IP address of the server, and the port
2559 number the Citadel service is running on. The "shared secret" is a
2560 password to allow the two Citadel nodes to connect to each other to
2561 exchange network data. The password must be <i>identical</i> on both
2562 ends of the connection -- when the operator of the other Citadel node
2563 sets up the connection with
2564 your system, he/she must use the same password.</p>
2565 <h3><a name="Sharing_rooms"></a>Sharing rooms</h3>
2566 <p>Now you're ready to share rooms. You have to do this for each room
2567 you want to share, and you have to do it from BOTH ENDS -- again, when
2569 share a room with another Citadel, they must share it with you as well.
2570 Let's say you have a room called "Quiche Recipes&gt;" and you want to
2571 share
2572 it with the node you set up above. First, edit the room and flag it as
2574 network room:</p>
2575 <pre>Quiche Recipes&gt; . Aide Edit this room<br>Room name [Quiche Recipes]:<br>Private room [No]: No<br>Preferred users only [No]: No<br>Read-only room [No]: No<br>Directory room [No]: No<br>Permanent room [No]: No<br>Network shared room [No]: Yes<br>Automatically make all messages anonymous [No]: No<br>Ask users whether to make messages anonymous [No]: No<br>Listing order [64]:<br>Room aide (or 'none') [none]:<br>Message expire policy (? for list) [0]:<br>Save changes (y/n)? Yes<br>Ok<br><br>Quiche Recipes)<br></pre>
2576 <p>Notice how the prompt changed? It was &gt; before, but it's ) now.
2577 That means it's a network room. Now you can tell Citadel that you want
2579 share the room with frobozz. Enter this command:</p>
2580 <pre>Quiche Recipes) . Aide Network room sharing<br></pre>
2581 <p>Your text editor will pop up (you <i>did</i> configure Citadel to
2583 your favorite text editor, right?) with a screen that looks like this:</p>
2584 <pre># Configuration for room: Quiche Recipes<br># Nodes with which we share this room<br># Specify one per line.<br></pre>
2585 <p>All you have to do is enter the name of the other Citadel node (i.e.
2586 "frobozz" in our example) on a line by itself. As usual, lines starting
2587 with a "#" are comments. Just go to the end of the file, type "frobozz"
2588 (without the quotes), save the file... and you're done!</p>
2589 <p>At this point, you just sit back and enjoy. Your Citadel and the
2590 other one will begin polling each other at regular intervals (once per
2591 hour by default) and sharing messages.</p>
2592 <h3><a name="Sending_mail"></a>Sending mail</h3>
2593 <p>You can send mail to any user on any node of your Citadel network.
2594 It may take a little while for your system to learn the entire node
2595 list, though, as this is done by watching incoming messages on the
2596 network and learning which nodes are out there.</p>
2597 <p>To send a private message, just enter <tt>user @ host</tt> as the
2598 recipient:</p>
2599 <pre>Mail&gt; Enter message <br>Enter recipient: Some other user @ frobozz<br> Feb 11 2003 11:36pm from I. M. Me to Some other user @ frobozz<br>type message here...<br><br>Entry command (? for options) -&gt;<br><br></pre>
2600 <h3><a name="Changing_the_polling_interval"></a>Changing the polling
2601 interval</h3>
2602 <p>As previously mentioned, Citadel will poll other Citadel nodes for
2603 messages once per hour. If this is not an acceptable interval, you can
2604 change it using the <tt><b>.A</b>ide <b>S</b>ystem configuration <b>G</b>eneral</tt>
