+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
- <title>Citadel Documentation</title>
- <meta http-equiv="content-type"
- content="text/html; charset=ISO-8859-1">
-</head>
-<body>
-<div align="center">
-<h1>C I T A D E L</h1>
-<h2>an open source messaging and collaboration platform</h2>
-Copyright ©1987-2011 by the Citadel development team. Contributors include:
-<ul>
- <li>Clint Adams
- <li>Steven M. Bellovin
- <li>Nathan Bryant
- <li>Art Cancro
- <li>Brian Costello
- <li>Edward Flick
- <li>Nick Georbit
- <li>David Given
- <li>Dave West
- <li>Wilfried Goesgens
- <li>Michael Hampton
- <li>Andru Luvisi
- <li>Daniel Malament
- <li>Stu Mark
- <li>Edward S. Marshall
- <li>Ben Mehlman
- <li>Matt Pfleger
- <li>Ari Samson
- <li>Trey Van Riper
- <li>John Walker
- <li>Steve Williams
- <li>Ethan Young
-</ul>
-</div>
-<br>
-<div align="justify">The entire package is open source software. You may
-redistribute and/or modify it under the terms of the GNU General Public
-License, version 3, which is included in this manual.<br>
-<br>
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details. </div>
-<div align="justify"><br>
-For more information, visit either of these locations on
-the web:<br>
-<ul>
- <li>The Citadel home page: <a href="http://www.citadel.org">http://www.citadel.org</a></li>
- <li>UNCENSORED! BBS, the home of Citadel: <a
- href="http://uncensored.citadel.org">http://uncensored.citadel.org</a></li>
-</ul>
-<hr size="2" width="100%">
-<h2 align="center">Table of Contents</h2>
-<ol>
- <li><a href="#GPL">License</a></li>
- <li><a href="#Installation">Installation</a></li>
- <ol>
- <li><a href="#Everything_in_its_place...">Everything in its
-place...</a></li>
- <li><a href="#ctdl_login_acct">Creating a system account for Citadel</a></li>
- <li><a href="#bypassing_login">Bypassing the login:
-prompt</a></li>
- <li><a href="#Compiling_the_programs">Compiling the programs</a></li>
- <li><a href="#Upgrading">Upgrading</a></li>
- <li><a href="#rc_file">The citadel.rc file</a></li>
- <li><a href="#Using_an_external_editor_for_message">Using an
-external editor for message composition</a></li>
- <li><a href="#Printing_messages">Printing messages</a></li>
- <li><a href="#URL_viewing">URL viewing</a></li>
- <li><a href="#Setup_and_login">Setup and login</a></li>
- <li><a href="#Configuring_your_host_system_to_start">Configuring
-your host system to start the service</a></li>
- <li><a href="#first_time_login">Logging in for
-the first time</a></li>
- <li><a href="#Welcoming_new_users">Welcoming new users</a></li>
- <li><a href="#adding_doors">Space for adding
-your own client features (doors)</a></li>
- <li><a href="#Troubleshooting_and_getting_help">Troubleshooting and
-getting help</a><br>
- </li>
- </ol>
- <li><a href="#sysop">System Administration</a></li>
- <ol>
- <li><a href="#Overview_">Overview</a></li>
- <li><a href="#Aide_commands">Aide commands</a></li>
- <li><a href="#Editing_rooms">Editing rooms</a></li>
- <li><a href="#File_directories">File directories</a></li>
- <li><a href="#Creating_and_editing_user_accounts">Creating and
-editing user accounts</a></li>
- <li><a href="#Deleting_and_moving_messages">Deleting and moving
-messages</a></li>
- <li><a href="#Customizing_the_help_files">Customizing the help files</a></li>
- <li><a href="#Site_configuration">Site configuration</a><br>
- </li>
- </ol>
- <li> <a href="#Configuring_Citadel_for_Internet_e-mail">Configuring
-Citadel for Internet e-mail</a></li>
- <ol>
- <li><a href="#Introduction">Introduction</a></li>
- <li><a href="#Basic_site_configuration">Basic site configuration</a></li>
- <li><a href="#Enabling_the_Internet_mail_protocols">Enabling the
-Internet mail protocols</a></li>
- <li><a href="#Hosting_an_Internet_mailing_list">Hosting an Internet
-mailing list</a><br>
- </li>
- <li><a href="#citmail">Using Citadel in conjunction with another MTA</a></li>
- </ol>
- <li><a href="#Building_or_joining_a_Citadel_network">Building or
-joining a Citadel network</a></li>
- <ol>
- <li><a href="#Overview__">Overview</a></li>
- <li><a href="#Conventions_and_etiquette_when">Conventions and
-etiquette when connecting to the public Citadel network</a></li>
- <li><a href="#Getting_ready_to_join_the_network">Getting ready
-to join the network</a></li>
- <li><a href="#Defining_neighbor_nodes">Defining neighbor nodes</a></li>
- <li><a href="#Sharing_rooms">Sharing rooms</a></li>
- <li><a href="#Sending_mail">Sending mail</a></li>
- <li><a href="#Changing_the_polling_interval">Changing the polling
-interval</a></li>
- </ol>
- <li><a href="#Database_maintenance">Database maintenance</a></li>
- <ol>
- <li><a href="#Introduction_">Introduction</a></li>
- <li><a href="#Backing_up_your_Citadel_database">Backing up your
-Citadel database</a><br>
- </li>
- <li><a href="#Database_repair">Database repair</a></li>
- <li><a href="#ImportingExporting_your_Citadel">Importing/Exporting
-your Citadel database</a><br>
- </li>
- </ol>
- <li><a href="#crypto">Cryptography support (TLS/SSL)</a></li>
- <ol>
- <li><a href="#crypto_intro">Overview</a></li>
- <li><a href="#real_cert">Generating and installing a Trusted
-Certificate</a></li>
- </ol>
- <li><a href="#LDAP_Directory_Support">LDAP directory support</a></li>
- <ol>
- <li><a href="#Introduction_ldap">Introduction</a></li>
- <li><a href="#Preparing_your_LDAP_server_for_Citadel">Preparing
-your LDAP server for Citadel connections</a><br>
- </li>
- <li><a href="#Configuring_the_LDAP_Connector_for">Configuring the
-LDAP Connector for Citadel</a><br>
- </li>
- </ol>
- <li><a href="#utilities">Included utilities</a></li>
- <ol>
- <li><a href="#overview">Overview</a></li>
- <li><a href="#aidepost">aidepost</a></li>
- <li><a href="#whobbs">whobbs</a></li>
- <li><a href="#msgform">msgform</a></li>
- <li><a href="#userlist">userlist</a></li>
- <li><a href="#sendcommand">sendcommand</a></li>
- </ol>
-</ol>
-<br>
-<hr size="2" width="100%"><br>
-<h2 align="center"><a name="GPL"></a>GNU General Public License<br>
-</h2>
-</div>
-
-<p style="text-align: center;">Version 3, 29 June 2007</p>
-
-<p>Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/></p><p>
-
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.</p>
-
-<h3><a name="preamble"></a>Preamble</h3>
-
-<p>The GNU General Public License is a free, copyleft license for
-software and other kinds of works.</p>
-
-<p>The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users. We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors. You can apply it to
-your programs, too.</p>
-
-<p>When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.</p>
-
-<p>To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.</p>
-
-<p>For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.</p>
-
-<p>Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.</p>
-
-<p>For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.</p>
-
-<p>Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so. This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software. The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable. Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products. If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.</p>
-
-<p>Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary. To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.</p>
-
-<p>The precise terms and conditions for copying, distribution and
-modification follow.</p>
-
-<h3><a name="terms"></a>TERMS AND CONDITIONS</h3>
-
-<h4><a name="section0"></a>0. Definitions.</h4>
-
-<p>“This License” refers to version 3 of the GNU General Public License.</p>
-
-<p>“Copyright” also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.</p>
-
-
-<p>“The Program” refers to any copyrightable work licensed under this
-License. Each licensee is addressed as “you”. “Licensees” and
-“recipients” may be individuals or organizations.</p>
-
-<p>To “modify” a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a “modified version” of the
-earlier work or a work “based on” the earlier work.</p>
-
-<p>A “covered work” means either the unmodified Program or a work based
-on the Program.</p>
-
-<p>To “propagate” a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.</p>
-
-<p>To “convey” a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.</p>
-
-<p>An interactive user interface displays “Appropriate Legal Notices”
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.</p>
-
-<h4><a name="section1"></a>1. Source Code.</h4>
-
-<p>The “source code” for a work means the preferred form of the work
-for making modifications to it. “Object code” means any non-source
-form of a work.</p>
-
-<p>A “Standard Interface” means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.</p>
-
-<p>The “System Libraries” of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-“Major Component”, in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.</p>
-
-<p>The “Corresponding Source” for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.</p>
-
-<p>The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.</p>
-
-<p>The Corresponding Source for a work in source code form is that
-same work.</p>
-
-<h4><a name="section2"></a>2. Basic Permissions.</h4>
-
-<p>All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.</p>
-
-<p>You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.</p>
-
-<p>Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.</p>
-
-<h4><a name="section3"></a>3. Protecting Users' Legal Rights From Anti-Circumvention Law.</h4>