2605 command. Enter this command and look for the option:</p>
2606 <pre>How often to run network jobs (in seconds) [3600]:<br></pre>
2607 <p>Change it to whatever you like. For example, 15 minutes is 900
2608 seconds. So if you changed the default value to 900, network polling
2609 would occur every 15 minutes.</p>
2610 <hr>
2611 <h2 align="center"><a name="Database_maintenance"></a>Database
2612 maintenance</h2>
2613 <h3><a name="Introduction_"></a>Introduction</h3>
2614 The data store used by Citadel is reliable and self-maintaining.
2615 &nbsp;It requires very little maintenance. This is primarily due
2616 to its use of the <a href="http://www.sleepycat.com">Berkeley DB</a>
2617 record manager. &nbsp;It is robust, high-performance, and transactional.<br>
2618 <br>
2619 A few small data files are kept in your main Citadel directory, but the
2620 databases are in the <tt>data/</tt> subdirectory. The files with
2621 names that begin with "cdb" are the databases themselves; the files
2622 with names that begin with "log" are the logs (sometimes referred to as
2623 "journals").&nbsp; Log files will continue to appear as you use your
2624 system; each will grow to approximately 10 megabytes in size before a
2625 new one is started. There is a system configuration setting
2626 (found in <span style="font-family: monospace;"><span
2627 style="font-weight: bold;">.A</span>ide <span
2628 style="font-weight: bold;">S</span>ystem-configuration <span
2629 style="font-weight: bold;">G</span>eneral</span> in the text mode
2630 client, or in <span style="font-family: monospace;">Administration
2631 --&gt; Edit site-wide configuration --&gt; Tuning</span> in the WebCit
2632 client) which specifies "Automatically delete committed database
2633 logs."&nbsp; If you have this option enabled, Citadel will
2634 automatically delete any log files whose contents have been fully
2635 committed to the database files.<br>
2636 <br>
2637 For more insight into how the database and log files work, you may wish
2638 to read the <a
2639 href="http://www.sleepycat.com/docs/ref/transapp/archival.html">Berkeley
2640 DB documentation</a> on this subject.<br>
2641 <br>
2642 <h3><a name="Backing_up_your_Citadel_database"></a>Backing up your
2643 Citadel database</h3>
2644 <span style="font-weight: bold;">Please read this section carefully.</span><br>
2645 <br>
2646 There are two backup strategies you can use, depending on your site's
2647 availability requirements and disk space availability.<br>
2648 <h5>Strategy #1: Standard backup</h5>
2649 The standard (or "offline") backup is used when your Citadel server is
2650 configured to automatically delete committed database logs.&nbsp; The
2651 backup procedure is as follows:<br>
2652 <ol>
2653 <li>Shut down the Citadel server.</li>
2654 <li>Back up all files (database files, log files, etc.) to tape or
2655 some other backup media.</li>
2656 <li>Start the Citadel server.</li>
2657 </ol>
2658 <span style="font-style: italic;">Advantage:</span> very little disk
2659 space is consumed by the logs.<br>
2660 <span style="font-style: italic;">Disadvantage:</span> Citadel is not
2661 available during backups.<br>
2662 <br>
2663 <h5>Strategy #2: "Hot" backup</h5>
2664 The "hot backup" procedure is used when your Citadel server is
2665 configured <span style="font-weight: bold;">not</span> to
2666 automatically delete committed database logs.&nbsp; The backup
2667 procedure is as follows:<br>
2668 <ol>
2669 <li>Back up all files.&nbsp; Make sure the database files (<span
2670 style="font-family: monospace;">cdb.*</span>) are backed up <span
2671 style="font-style: italic;">before</span> the log files (<span
2672 style="font-family: monospace;">log.*</span>).&nbsp; This will usually
2673 be the case, because the database files tend to appear first in both
2674 alphabetical and on-disk ordering of the <span
2675 style="font-family: monospace;">data/</span> directory.</li>
2676 <li>After verifying that your backup completed successfully, delete
2677 the committed log files with a command like this:</li>
2678 </ol>
2679 <span style="font-family: monospace;">/usr/local/citadel/sendcommand
2680 "CULL"</span><br>
2681 <br>
2682 <span style="font-style: italic;">Advantage:</span> Citadel continues
2683 to run normally during backups.<span style="font-style: italic;"><br>
2684 Disadvantage:</span> Much disk space is consumed by the log files,
2685 particularly if the full text indexer is turned on.<br>
2686 <br>
2687 <br>
2688 It is up to you to decide which backup strategy to use.&nbsp; <span
2689 style="font-weight: bold;">Warning: if you configure Citadel to
2690 automatically delete committed database logs, and do not shut the
2691 Citadel service down during backups, there is no guarantee that your
2692 backups will be usable!</span><br>
2693 <br>
2694 <h3><a name="Database_repair"></a>Database repair</h3>
2695 Although Citadel's data store is quite reliable, database corruption
2696 can occur in rare instances. &nbsp;External factors such as an
2697 operating system crash or an unexpected loss of power might leave the
2698 database in an unknown state. &nbsp;A utility is provided which may
2699 be able to repair your database if this occurs. &nbsp;If you find
2700 that your Citadel server is not running, and reading the logs shows
2701 that it is crashing because of an inability to validate a database,
2702 follow these steps:<br>
2703 <ol>
2704 <li>Edit <tt>/etc/inittab</tt> and switch the Citadel service from
2705 "respawn" to "off." &nbsp;Type <tt>init q</tt> to make this setting
2706 permanent.</li>
2707 <li><b>Make a backup of your data.</b> &nbsp;Either write it out to
2708 tape or copy it to another directory, or a tarball.<br>
2709 </li>
2710 <li><tt>cd</tt> to your Citadel directory and type <tt>./database_cleanup.sh</tt></li>
2711 <li>Let the cleanup script run. &nbsp;<b>Do not interrupt this
2712 process for any reason.</b><br>
2713 </li>
2714 <li>Edit <tt>/etc/inittab</tt> and switch the Citadel service from
2715 "off" to "respawn". &nbsp;Type <tt>init q</tt> to activate your
2716 changes.</li>
2717 </ol>
2718 If this procedure does not work, you must restore from your most recent
2719 backup.<br>
2720 <b>Please note: this utility should <i>only</i> be used for recovering
2721 a database that is causing the Citadel server to crash upon startup. If
2722 you have some other type of problem, but the citserver process is not
2723 aborting with "Berkeley DB Panic" errors, this is <i>not</i> the way to
2724 fix it.</b><br>
2725 <br>
2726 <h3><a name="ImportingExporting_your_Citadel"></a>Importing/Exporting
2727 your Citadel database<br>
2728 </h3>
2729 <p>Citadel contains an importer/exporter module, affectionately
2730 known as the "Art Vandelay" module (a not-so-obscure Seinfeld
2731 reference). It
2732 allows you to export the entire contents of your Citadel databases to a
2733 flat file, which may then be imported on another system. (This
2734 procedure
2735 is also known as "dump and load" to database gurus.)</p>
2736 <p>Why would you want to do this? &nbsp;Here are some scenarios: </p>
2737 <ul>
2738 <li>You are moving a Citadel installation to another computer, which
2739 uses a different CPU. Since Citadel stores data in an
2740 architecture-dependent format, the data files wouldn't work on the new
2741 computer as-is. </li>
2742 <li>Your computer crashed, lost power, etc. and you suspect that your
2743 databases have become corrupted. </li>
2744 <li>You want to switch to a different back-end data store. (For
2745 example, from GDBM to Berkeley DB) </li>
2746 </ul>
2747 <p>So ... how do we work this magic? Follow these steps <i>exactly</i>
2748 as documented and you should be able to do it all with very little
2749 trouble.</p>
2750 <ol>
2751 <li>This should be obvious, but it's still worth mentioning: &nbsp;<b>Make
2752 sure you have a backup of everything before you start this!&nbsp;</b>
2753 You're performing a major operation here. Don't risk it. </li>
2754 <li>First, get all the users logged off from your system. Disconnect
2755 it from the network if possible. You don't want anyone logging in while
2756 you're doing this. </li>
2757 <li>Log on as root, or some other user that has read/write access to
2758 all relevant files. </li>
2759 <li>Go to the directory that Citadel is installed in. For example,
2760 issue a command like <tt>cd /usr/local/citadel</tt> </li>
2761 <li>Export the databases with the following command:<br>
2762 <br>
2763 <tt>./sendcommand "ARTV export" &gt;exported.dat</tt><br>
2764 <br>
2765 This command may run for a while. On a very large system it could take
2766 an hour or more. Please be patient! </li>
2767 <li>When the export completes, check to make sure that <tt>exported.dat</tt>
2768 exists and has some data in it. (Type "ls -l exported.dat") </li>
2769 <li>Shut down the Citadel server. If you have a line in <tt>/etc/inittab</tt>
2770 that reads like this:<br>
2771 <br>
2772 <tt>c1:2345:respawn:/usr/local/citadel/citserver
2773 -h/usr/local/citadel</tt> <br>
2774 ...then you should change the <tt>respawn</tt> to <tt>off</tt> and
2775 then type <tt>/sbin/init q</tt> to make the changes take effect. </li>
2776 <li>Now it's time to delete your current binary databases. Type:<br>
2777 <br>
2778 <tt>rm -f citadel.config citadel.control data/*</tt> </li>
2779 <li>If you're moving Citadel to another computer, you should move the
2780 <i>entire</i> directory over at this time. <tt>exported.dat</tt>
2781 only contains the information that was in the binary databases.