-
-<p>No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.</p>
-
-<p>When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.</p>
-
-<h4><a name="section4"></a>4. Conveying Verbatim Copies.</h4>
-
-<p>You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.</p>
-
-<p>You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.</p>
-
-<h4><a name="section5"></a>5. Conveying Modified Source Versions.</h4>
-
-<p>You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:</p>
-
-<ul>
-<li>a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.</li>
-
-<li>b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- “keep intact all notices”.</li>
-
-<li>c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.</li>
-
-<li>d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.</li>
-</ul>
-
-<p>A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-“aggregate” if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.</p>
-
-<h4><a name="section6"></a>6. Conveying Non-Source Forms.</h4>
-
-<p>You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:</p>
-
-<ul>
-<li>a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.</li>
-
-<li>b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.</li>
-
-<li>c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.</li>
-
-<li>d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.</li>
-
-<li>e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.</li>
-</ul>
-
-<p>A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.</p>
-
-<p>A “User Product” is either (1) a “consumer product”, which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, “normally used” refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.</p>
-
-<p>“Installation Information” for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.</p>
-
-<p>If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).</p>
-
-<p>The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.</p>
-
-<p>Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.</p>
-
-<h4><a name="section7"></a>7. Additional Terms.</h4>
-
-<p>“Additional permissions” are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.</p>
-
-<p>When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.</p>
-
-<p>Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:</p>
-
-<ul>
-<li>a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or</li>
-
-<li>b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or</li>
-
-<li>c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or</li>
-
-<li>d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or</li>
-
-<li>e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or</li>
-
-<li>f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.</li>
-</ul>
-
-<p>All other non-permissive additional terms are considered “further
-restrictions” within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.</p>
-
-<p>If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.</p>
-
-<p>Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.</p>
-
-<h4><a name="section8"></a>8. Termination.</h4>
-
-<p>You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).</p>
-
-<p>However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.</p>
-
-<p>Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.</p>
-
-<p>Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.</p>
-
-<h4><a name="section9"></a>9. Acceptance Not Required for Having Copies.</h4>
-
-<p>You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.</p>
-
-<h4><a name="section10"></a>10. Automatic Licensing of Downstream Recipients.</h4>
-
-<p>Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.</p>
-
-<p>An “entity transaction” is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.</p>
-
-<p>You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.</p>
-
-<h4><a name="section11"></a>11. Patents.</h4>
-
-<p>A “contributor” is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's “contributor version”.</p>
-
-<p>A contributor's “essential patent claims” are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, “control” includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.</p>
-
-<p>Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.</p>
-
-<p>In the following three paragraphs, a “patent license” is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To “grant” such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.</p>
-
-<p>If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. “Knowingly relying” means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.</p>
-
-
-<p>If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.</p>
-
-<p>A patent license is “discriminatory” if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.</p>
-
-<p>Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.</p>
-
-<h4><a name="section12"></a>12. No Surrender of Others' Freedom.</h4>
-
-<p>If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.</p>
-
-<h4><a name="section13"></a>13. Use with the GNU Affero General Public License.</h4>
-
-<p>Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.</p>
-
-<h4><a name="section14"></a>14. Revised Versions of this License.</h4>
-
-<p>The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.</p>
-
-<p>Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU General
-Public License “or any later version” applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.</p>
-
-<p>If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.</p>
-
-<p>Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.</p>
-
-<h4><a name="section15"></a>15. Disclaimer of Warranty.</h4>
-
-<p>THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.</p>
-
-<h4><a name="section16"></a>16. Limitation of Liability.</h4>
-
-<p>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.</p>
-
-<h4><a name="section17"></a>17. Interpretation of Sections 15 and 16.</h4>
-
-<p>If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.</p>
-
-<p>END OF TERMS AND CONDITIONS</p>
-
-<br>
-<hr size="2" width="100%"><br>
-<div align="center">
-<h2><a name="Installation"></a>Installation</h2>
-</div>
-<div align="justify">
-<h3>Overview</h3>
-<p>Citadel is an advanced, multiuser, client/server messaging system
-suitable for BBS, e-mail, and groupware applications. It is designed to
-handle the needs of both small dialup systems and large-scale
-Internet-connected systems. It was originally developed on an Altos
-system running Xenix, and has been installed and tested on various Unix
-and Unix-like platforms. The current development environment (and
-public BBS) is an ordinary Linux system. The current distribution
-includes: </p>
-<ul>
- <li>The Citadel server (this is the back end that does all
-processing) </li>
- <li>A text-based client program designed with the traditional Citadel
-"look and feel" (room prompts, dot commands, and the like) </li>
- <li>Setup programs </li>
- <li>A set of utilities for system administration and maintenance </li>
- <li>Documentation </li>
-</ul>
-<p>Some knowledge of the Unix system is necessary to install and manage
-the system. It is mandatory that the sysop have "root" access to the
-operating system. The following are required to install Citadel: </p>
-<ul>
- <li>A unix-like operating system (Linux, FreeBSD, Solaris, etc.) </li>
- <li>The GNU build tools (<a href="http://gcc.gnu.org/">GCC</a> with <a
- href="http://www.gnu.org/software/make/make.html">gmake</a> is the
-recommended build environment) </li>
- <li><a href="http://www.sleepycat.com">Berkeley DB</a> v4.1 or newer</li>
- <li><a href="http://www.aurore.net/projects/libical/">libical</a> v0.26 or
-newer (if you want the calendar service to work)</li>
- <li><a href="http://libsieve.sourceforge.net">libSieve</a> v2.2.3 or newer
-(if you want mail filtering/scripting to work)</li>
- <li>Enough disk space to hold all of the programs and data </li>
-</ul>
-<p>If you are running Citadel on a Linux system, it is STRONGLY
-recommended that you run it on a recent distribution (such as CentOS
-4.1 or newer). A new-ish
-distribution will have many of the prerequisite tools and
-libraries already integrated for you.</p>
-<h3>Other pieces which complete the Citadel system:</h3>
-<ul>
- <li>"WebCit", a gateway program to allow full access to Citadel via
-the World Wide Web. Interactive access through any Web browser. </li>
- <li>Access to Citadel via <i>any</i> standards-compliant e-mail
-program, thanks to Citadel's built-in SMTP, POP, and IMAP services.
-You can use Mozilla, Netscape, Evolution, Eudora, Pine, Outlook, etc.
-with Citadel.</li>
- <li>Access to Citadel's calendar and address book functions using any
-PIM client that supports Webcal or GroupDAV (requires WebCit).<br>
- </li>
-</ul>
-<h3>Coming soon:</h3>
-<ul>
- <li>More integration with third-party software.<br>
- </li>
-</ul>
-<h3><a name="Everything_in_its_place..."></a>Everything in its place...</h3>
-<p>Hopefully you've unpacked the distribution archive into its own
-directory. This is the directory in which all Citadel files are located
-and in
-which all activity will take place. Several subdirectories have already
-been created during the unpacking process, and others may be created
-by the software if needed. Make sure you have Berkeley DB installed on
-your system, and that you have all the development libraries and
-headers
-in place so that you can compile against them. If you don't, you can
-get the latest Berkeley DB at
-<a href="http://www.sleepycat.com">http://www.sleepycat.com</a>.
-If your operating system uses a separate library to support POSIX
-threads (pthreads), make sure that library is installed as well. This
-is almost never the case with Linux, but some commercial Unix flavors
-might need it.<br>
-<br>
-</p>
-<h3><a name="ctdl_login_acct"></a>Creating a system account for Citadel</h3>
-<p>As with many Unix programs, Citadel wants to run under its own user
-ID. Unlike other programs, however, this user ID will do double-duty as
-a public login for your system if you are running a BBS. This account
-is typically called "bbs" or "citadel" or something to that effect. You
-will tell Citadel what the user-id of that account is, and when someone
-logs in under that account, Citadel will prompt for a user name.</p>
-<p>The Citadel user should have a unique uid. The home directory should
-be the one your Citadel installation resides in (in this example we
-will use <tt>/usr/local/citadel</tt>) and the shell should be either
-"citadel" in
-that directory, or a script that will start up the citadel client.
-Example:</p>
-<pre>citadel::100:1:Citadel Login:/usr/local/citadel:/usr/local/citadel/citadel<br></pre>
-<p>When you run setup later, you will be required to tell it the
-username or user ID of the account you created is, so it knows what
-user to run as. If you create an account called <tt>citadel, bbs</tt>,
-or <tt>guest</tt>, the setup program will automatically pick up the
-user ID by default.</p>
-<p>For all other users in <tt>/etc/passwd</tt> (or in some other name
-service such as NIS), Citadel can automatically set up
-such as NIS), Citadel can automatically set up
-an account using the full name (or 'gecos' in Unixspeak) of the user.
-It'll also ignore any password you supply, because it uses the user's
-password on the host system. This allows a 'single sign on' type of
-environment.
-Note that this does have to be enabled at setup time -- it's the
-option called "host based authentication mode". Keep in
-mind that these users can use *either* their Citadel login name or
-their login name on the host computer, and their password on the
-host computer.</p>
-<h3><a name="bypassing_login"></a>Bypassing the <tt>login:</tt>
-prompt</h3>
-<p>If you normally log in to your host system using some method other
-than telnet (such as ssh), you might want the telnet service to go
-straight into Citadel, instead of displaying the <tt>login:</tt>
-prompt first. You
-can do this by having telnetd start citadel directly instead of
-<tt>/bin/login</tt>. The <tt>setup</tt> program will offer to
-configure
-this automatically for you if it sees a configuration it understands.
-If you would prefer to configure it manually, all you need to do is
-make a
-simple change to your <tt>inetd</tt> or <tt>xinetd</tt>
-configuration. Here are some configuration examples.</p>
-<p>An example for <tt>inetd</tt> (put the following line in <tt>/etc/inetd.conf</tt>,
-replacing any existing telnet configuration line already there):</p>
-<pre>telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -L /usr/local/citadel/citadel<br></pre>
-<p>An example for <tt>xinetd</tt> (if you have a file called <tt>/etc/xinetd.d/telnet</tt>
-then simply replace that file with this one):</p>
-<pre>service telnet<br>{<br> flags = REUSE<br> socket_type = stream<br> wait = no<br> user = root<br> server = /usr/sbin/in.telnetd<br> server_args = -L /usr/local/citadel/citadel<br> log_on_failure += USERID<br> disable = no<br>}<br></pre>
-<p>Please make sure you know what you're doing before you install this!
-If
-you are going to put Citadel somewhere other than <tt>/usr/local/citadel</tt>
-then change the directory name accordingly. If you know of any other
-local peculiarities which need to be observed, edit the above
-configuration
-accordingly as well. And, of course, if you're working remotely, make
-sure you can successfully log in using SSH <b>before</b> you start
-making
-changes to telnet, because if you accidentally break telnet and don't
-have
-SSH running, you'll have effectively locked yourself out of your system
-until you can get physical access to the console.<br>
-<br>
-</p>
-<h3><a name="Compiling_the_programs"></a>Compiling the programs</h3>
-<p>You can easily compile the Citadel system with the following
-commands:</p>
-<pre>./configure<br>make<br>make install<br></pre>
-<p>The 'configure' script will generate a Makefile from the
-Makefile.in,
-and it will also write the file "sysdep.h" to your Citadel directory.
-Please do not edit sysdep.h or Makefile.in yourself. The configure
-script will
-figure out your system dependencies and set everything correctly.</p>
-<p>Mac OS X 10.1 and later are now supported. (Sorry, 10.0 cannot be
-supported, now or in the future.) You need to install the Developer
-Tools CD, which you can purchase or download for free from <a
- href="http://developer.apple.com">http://developer.apple.com</a>. Then
-run configure like this:</p>
-<pre>env CC=/usr/bin/cc ./configure (options - see below)<br></pre>
-<p>By default, the Citadel system will install in <tt>/usr/local/citadel</tt>.
-If you wish to place it in a different directory, you can instead do:</p>
-<pre>./configure --prefix=/export/home/citadel (or whatever)<br></pre>
-<p>If you've got Berkeley DB installed in a non-standard location, you
-can help the configure script find it by doing something like this:</p>
-<pre>./configure --with-db=/usr/local/BerkeleyDB-4.1<br></pre>
-<p>Keep in mind that if you're using Berkeley DB from a non-standard
-location,
-you'll have to make sure that location is available at runtime.</p>
-<p>File permissions are always a bother to work with. You don't want
-Citadel to crash because someone couldn't access a file, but you also
-don't want shell users peeking into the binaries to do things like
-reading others' mail, finding private rooms, etc. The Citadel server
-needs to be started as root in order to bind to privileged ports, but
-as soon as its initialization is finished, it changes its user ID to
-your Citadel user in order to avoid security holes.</p>
-<h3><a name="Upgrading"></a>Upgrading</h3>
-<p>Any existing Citadel installation which is at version 5.50 or newer
-may be upgraded in place without the need to discard your existing data
-files.</p>
-<p>Upgrading to a new version uses the same build procedure as
-compiling
-the program for a fresh install, except that you want to do <tt>make
-upgrade</tt> instead of <tt>make install</tt>. This will
-overwrite the programs but not your data. <b>Be sure to shut down
-citserver during this process!</b> If Citadel is running while you
-upgrade, you may face data corruption issues.<br>
-</p>
-<p>After doing <tt>make upgrade</tt>, you should run <tt>setup</tt>
-again to bring your data files up to date. Please see the setup section
-below for more information on this.</p>
-<h3><a name="rc_file"></a>The <tt>citadel.rc</tt> file</h3>
-<p>The text-based client included with Citadel is suitable for BBS
-applications. Much of its command set and other behavior is
-configurable through a Run Control (RC) file. The standard client looks
-for this file in the following locations: </p>
-<ul>
- <li><tt>$HOME/.citadelrc</tt></li>
- <li><i>your-Citadel-directory</i><tt>/citadel.rc</tt></li>
- <li><tt>/etc/citadel.rc</tt></li>
- <li><i>current-directory</i><tt>/citadel.rc</tt></li>
-</ul>
-The next couple of sections deal with client-side configuration.