2782 Information which was stored in portable formats doesn't need to be
2783 exported/imported, so
2784 you must bring it all over in its current form. </li>
2785 <li>Now get Citadel running on the new computer (or whatever). Run <tt>setup</tt>
2786 and turn the service back on (from <tt>/etc/inittab</tt>) but DO NOT
2787 log in. </li>
2788 <li>As root, run the import command:<br>
2789 <br>
2790 <tt>./sendcommand "ARTV import" &lt;exported.dat</tt><br>
2791 <br>
2792 This will import your databases. Again, it may run for a long time. </li>
2793 <li>Restart the Citadel server. You can do this any way you like.
2794 From the command line, you can do it with a command like:<br>
2795 <br>
2796 <tt>./sendcommand "DOWN"</tt> <br>
2797 </li>
2798 <li>Now you're finished. Log in and test everything. You may delete
2799 exported.dat at this time, or you might want to save it somewhere as a
2800 sort of pseudo-backup. </li>
2801 </ol>
2802 <hr>
2803 <center>
2804 <h2><a name="crypto"></a>Cryptography support (TLS/SSL)</h2>
2805 </center>
2806 <h3><a name="crypto_intro"></a>Overview</h3>
2807 <p>Citadel provides built-in support for encryption using Transport
2808 Layer Security (TLS) for ESMTP, IMAP, POP3, and the Citadel client
2809 protocol.
2810 A simple cryptographic configuration is installed automatically when
2812 bring the system online. The remainder of this section describes how
2813 this
2814 configuration is built, and what you can do to make changes to it.</p>
2815 <p>Encryption files are kept in the <tt>keys/</tt> directory. The
2816 three
2817 files used by Citadel are:</p>
2818 <ul>
2819 <li><tt>citadel.key</tt> - Contains your system's RSA private key.
2820 Citadel
2821 generates a new key automatically if one is not found. </li>
2822 <li><tt>citadel.csr</tt> - Contains a Certificate Signing Request
2823 (CSR)
2824 for your system. Citadel generates a new CSR automatically, using your
2825 private key, if one is not found. </li>
2826 <li><tt>citadel.cer</tt> - Contains the public certificate for your
2827 system. The public key in the certificate <b>must</b> correspond with
2829 private key in <tt>citadel.key</tt>, otherwise encryption will not
2830 function properly. Citadel will generate a self-signed certificate,
2831 again
2832 using your private key, if a certificate is not found. </li>
2833 </ul>
2834 <h3><a name="real_cert"></a>Generating and installing a Trusted
2835 Certificate</h3>
2836 <p>If you wish to interact with 3rd party clients
2837 that have hard coded lists of acceptable Certificate Authorities, and
2839 do not want annoying dialog boxes popping up for the user on the first
2841 all) connections, then you will have to have your key signed by a valid
2842 Certificate Authority.</p>
2843 <p>It is beyond the scope of this document to provide a complete
2844 tutorial
2845 on SSL certificates. Here are the general rules to follow:</p>
2846 <ul>
2847 <li>Generally, the Certificate Signing Requeste which is
2848 automatically
2849 generated by Citadel will not contain enough information for any
2850 Certificate
2851 Authority to sign it. Generate a new CSR with the following commands:<br>
2852 <br>
2853 <tt>cd keys</tt><br>
2854 <tt>openssl req -new -key citadel.key -out citadel.csr</tt><br>
2855 <br>
2856 Answer all questions (your geographic location, organization name,
2857 etc.)