-<h3><a name="Using_an_external_editor_for_message"></a>Using an
-external editor
-for message composition</h3>
-<p>Citadel has a built-in message editor. However, you can also use
-your favorite text editor to write messages. To do this you simply put
-a line in your citadel.rc file like this:</p>
-<pre>editor=/usr/bin/vi<br></pre>
-<p>The above example would make Citadel call the vi editor when using
-the <tt><b>.E</b>nter <b>E</b>ditor</tt> command, or when a user
-selects the "Always compose messages with the full-screen
-editor" option. You can also make
-it the default editor for the <tt><b>E</b>nter</tt> command by editing
-the <tt>citadel.rc</tt> file. <b>But be warned:</b> external editors
-on public systems can
-be a security hole, because they usually provide users with the ability
-to drop into a shell on the host system, or save files using names
-other
-than the name of the temporary file they are editing. If you intend to
-use an external editor on a public BBS, make sure you use one that has
-been
-hardened for such a purpose -- one which has had the 'shell' and 'save
-as'
-commands disabled, as well as any other functions which a destructive
-user could use to gain unauthorized access to your host system.</p>
-<h3><a name="Printing_messages"></a>Printing messages</h3>
-<p>Citadel can send messages to a printer, or just about anywhere
-else in your system. The variable <tt>PRINTCMD</tt> in <tt>citadel.rc</tt>
-specifies what command you use to print. Text is sent to the standard
-input (stdin) of the print command.</p>
-<p>So if you did this:</p>
-<pre>printcmd="a2ps -o - |lpr -Plocal"<br></pre>
-<p>...that would convert the printed text to PostScript, then print on
-the
-printer named "local". There's tons of stuff you can do with this
-feature. For example, you could use a command like <tt>cat
-<<$HOME/archive</tt> to save copies of important messages in a
-textfile. Again, this is probably something you don't want to configure
-for a public BBS host -- most system administrators don't want remote
-users sending arbitrary things to local printers.</p>
-<h3><a name="URL_viewing"></a>URL viewing</h3>
-<p>This is one more feature which is appropriate for local users. While
-reading
-a message that has Internet URL's in it, you can select the <tt><b>U</b>RL-view</tt>
-command, and it will perform some pre-defined action (usually, this is
-to open up the URL in a web browser). For example:</p>
-<pre>urlcmd=netscape -remote "openURL(%s)"<br></pre>
-<p>In the above example, it would open up the URL in an open <a
- href="http://www.netscape.com/download">Netscape</a> window.<br>
-<br>
-</p>
-<h3><a name="Setup_and_login"></a>Setup and login</h3>
-<p>Before logging in for the first time, you must run the setup
-program. To begin this procedure, enter the following commands:</p>
-<pre>cd /usr/local/citadel<br>./setup<br></pre>
-<p>The setup program will guide you through a simple configuration
-procedure. It will ask you what directory to place your data files in
--- the default is the current directory, which is usually the sensible
-thing to select. If you want to run more than one instance of Citadel
-on the same host, however, you can specify a different directory here
--- just remember to specify the directory name again when you start up
-the server later on.</p>
-<p><tt>setup</tt> will then shut down the Citadel service if it is
-found to
-be running.</p>
-<p>You will then be prompted for the name of the system administrator.
-This is not merely a cosmetic option -- when you log in to your system
-a little while from now, you'll log in with this name, and it will
-automatically assign your account the highest access level.</p>
-<p>Next, you will be prompted for the User ID of the Citadel account on
-your host system. If you have an account called <tt>bbs</tt>, <tt>guest</tt>,
-or <tt>citadel</tt>, that account's UID will be the default. If you
-are upgrading or reconfiguring an existing system, the existing value
-will be preserved.</p>
-<p>Then you will be prompted for a server port number. This is the TCP
-port which Citadel clients use to connect to your Citadel server. In
-almost all cases, you want to use the default -- port 504, which is the
-official port number assigned by the IANA for Citadel implementations.</p>
-<p><tt>setup</tt> will then ask you about authentication mode. <i>Please
-understand this question thoroughly before answering it.</i> You have a
-choice of two authentication modes:
-<ul>
-<li><i>Native authentication</i> - Citadel maintains its own user database.
-This is the normal mode of authentication. Citadel operates as a "black
-box" and your users do not have to have accounts or home directories on the
-host server.
-<li><i>Host based authentication</i> - access to Citadel is authenticated
-against the user database (<tt>/etc/passwd</tt> or perhaps NIS, etc.).
-</ul>
-You will be asked if you wish to use host based authentication. If you
-wish to do so, answer "Yes" at the prompt. For most installations, "No"
-is the appropriate answer.
-</p>
-<p>The Citadel service will then be started, and you will see the
-following message:</p>
-<pre>Setup is finished. You may now log in.<br></pre>
-<p>Setup is now complete, on most systems, anyway. Please see below to
-find out if you need to do anything else:</p>
-<h3><a name="Configuring_your_host_system_to_start"></a>Configuring
-your host
-system to start the service</h3>
-<p><b>Please note:</b> this topic involves modifications made to <tt>/etc/services</tt>
-and <tt>/etc/inittab</tt> in order to configure your host system to
-automatically start the Citadel service. <tt>setup</tt> will
-automatically perform these steps if it can, and if you allow it to --
-just answer 'Yes' when prompted, and everything will be taken care of
-for you. If you answer 'No' -- or if your system is a little bit odd
-(for example, BSD systems don't have <tt>/etc/inittab</tt>) -- read
-this section and do what you need to in order to get things configured.</p>
-<p>Before you can use Citadel, you must define the "citadel" service to
-your system. This is accomplished by adding a line to your
-/etc/services file that looks something like this:</p>
-<pre>citadel 504/tcp # Citadel Server<br></pre>
-<p>504 is the port number officially designated by the IANA for use by
-Citadel. There should not be any need to use a different port number,
-unless you are running multiple Citadels on the same computer and
-therefore need
-a different port for each one.</p>
-<p>The next step is to arrange for the server to start. The <tt>citserver</tt>
-program is the main Citadel server. Before we cover the recommended
-method of starting the server, let's examine its usage options:</p>
-<pre>citserver [-hHomeDir] [-xDebugLevel] [-tTraceFile] [-lLogFacility] [-d] [-f]<br></pre>
-<p>The options are as follows:</p>
-<p><tt>-hHomeDir</tt> - the directory your Citadel data files live in.
-This should, of course, be a directory that you've run the <tt>setup</tt>
-program against to set up some data files. If a directory is not
-specified, the directory
-name which was specified in the <tt>Makefile</tt> will be used.</p>
-<p><tt>-xDebugLevel</tt> - Set the verbosity of trace messages printed.
-When -x is used, it will suppress messages sent to syslog(see below).
-In
-other words, syslog will never see certain messages if -x is used.
-Normally
-you should configure logging through syslog, but -x may still be useful
-in
-some circumstances. The available debugging levels are: </p>
-<ul>
- <li>0 - Emergency condition; Citadel will exit immediately </li>
- <li>1 - Severe errors; Citadel may be unable to continue without
-attention </li>
- <li>2 - Critical errors; Citadel will continue with degraded
-functionality </li>
- <li>3 - Error conditions; Citadel will recover and continue normally </li>
- <li>4 - Warning messages; Citadel will continue normally </li>
- <li>5 - Normal operational messages </li>
- <li>6 - Informational messages, progress reports, etc. </li>
- <li>7 - Debugging messages; extremely verbose </li>
-</ul>
-<p><tt>-tTraceFile</tt> - Tell the server where to send its debug/trace
-output. Normally it is sent to stdout.</p>
-<p><tt>-lLogFacility</tt> - Tell the server to send its debug/trace
-output
-to the <tt>syslog</tt> service on the host system <i>instead of</i>
-to a
-trace file. <tt>LogFacility</tt> must be one of: <tt><i>kern, user,
-mail,
-daemon, auth, syslog, lpr, news, uucp, local0, local1, local2, local3,
-local4, local5, local6, local7</i></tt>. Please note that use of the
-<tt>-l</tt> option will cancel any use of the <tt>-t</tt> option; that
-is,
-if you specify a trace file <i>and</i> a syslog facility, log output
-will
-only go to the syslog facility.
-</p>
-<p><tt>-d</tt> - Run as a daemon; i.e. in the background. This switch
-would be necessary if you were starting the Citadel server, for
-example, from an rc.local script (which is not recommended, because
-this won't allow the server to automatically restart when it is shut
-down).</p>
-<p><tt>-f</tt> - Defragment all the databases upon startup. This
-currently has no effect, as it is a vestige from the old data store.</p>
-<p>The preferred method of starting the Citadel server is to place an
-entry in your /etc/inittab file. This will conveniently bring the
-server up when your system is up, and terminate it gracefully when your
-system is shutting down. The exact syntax for your system may vary, but
-here's an entry that could be used on a Linux system:</p>
-<pre>cit:2345:respawn:/usr/local/citadel/citserver -h/usr/local/citadel -t/dev/tty9 -x6<br></pre>
-<p>In this example, we've chosen debugging level 6, and have the trace
-stuff output to one of the virtual consoles. It's important to remember
-to turn off any getty that is set up on that virtual console, if you do
-this. After making this change, the command <tt>init q</tt> works on
-most systems to tell init to re-read the file. If in doubt, just reboot
-the computer.<br>
-<br>
-</p>
-<h3><a name="first_time_login"></a>Logging in for the
-first time</h3>
-<p>At this point, your system is ready to run. Run the <tt>citadel</tt>
-program from the shell and log in as a new user. NOTE: the first user
-account to be created will automatically be set to access level 6
-(Aide). This overcomes some obvious logistical problems - normally,
-Aide access is given by another Aide, but since there aren't any on
-your system yet, this isn't possible.<br>
-<br>
-</p>
-<h3><a name="Welcoming_new_users"></a>Welcoming new users</h3>
-<p>Sometimes you might decide that you want a welcome message (or
-several different messages) automatically mailed to new users upon
-their first login. Now there is a way to do this. If you create a room
-called <tt>New User Greetings</tt>, and it is a <i>private</i> room
-(invitation-only probably makes the most sense), any messages you enter
-into that room will automatically be delivered to all new users upon
-registration.</p>
-<p>You can put anything you want there: a welcome message, system
-policies, special information, etc. You can also put as many messages
-there as you want to (although it really doesn't make sense to clutter
-new users' mailboxes with lots of junk).</p>
-<p>Don't worry about wasting disk space, either. Citadel has a
-single-instance message store, so all the new users are actually
-looking at the same copy of the message on disk.<br>
-<br>
-</p>
-<h3><a name="adding_doors"></a>Space for adding
-your own
-client features (doors)</h3>
-<p><b>Please take note!</b> This function really represents the "old"
-way of doing things, and it doesn't fit in well with the client/server
-paradigm. Please consider it "deprecated" because it may be removed
-someday.</p>
-<p>The "doorway" feature is just a generic way to add features to the
-system. It is called "Doorway" to make it resemble the doors on
-non-Unix boards, but as we all know, us Unix types don't have to write
-special code to access the modem. :-) Anyway, when a user hits the <tt><b>*</b></tt>
-(doorway) command, Citadel does...</p>
-<pre>USERNAME=(username); export USERNAME<br>./subsystem (user-number) (screen-width) (access level)<br></pre>
-<p>...so you can put whatever you want in there. I suggest putting in a
-menu
-program to allow the users to pick one of a number of programs, etc. Do
-be aware that door programs will only be available when the client and
-server
-programs are running on the <i>same</i> computer, and when the user is
-running
-the text-mode client. Because of these restrictions, Door programs are
-being
-utilized less and less every day.<br>
-<br>
-</p>
-<h3><a name="Troubleshooting_and_getting_help"></a>Troubleshooting and
-getting help</h3>
-<p>That's just about all the information you need to install the
-system. But if you get stuck, you can visit <a
- href="http://uncensored.citadel.org">UNCENSORED! BBS</a> and report a
-problem or ask for help. But if you intend to report a problem getting
-the Citadel server to run, <i>please</i> double-check the following
-things first: </p>
-<ul>
- <li>Did you do <tt>./configure && make && make
-install</tt> ?? </li>
- <li>Did you run setup? </li>
- <li>Did you start the server? </li>
-</ul>
-<p>To report a problem, you can log on to <a
- href="http://uncensored.citadel.org">UNCENSORED!</a> or any other BBS
-on the Citadel network which carries the <tt>Citadel/UX></tt> room.
-Please DO NOT e-mail the developers directly. Post a request for help
-on the BBS, with all of the following information: </p>
-<ul>
- <li>The exact nature of your difficulty </li>
- <li>A transcript of the error message(s) if possible </li>
- <li>The version of Citadel you are running </li>
- <li>The version of Berkeley DB present on your system </li>
- <li>Which operating system you are running, and what version </li>
- <li>If you are running a Linux system, we need to know which
-distribution, and the version of the kernel, libc, and pthreads you
-are using (it would help to post the output of a <tt>ldd ./citserver</tt>
-command). </li>
-</ul>
-</div>
-<div align="center">
-<hr size="2" width="100%">
-<h2><a name="sysop"></a>System Administration</h2>
-</div>
-<div align="justify">
-<h3><a name="Overview_"></a>Overview</h3>
-<p>Citadel, when installed properly, will do most of its maintenance
-by itself. It is intended to be run unattended for extended periods of
-time, and most installations do just that without any software failures.</p>
-<p>The system has seven access levels. Most users are at the bottom and
-have
-no special privileges. Aides are selected people who have special
-access within
-the Citadel program. Room Aides only have this access in a certain
-room. Preferred users can be selected by Aides for access to preferred
-only rooms. A sysop is anyone who has access to the various sysop
-utilities - these
-are in their own executable files, which should have their permissions
-set
-to allow only sysops to run them. You should either create a sysops
-group
-in /etc/group, or use some other existing group for this purpose.</p>
-<p>Aides have access to EVERY room on the system, public and private
-(all types). They also have access to commands starting with <tt>.<b>A</b>ide</tt>
-in addition to being able to delete and move messages. The system room,
-<tt>Aide></tt>, is accessible only by those users designated as
-Aides.</p>
-<h3><a name="Aide_commands"></a>Aide commands</h3>
-<p>Aides have the following commands available to them that are not
-available to normal users. They are:</p>
-<table>
- <tbody>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>K</b>ill this room </tt></td>
- <td> Deletes the current room from the system. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>E</b>dit this room </tt></td>
- <td> Allows editing of the properties of the current room. This
-is explained in greater detail below. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>W</b>ho knows room </tt></td>
- <td> For private rooms with access controls, or mailbox rooms,
-this command displays a list of users who have access to the current
-room. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide edit <b>U</b>ser </tt></td>
- <td> Allows editing of the properties of any user account
-on the system. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>V</b>alidate new users </tt></td>
- <td> For public access systems, this command reviews all new user
-registrations and allows you to set each new user's access level (or
-simply delete the accounts). </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide enter <b>I</b>nfo file </tt></td>
- <td> Each room may contain a short textual description of
-its purpose, which is displayed to users upon entering the room for the
-first time (or in the room banner, for users of the Web client). This
-command allows you to enter or edit that description. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>R</b>oom <b>I</b>nvite
-user </tt></td>
- <td> Access control command to grant any specific user access to
-a private room. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>R</b>oom <b>K</b>ick
-out user </tt></td>
- <td> Access control command to revoke any specifc user's access
-to the current room. This works regardless of whether the room is
-public or private. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>F</b>ile <b>D</b>elete </tt></td>
- <td> If the current room has an associated file directory, this
-command may be used to delete files from it. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>F</b>ile <b>S</b>end
-over net </tt></td>
- <td> If the current room has an associated file directory, this
-command may be used to transmit a copy of any file in that directory to
-another node on a Citadel network. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>F</b>ile <b>M</b>ove </tt></td>
- <td> If the current room has an associated file directory, this
-command may be used to move any file in that directory to another room.