2858 and then send the new <tt>citadel.csr</tt> to your Certificate
2859 Authority
2860 when you order the certificate. </li>
2861 <li>When the certificate is received, simply save it as <tt>citadel.cer</tt>
2862 and restart the Citadel server. </li>
2863 <li>If your certificate authority delivers a 'chained' certificate
2864 (one
2865 with intermediate certificate authorities), simply append the
2866 intermediate
2867 certificate after your server's own certificate in the <tt>citadel.cer</tt>
2868 file.</li>
2869 </ul>
2870 <br>
2871 <hr style="width: 100%; height: 2px;">
2872 <div style="text-align: center;">
2873 <h2><a name="LDAP_Directory_Support"></a>LDAP (Directory) Support</h2>
2874 <div style="text-align: justify;">
2875 <h3><a name="Introduction_ldap"></a>Introduction</h3>
2876 LDAP (Lightweight Directory Access Protocol) has become the open
2877 standard protocol for directory access.&nbsp; There are many client
2878 programs which are capable of making use of an LDAP directory
2879 service.&nbsp; Therefore it may be beneficial for some sites to have a
2880 directory available which is populated with Citadel user information.<br>
2881 <br>
2882 Citadel does not contain its own LDAP service, because that would
2883 eliminate its ability to coexist with any existing directory you may
2884 already have in place at your organization.&nbsp; Instead, we provide
2885 the LDAP Connector for Citadel, which allows the Citadel service to
2886 populate an external LDAP directory.&nbsp; If you do not already have
2887 an LDAP directory in place, you can use the OpenLDAP server, which is
2888 probably already present in your operating system, or at least can be
2889 loaded from the installation CD's.&nbsp; The supplied configuration
2890 file <tt>citadel-slapd.conf</tt> can be used as a starting
2891 point to get your LDAP server running.<br>
2892 <br>
2893 <h3><a name="Preparing_your_LDAP_server_for_Citadel"></a>Preparing your
2894 LDAP server for Citadel connections</h3>
2895 It is difficult to find a commonly accepted LDAP scheme. It seems, most
2896 real life LDAP installations go for the domain oriented apporach
2897 and lay out the structure after an existing domain/subdomain structure.
2898 <p> The most widely accepted and standardized object for storing
2899 personal data clearly is "inetOrgPerson". Citadel therefore extends this
2900 standard schema with an object class called "citadelInetOrgPerson".</p>
2901 <p>If you are using OpenLDAP as your directory server, you should
2902 choose options similar to the following:</p>
2903 <pre>
2904 include /etc/openldap/schema/core.schema
2905 include /etc/openldap/schema/cosine.schema
2906 include /etc/openldap/schema/inetorgperson.schema
2907 include /etc/openldap/schema/rfc2739.schema
2908 include /etc/openldap/schema/citadel.schema
2912 database bdb
2913 suffix "dc=example,dc=com"
2914 rootdn "cn=manager,dc=example,dc=com"
2915 rootpw secret
2916 directory /var/openldap-data
2918 </pre>
2920 <p>Notes on this configuration:
2921 <ul>
2922 <li>Obviously, you can make your suffix and rootdn whatever you wish,
2923 but in most cases you'd simply follow a DC path that looks similar to
2924 your DNS domain.</li>
2925 <li>In earlier versions of OpenLDAP, you could use the
2926 option <span style="font-family: monospace;">schemacheck off</span> to
2927 make life easier by relaxing the strict schema checking. This option
2928 has been removed from OpenLDAP, so now you <strong>must</strong> install
2929 the supplied schema extensions. <tt>rfc2739.schema</tt> and
2930 <tt>citadel.schema</tt> are included with the Citadel distribution.</li>
2931 <li>Your <span style="font-family: monospace;">rootdn</span> and <span
2932 style="font-family: monospace;">rootpw</span> can be whatever you
2933 want.&nbsp; Usually the rootdn is <span style="font-family: monospace;">cn=manager,</span>
2934 followed by your usual suffix.&nbsp; Please don't use <span
2935 style="font-family: monospace;">secret</span> as your password, as in
2936 this example.&nbsp; Select a new password for your site.</li>
2937 </ul>
2938 <br>
2939 Your LDAP service <span style="font-weight: bold;">must</span> be up
2940 and running before you attempt to connect Citadel to it.<br>
2941 <br>
2942 <h3><a name="Configuring_the_LDAP_Connector_for"></a>Configuring the
2943 LDAP Connector for Citadel</h3>
2944 Once you've located or installed your LDAP server, connecting Citadel
2945 to it is easily completed with the <span style="font-weight: bold;"><span
2946 style="font-family: monospace;">.A</span></span><span
2947 style="font-family: monospace;">ide <span style="font-weight: bold;">S</span>ystem-configuration
2948 <span style="font-weight: bold;">G</span>eneral command:<br>
2949 </span>
2950 <pre>Lobby&gt; . Aide System configuration General<br><br><span
2951 style="font-style: italic;">(lots of other stuff omitted for brevity...)</span><br><br>Connect this Citadel to an LDAP directory [Yes]: <span
2952 style="font-weight: bold;">Yes</span><br>Host name of LDAP server []: <span
2953 style="font-weight: bold;">127.0.0.1</span><br>Port number of LDAP service [389]: <span
2954 style="font-weight: bold;">389</span><br>Base DN []: <span
2955 style="font-weight: bold;">dc=servername,dc=domain,dc=org</span><br>Bind DN []: <span
2956 style="font-weight: bold;">cn=manager,dc=servername,dc=domain,dc=org</span><br>Password for bind DN []: <span
2957 style="font-weight: bold;">secret</span><br style="font-weight: bold;"><br><span
2958 style="font-style: italic;">(more questions omitted...)</span><br><br>Save this configuration? <span
2959 style="font-weight: bold;">Yes</span><br></pre>
2960 Once you've done this, restart your Citadel service with the <span
2961 style="font-weight: bold;"><span style="font-family: monospace;">.A</span></span><span
2962 style="font-family: monospace;">ide <span style="font-weight: bold;">T</span>erminate-server
2963 <span style="font-weight: bold;">N</span>ow</span> command.&nbsp; When
2964 Citadel restarts, it will connect to your LDAP directory.&nbsp; Note
2965 that we gave Citadel the same Base DN, Bind DN, and password that was
2966 in our LDAP server configuration example.&nbsp; Obviously, everything
2967 needs to be identical on both sides or the connection will be
2968 refused.&nbsp; 127.0.0.1 is the loopback address, and 389 is the
2969 standard port number for LDAP, so this would be the proper host and
2970 port combination for an LDAP service running on your local
2971 server.&nbsp; It could just as easily be on another server, for example
2972 an organization-wide directory server.<br>
2973 <br>
2974 You can also configure the LDAP Connector for Citadel from a WebCit
2975 session.&nbsp; Log on as an Aide and click on Advanced Options --&gt;
2976 Edit Site-Wide Configuration --&gt; Directory, and you will be
2977 presented with the same set of questions.<br>
2978 <br>
2979 So, what kind of information will be entered into LDAP?&nbsp; As a
2980 rule, anything that gets saved to your Global Address Book room will
2981 also be saved to LDAP.&nbsp; Citadel will set up OU's (Organizational
2982 Units) for each node on your Citadel network, so if you are running
2983 multiple Citadel servers in an organization, you will automatically
2984 have a hierarchial view built for you.&nbsp; Below the OU's will be an
2985 entry for each user who has a vCard registered on the system.&nbsp;
2986 Citadel automatically translates vCard information to LDAP.<br>
2987 <br>
2988 If you already have a Global Address Book full of existing information,
2989 you can execute an <span style="font-family: monospace;">IGAB</span>
2990 (Initialize Global Address Book) server command to rebuild it.&nbsp; In
2991 addition to performing its usual function of rebuilding the internal
2992 Internet e-mail address mapping table, Citadel will also repopulate
2993 LDAP with all existing vCards.&nbsp; You should be aware, however, that
2994 existing LDAP entries will not be cleared from your directory
2995 server.&nbsp; If your directory contains only Citadel data, you can
2996 safely delete your database and start over, because it will be
2997 repopulated.&nbsp; Otherwise, Citadel will merely update any existing
2998 records with fresh information.<br>
2999 <br>
3000 The LDAP Connector for Citadel is a recent development, so expect more
3001 functionality in this space in the near future.<br>
3002 </div>
3003 <br>
3004 </div>
3005 <hr>
3006 <center>
3007 <h2><a name="utilities"></a>Utilities</h2>
3008 </center>
3009 <h3><a name="overview"></a>Overview</h3>
3010 <p>The following utilities will be discussed: </p>
3011 <ul>