-The target room must also have an associated file directory. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>M</b>essage edit </tt></td>
- <td> This command allows editing of any of the various system
-banners and messages which are displayed to users. Type the name of
-the banner or message you wish to edit. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>P</b>ost </tt></td>
- <td> This is the functional equivalent of the <tt><b>E</b>nter
-message</tt> command available to all users, except that it allows you
-to post using any user name. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration <b>G</b>eneral
- </tt></td>
- <td> This command allows configuration of a large number of
-global settings for your Citadel system. These settings will be
-explained in greater detail below. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration <b>I</b>nternet
- </tt></td>
- <td> This command allows configuration of settings which affect
-how your Citadel system sends and receives messages on the Internet. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration
-check <b>M</b>essage base </tt></td>
- <td> Perform a consistency check on your message store. This is a
-very time-consuming operation which should not be performed unless you
-have reason to believe there is trouble with your database. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration <b>N</b>etwork
- </tt></td>
- <td> Configure networking (e-mail, room sharing, etc.) with other
-Citadel nodes. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>S</b>ystem configuration
-network <b>F</b>ilter list </tt></td>
- <td> If you are on a large public or semi-public network of
-Citadel nodes and you find content from certain systems or individuals
-objectionable, you can use this command to define a rule set to
-automatically reject those messages when they arrive on your system. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>T</b>erminate server <b>N</b>ow
- </tt></td>
- <td> Immediately shut down the Citadel service, disconnecting any
-users who are logged in. Please keep in mind that it will start
-right back up again if you are running the service from <tt>/etc/inittab</tt>,
-so in practice this command will probably not get much use. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>T</b>erminate server <b>S</b>cheduled
- </tt></td>
- <td> Shut down the Citadel service the next time there are zero
-users connected. This allows you to automatically wait until all users
-are logged out. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide mailing <b>L</b>ist recipients
- </tt></td>
- <td> Any room may be made into a mailing list. Enter this command
-to open an editor window containing the list of Internet e-mail
-addresses to which every message posted in the room will be sent. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide mailing list <b>D</b>igest
-recipients </tt></td>
- <td> Similar to the regular mailing list command, except the
-messages will be sent out in 'digest' form -- recipients will see
-messages from the address of the room itself rather than the address of
-the author of each message, and a digest may contain more than one
-message. Each room may have any combination of List and Digest
-recipients. </td>
- </tr>
- <tr>
- <td width="30%"><tt> .<b>A</b>ide <b>N</b>etwork room sharing </tt></td>
- <td> Configures the sharing of the current room's contents with
-other Citadel nodes. Messages posted in this room on any Citadel system
-will automatically be replicated to other Citadel systems carrying the
-room. </td>
- </tr>
- </tbody>
-</table>
-<br>
-<br>
-<h3><a name="Editing_rooms"></a>Editing rooms</h3>
-<p>This command allows any aide to change the parameters of a room. Go
-to the room you wish to edit and enter the <tt><b>.A</b>ide <b>E</b>dit
-room</tt> command. A series of prompts will be displayed. The existing
-parameters will be displayed in brackets; simply press return if you
-want
-to leave any or all of them unchanged.</p>
-<pre> <br>Room name [IG's Fun Room]:<br></pre>
-<p>...the name of the room.</p>
-<pre>Private room [Yes]? <br></pre>
-<p>...enter Yes if you wish to restrict access to the room, or no if
-the room
-is to be accessible by all users. Note that Citadel doesn't bother
-users
-about access to rooms every time they need to access the room. Once a
-user
-gains access to a private room, it then behaves like a public room to
-them.
-The following four questions will only be asked if you selected
-Private...</p>
-<pre>Accessible by guessing room name [No]?<br></pre>
-<p>...if you enter Yes, the room will not show up in users' <tt><b>K</b>nown
-rooms</tt> listing, but if they <tt><b>.G</b>oto</tt> the room (typing
-the room's full name), they will gain access to the room.</p>
-<pre>Accessible by entering a password [No]?<br>Room password [mypasswd]: <br></pre>
-<p>...this adds an additional layer of security to the room, prompting
-users for a password before they can gain access to the room.</p>
-<p>If you did not select guessname or passworded, then the only way
-users can access the room is if an Aide explicitly invites them to the
-room using the <tt><b>.A</b>ide <b>R</b>oom <b>I</b>nvite user</tt>
-command.</p>
-<pre>Cause current users to forget room [No] ? No<br></pre>
-<p>Enter Yes if you wish to kick out anyone who currently has access to
-the room.</p>
-<pre>Preferred users only [No]? No<br></pre>
-<p>Enter Yes if you wish to restrict the room to only users who have
-level 5 (Preferred User) status (and Aides too, of course). You should
-make the room public if you intend to do this, otherwise the two
-restrictions will be COMBINED.</p>
-<pre>Read-only room [No]? No<br></pre>
-<p>If you set a room to Read-Only, then normal users will not be
-allowed to
-post messages in it. Messages may only be posted by Aides, and by
-utility programs such as the networker and the "aidepost" utility. This
-is
-useful in situations where a room is used exclusively for important
-announcements, or if you've set up a room to receive an Internet
-mailing
-list and posting wouldn't make sense. Other uses will, of course,
-become
-apparent as the need arises.</p>
-<p>Now for a few other attributes...</p>
-<pre>Directory room [Yes]? Yes<br></pre>
-<p>...enter Yes if you wish to associate a directory with this room.
-This can be used as a small file repository for files relevant to the
-topic of the room. If you enter Yes, you will also be prompted with the
-following four questions:</p>
-<pre>Directory name [mydirname]: <br></pre>
-<p>...the name of the subdirectory to put this room's files in. The
-name of the directory created will be <tt><i><your Citadel
-directory></i>/files/<i><room dir name></i></tt>.</p>
-<pre>Uploading allowed [Yes]? Yes<br></pre>
-<p>...enter Yes if users are allowed to upload to this room.</p>
-<pre>Downloading allowed [Yes]? Yes<br></pre>
-<p>...enter Yes if users are allowed to download from this room.</p>
-<pre>Visible directory [Yes]? Yes<br></pre>
-<p>...enter Yes if users can read the directory of this room.</p>
-<pre>Network shared room [No]? No<br></pre>
-<p>...you can share a room over a network without setting this flag,
-and
-vice versa, but what this flag does is twofold: </p>
-<ul>
- <li>It prevents people with no network access from entering messages
-here </li>
- <li>Messages are displayed with the name of their originating
-system in the header. </li>
-</ul>
-<pre>Permanent room [No]? No<br></pre>
-<p>Citadel contains an 'auto purger' which is capable of removing rooms
-which have not been posted in for a pre-defined period of time (by
-default
-this is set to two weeks). If you wish to keep this from happening to
-a particular room, you can set this option. (Keep in mind that <tt>Lobby></tt>,
-<tt>Aide></tt>, any private mailbox rooms, any network shared rooms,
-and any rooms with a file directory are automatically permanent.)</p>
-<pre>Anonymous messages [No]? No<br>Ask users whether to make messages anonymous [No]? No<br></pre>
-<p>...you can have rooms in which all messages are automatically
-anonymous, and you can have rooms in which users are prompted whether
-to make a
-message anonymous when they enter it. The real identity of the author
-of each message is still revealed to the Room Aide for this room, as
-well
-as any system-wide Aides.</p>
-<pre>Room aide [Joe Responsible]: <br></pre>
-<p>...on larger systems, it helps to designate a person to be
-responsible for a room. Room Aides have access to a restricted set of
-Aide commands, ONLY when they are in the room in which they have this
-privilege. They can edit the room, delete the room, delete and move
-messages, and invite or kick out users (if it is a private room), but
-they cannot perform aide commands that are not room-related (such as
-changing users access levels).</p>
-<pre>Listing order [64]: <br></pre>
-<p>This is just a simple way to try to control the order rooms are
-listed in when users call up a <tt><b>K</b>nown Rooms</tt> listing.
-Rooms with a lower listing order are displayed prior to rooms with a
-higher listing order. It has no other effect. For users who list rooms
-in floor order, the display will sort first by floor, then by listing
-order.</p>
-<pre>Message expire policy (? for list) [0]:<br></pre>
-<p>This provides you with the opportunity to select how long each
-message will remain in a room before automatically being deleted. Press
-<tt><b>?</b></tt> for a list of options. You can choose to keep
-messages around forever (or until they are manually deleted), until
-they become a certain number of days old, or until a certain number of
-additional messages are posted in the room, at which time the oldest
-ones will scroll out.</p>
-<p>When a new Citadel system is first installed, the default
-system-wide
-expire policy is set to 'manual' -- no automatic purging of messages
-takes place anywhere. For public message boards, you will probably want
-to set some sort of automatic expire policy, in order to prevent your
-message base from growing forever.</p>
-<p>You will notice that you can also fall back to the default expire
-policy for the floor upon which the room resides. This is the default
-setting. You can change the floor's default with the <tt><b>;A</b>ide <b>E</b>dit
-floor</tt> command. The default setting for the floor default, in turn,
-is the system default setting, which can be changed using the <tt><b>.A</b>ide
-<b>S</b>ystem configuration <b>G</b>eneral</tt> command.</p>
-<pre>Save changes (y/n)? Yes<br></pre>
-<p>...this gives you an opportunity to back out, if you feel you really
-messed things up while editing.<br>
-<br>
-</p>
-<h3><a name="File_directories"></a>File directories</h3>
-<p>If you have created any directory rooms, you can attach file
-descriptions to the filenames through a special file called <tt>filedir</tt>.
-Each line contains the name of a file in the directory, followed by a
-space and then a description of the file, such as:</p>
-<pre>myfile.txt This is a description of my file.<br>phluff A phile phull of phluff!<br></pre>
-<p>...this would create file descriptions for the files <tt>myfile.txt</tt>
-and <tt>phluff</tt> which would be displayed along with the directory.
-It should also be noted that when users upload files to your system,
-they will be prompted for file descriptions, which will be added to the
-<tt>filedir</tt> file. If one does not exist, it will be created.<br>
-<br>
-</p>
-<h3><a name="Creating_and_editing_user_accounts"></a>Creating and
-editing user accounts</h3>
-<p>Anyone with Aide level access may use the <tt><b>.A</b>ide edit <b>U</b>ser</tt>
-command to create and/or edit user accounts. There are several
-parameters which can be set here.</p>
-<p>To create a user:</p>
-<pre>Lobby> . Aide edit User <br>User name: New User Name<br>No such user.<br>Do you want to create this user? Yes<br></pre>
-<p>At this point, the new user account has been created, and the
-command will
-continue as if you were editing an existing account. Therefore the
-remainder
-of this procedure is the same for creating and editing:</p>
-<pre>Lobby> . Aide edit User <br>User name: person of significance<br>User #70 - Person of Significance PW: <br><br>,<br><br>Current access level: 4 (Network User)<br></pre>
-<p>The blank lines are the user's 'registration' information --
-personal
-information such as full name, address, telephone number, etc. This
-information
-will comprise the user's vCard in both their user profile and in the
-Global
-Address Book.</p>
-<pre>Change password [No]: No<br></pre>
-<p>...answer Yes to set or change the password for this account.</p>
-<pre>Access level [4]: <br></pre>
-<p>...this allows you to set or change the access level for this
-account. The access levels available are as follows: </p>
-<ul>
- <li>0 - Deleted. (This immediately deletes the account.) </li>
- <li>1 - New, unvalidated user </li>
- <li>2 - Problem user (severely restricts account - use for
-probationary access) </li>
- <li>3 - User with no network privileges. Same access as a normal user
-except cannot post messages in rooms shared on a network. </li>
- <li>4 - Normal user </li>
- <li>5 - Preferred user (access is granted to privileged rooms) </li>
- <li>6 - Aide (administrative access to the whole system) </li>
-</ul>
-<pre>Permission to send/receive Internet mail [ No]? No<br></pre>
-<p>If your system is configured to only allow Internet mail privileges
-to certain users, this is where you can grant or revoke that privilege.</p>
-<pre>Ask user to register again [Yes]: Yes<br></pre>
-<p>If you answer Yes to this question, the user will be presented with
-a
-'registration' screen or set of prompts, the next time they log in
-using
-a Citadel client. This will prompt them for their full name, address,
-telephone
-number, etc.</p>
-<pre>Times called [0]: <br>Messages posted [0]: <br></pre>
-<p>These statistics are available for informational purposes only, so
-there is normally no need to change them.</p>
-<pre>Set last call to now [No]: No<br>Purge time (in days, 0 for system default [0]: <br></pre>
-<p>Citadel contains an auto-purger which is capable of automatically
-deleting accounts which have not been accessed in a predefined period
-of time. If you choose to perform this operation, you can 'touch' the
-account
-of a wayward user by setting their 'last call' time to 'now'. You can
-also adjust, on a per-user basis, the amount of time which must pass
-before
-their account is purged by the system. This time is set in days. You
-can also specify 0 days to indicate that you wish to use the system
-default
-setting.<br>
-<br>
-</p>
-<h3><a name="Deleting_and_moving_messages"></a>Deleting and moving
-messages</h3>
-<p>Aides and Room Aides have the ability to delete and move messages.
-After each message, the normal prompt appears:</p>
-<pre>(8) <B>ack <A>gain <Q>uote <R>eply <N>ext <S>top m<Y> next <?>help -><br></pre>
-<p>Entering <tt><b>D</b>elete</tt> will delete the message. A <tt>(y/n)</tt>
-prompt will appear to confirm that you really want to delete the
-message. Entering <tt><b>M</b>ove</tt> will prompt for a room to which
-the message should be moved.<br>
-<br>
-</p>
-<h3><a name="Customizing_the_help_files"></a>Customizing the help files</h3>
-<p>The subdirectory called <tt>help</tt> contains your system's help
-files. There's nothing hard-coded into the system that dictates what
-files
-should be there. Whenever a user types the command <tt><b>.H</b>elp</tt>
-followed by the name of a help file, it displays the contents of that
-help file.</p>
-<p>The help files that come with the system, of course, are enough to
-guide a user through its operation. But you can add, change, or remove
-help files to suit whatever is appropriate for your system.</p>
-<p>There are several strings that you can put in help files that will
-be automatically
-substituted with other strings. They are:</p>
-<pre> <br> ^nodename = The node name of your system on a Citadel network<br> ^humannode = Human-readable node name (also your node name on C86Net)<br> ^fqdn = Your system's fully-qualified domain name<br> ^username = The name of the user reading the help file<br> ^usernum = The user number of the user reading the help file<br> ^sysadm = The name of the system administraor (i.e., you)<br> ^variantname = The name of the software you're running<br> ^bbsdir = The directory on the host system in which you have<br> installed the Citadel system.<br></pre>
-<p>So, for example, you could create a help file which looked like:</p>
-<pre> "Lots of help, of course, is available right here on ^humannode. Of<br>course, if you still have trouble, you could always bug ^sysadm about it!"<br><br></pre>
-<h3><a name="Site_configuration"></a>Site configuration</h3>
-<p>Once your Citadel server is up and running, the first thing you'll
-want to do is customize and tune it. This can be done from the
-text-based client with the <tt><b>.A</b>ide <b>S</b>ystem
-configuration <b>G</b>eneral</tt> command, or from WebCit (if you have
-it installed) by clicking 'Advanced Options' followed by 'Edit
-site-wide configuration.' Either method will offer the same
-configuration options. This document shows the text mode client being
-used.</p>
-<p>The first set of options deal with the identification of your system.</p>
-<pre>Lobby> . Aide System configuration General<br>Node name [uncnsrd]: <br>Fully qualified domain name [uncensored.citadel.org]: <br>Human readable node name [Uncensored]: <br>Modem dialup number [US 914 999 9999]: <br>Geographic location of this system [Mount Kisco, NY]: <br>Name of system administrator [IGnatius T Foobar]: <br>Paginator prompt [<jinkies
- !="" more="" text="" on="" the="" next="" screen="">]: <br></jinkies></pre>
-<p>'Node name' refers to the short, unqualified node name by which your
-system is known on a Citadel network. Generally it will be the same as
-the unqualified host name of your computer; this is, in fact, the
-default setting.</p>
-<p>Then enter the fully-qualified domain name (FQDN) of your system. If
-you
-are not on the Internet, you can simply set it to the same as your
-unqualified host name. Otherwise you should set this value to the host
-name by which your system is most commonly known.</p>
-<p>The field called 'Human-readable node name' (also known as the 'node
-title' or 'organization name' in other software) is used solely for
-display purposes. Set it to the actual name of your system as you want
-it to appear in
-banners, messages, etc.</p>
-<p>If you have a modem or bank of modems answering data calls for your
-system, enter it in the field marked 'Modem dialup number.' Otherwise
-you may leave it blank.</p>
-<p>'Geographic location of this system' is another display field. Enter
-a city and state, or city and country. </p>
-<p>'Name of system administrator' is important! Any user who logs on
-with the name you enter here will automatically be granted Aide
-privileges. This is one of two ways for the system administrator to
-grant himself/herself Aide access to the system when initially setting
-it up. (The other is simply to have the first account created on a new
-installation.)</p>
-<p>The next set of options are your system's security settings. Before
-delving into the actual options, we should review the various access
-levels available on the system. Citadel has seven access levels:</p>
-<ul>
- <li>0 (Deleted). A user whose access level is set to 0 will
-automatically be deleted by the system. </li>
- <li>1 (New User). Users at this level may only read messages.