3012 <li><b>aidepost</b> - Post standard input to the Aide&gt; room </li>
3013 <li><b>whobbs</b> - Who is on the system </li>
3014 <li><b>msgform</b> - Format a binary message to the screen (stdin or
3015 in a file) </li>
3016 <li><b>userlist</b> - Print the userlist </li>
3017 <li><b>sendcommand</b> - Send a server command </li>
3018 </ul>
3019 <p>It is up to you to decide which utilities should be made accessible
3020 only to system administrators. It is important that you set the file
3021 permissions correctly. All utilities should have access to the Citadel
3022 data files. We
3023 will attempt to address each program individually.</p>
3024 <h3><a name="aidepost"></a>aidepost</h3>
3025 <p>The nature of this program is rather simple. Standard input (stdin)
3026 is converted into a message, filed in the main message store, and
3027 posted in the Aide&gt; room. This is useful for keeping transcripts of
3028 system activity that has to do with Citadel operations. You might even
3029 elect to send all of
3030 your system logs there, too.</p>
3031 <p><tt>aidepost</tt> also accepts the usage <tt>aidepost -rTargetRoom</tt>,
3032 where TargetRoom is the name of a room to which you'd like the message
3033 to be sent.</p>
3034 <h3><a name="whobbs"></a>whobbs</h3>
3035 <p>This program is similar to the <tt>who</tt> command. It lists all
3036 of the users who are currently connected to your Citadel server, either
3037 locally or
3038 across a network. Unless you're running a standalone system, <tt>who</tt>
3039 and <tt>whobbs</tt> will probably not have a one-to-one
3040 correspondence. Remember
3041 that you will see sessions for SMTP, POP, and IMAP users, as well as
3042 users
3043 running a Citadel client.</p>
3044 <p>One thing to keep in mind is that the <tt>whobbs</tt> utility
3045 actually opens a connection to the server. If the server is maxed out, <tt>whobbs</tt>
3046 will still be able to provide a listing, because it doesn't need to log
3047 in to execute the <tt>RWHO</tt> command. Note that whobbs does not
3048 list its own session.</p>
3049 <p>The <tt>whobbs</tt> utility is smart enough to know when it is
3050 being invoked by a web server as a CGI program. In this situation, it
3051 will output its listing
3052 as a nicely formatted web page instead of plain text. This makes it
3053 easy
3054 to just put a link to the whobbs binary in your cgi-bin directory,
3055 allowing
3056 a quick and easy way for web surfers to see who is online.</p>
3057 <p>Running the <tt><b>W</b>ho is online</tt> command from the Citadel
3058 client does <b>not</b> call this utility. It has this functionality
3059 built in.<br>
3060 <br>
3061 </p>
3062 <h3><a name="msgform"></a>msgform</h3>
3063 <p>The <tt>msgform</tt> utility reads its standard input (stdin)
3064 looking for
3065 Citadel messages stored in the internal format used on disk and over
3067 network, and sends them in a human-readable format to standard output
3068 (stdout). There is no longer much use for this program, but it is
3069 included for hack
3070 value.</p>
3071 <h3><a name="userlist"></a>userlist</h3>
3072 <p>This is a program to print the userlist. There are two flags that
3073 may be
3074 set when running this program. When called without any arguments, <tt>userlist</tt>
3075 will display all users (except those who have chosen to be unlisted),
3076 their user numbers, times called, messages posted, screen width, and
3077 date of their most recent call.</p>
3078 <p><tt>userlist</tt> is simply the same user listing code that is in
3080 client, made into a standalone utility for convenience.<br>
3081 </p>
3082 <h3><a name="sendcommand"></a>sendcommand</h3>
3083 <p><tt>sendcommand</tt> will interpret its arguments (except for <tt>-hDIRNAME</tt>)
3084 as a server command, which is sent to the server. Commands which
3085 require textual input will read it from stdin. Commands which generate
3086 textual output will be sent to stdout.</p>
3087 <p>This utility is intended to be used to enable Citadel server
3088 commands to
3089 be executed from shell scripts.</p>
3090 <p><b>NOTE:</b> be sure that this utility is not world-executable. It
3091 connects to the server in privileged mode, and therefore could present
3092 a security hole if not properly restricted.</p>
3093 </div>
3094 <br>
3095 </body>
3096 </html>