-Entering messages is prohibited, except in the <tt>Mail></tt> room,
-where a message to 'sysop' may be entered. </li>
- <li>2 (Problem User). Also known as 'Twit.' </li>
- <li>3 (Local User). May enter messages, except in rooms shared on a
-Citadel network. </li>
- <li>4 (Network User). May enter messages in every accessible
-room. </li>
- <li>5 (Preferred User). Use of this level is up to the whim of the
-system administrator. </li>
- <li>6 (Aide). Access is granted to the administrative functions of
-the system. (This access level may also be granted to a user only for a
-specific room, please see 'Room Aide' for more information.) </li>
-</ul>
-<pre>Require registration for new users [No]: No<br>Disable self-service user account creation [No]: No<br>Initial access level for new users [4]:<br>Access level required to create rooms [4]: <br>Automatically give room aide privs to a user who creates a private room [No]: No<br><br>Automatically move problem user messages to twit room [Yes]: Yes<br>Name of twit room [Trashcan]: <br>Restrict Internet mail to only those with that privilege [No]: No<br>Allow Aides to Zap (forget) rooms [Yes]: Yes<br>Log all pages [No]: No<br></pre>
-<p>'Registration' refers to the process of a user entering various
-personal contact information (real name, address, telephone number,
-etc.) into the system. When enabled, this information is stored as a
-vCard object on the system in two places: the user's <tt>My Citadel
-Config></tt>
-room, and in the <tt>Global Address Book></tt> room. (Note: the
-latter
-should be made private on publicly-accessible systems, for obvious
-reasons.)</p>
-<p>If you answer Yes to 'Require registration for new users' then each
-new user, upon creating a new account, will immediately be entered into
-the registration process. On the other hand, if you answer Yes to
-'Disable self-service user account creation' then new users will not be
-able to
-log in at all -- all accounts must be created by an Aide.</p>
-<p>'Initial access level for new users' should be set to 1 (New User)
-if you would like to review each new user's registration info before
-granting them higher access. This would be done periodically with the <tt><b>.A</b>ide
-<b>V</b>alidate new users</tt> command. If you do not require
-registration, you should set the initial access level to 4 (Network
-User).</p>
-<p>Given the above options, it then becomes clear that there are
-generally two ways you can set up your Citadel system, depending on its
-purpose:</p>
-<ul>
- <li><b>A public access BBS or message board</b> - since you do
-not know who might want to log in, self-service account creation needs
-to
-stay enabled. If you want to be strict about users identifying
-themselves,
-then you should also require users to register (just remember to post a
-privacy policy if you're going to collect personal information) -- then
-set
-the initial access level to 1 (New User), so new users cannot post
-messages
-until after you've validated them. For a more lax environment, you can
-remove the registration requirement and grant new accounts level 4
-(Normal
-User) access on the first visit. </li>
- <li><b>A private email/groupware system for your organization</b> -
-in this case, disable self-service account creation; you don't want
-strangers welcoming themselves to your system. You'll probably also
-want
-to disable registration, because you or some other site administrator
-will be entering users' contact info when you create their accounts.
-Since this is also how you assign their Internet e-mail addresses, it's
-probably a good idea to do it yourself instead of expecting them to do
-it. </li>
-</ul>
-<p>'Access level required to create rooms' is up to you. You might wish
-to
-restrict the creation of new rooms only to Aides, or you might wish to
-allow
-anyone to create a room. The latter is one of the Citadel culture's
-most
-long-standing traditions; the former may be appropriate if users are
-abusing
-this privilege.</p>
-<p>You have the ability to 'Automatically give room aide privs to a
-user who creates a private room.' If you answer Yes, then any user who
-creates a
-guess-name, passworded, or invitation-only room will automatically
-become the room aide, and will have access to a subset of the <tt><b>.A</b>ide</tt>
-command set while in that room. If you would rather grant this
-permission manually, answer No.</p>
-<p>Another tradition in the Citadel culture is to refrain from deleting
-problem users, but instead to 'twit' them (reduce their access level to
-2
-[Problem User]). You can then 'Automatically move problem user messages
-to twit room' (answer Yes, then specify 'Name of twit room' and
-remember
-to create that room). If you employ this logic, any user with level 2
-(Problem
-User) access will continue to have access to the same set of rooms, but
-all
-messages posted will automatically be routed to the Trashcan (or
-whatever
-you call your twit room).</p>
-<p>If you have Internet mail configured, you have the option of
-restricting its use on a user-by-user basis. If you wish to do this,
-answer Yes to 'Restrict Internet mail to only those with that
-privilege.' Obviously this makes no sense for an internal e-mail
-system, but for a public BBS it
-might be appropriate.</p>
-<p>Normally, Aides have access to every room, public or private.
-They are also forbidden from <tt><b>Z</b>ap</tt>ping
-rooms, because the review of content is considered one of their roles.
-If you wish to change these policies, the next two options allow you
-to. You may 'Allow Aides to Zap (forget) rooms', in which case they may
-use the <tt><b>Z</b>ap</tt> command just like any other user.
-Aides may also <tt><b>.G</b>oto</tt> any private mailbox belonging to
-any
-user, using a special room name format.</p>
-<p>If your local security and/or privacy policy dictates that you keep
-a
-log of all pages (instant messages) that go through the system, then
-answer
-Yes to 'Log all pages'. If you answer Yes, you will be prompted for the
-name of a room to which all pages will be logged. If you answer No,
-then
-only the sender and recipient of each individual message will receive a
-copy.</p>
-<p>The next set of options deals with the tuning of your system. It is
-usually safe to leave these untouched.</p>
-<pre>Server connection idle timeout (in seconds) [900]: <br>Maximum concurrent sessions [20]: <br>Maximum message length [10000000]: <br>Minimum number of worker threads [5]: <br>Maximum number of worker threads [256]: <br>Automatically delete committed database logs [Yes]:<br></pre>
-<p>The 'Server connection idle timeout' is for the connection between
-client and server software. It is <b>not</b> an idle timer for the
-user interface. 900 seconds (15 minutes) is the default and a sane
-setting.</p>
-<p>'Maximum concurrent sessions' is the highest number of user sessions
-you wish to allow on your system at any given time. Citadel can scale
-to hundreds of concurrent users, but if you have limited hardware or
-(more likely) limited bandwidth, you might wish to set a maximum. You
-can also set it to zero for no limit.</p>
-<p>'Maximum message length' is just that. This could be a good way to
-prevent enormous multimedia files from finding their way into your
-message base. This maximum is enforced in all protocols and is also
-advertised by the ESMTP service.</p>
-<p>The minimum and maximum number of worker threads can be tuned to
-your liking. Citadel will attempt to keep one worker thread running per
-session, within these constraints. You should be aware that due to the use of
-the worker thread model, Citadel can handle a large number of concurrent
-sessions with a much smaller thread pool. If you don't know the programming
-theory behind multithreaded servers, you should leave these parameters alone.<br>
-</p>
-<p>'Automatically delete committed database logs' is a <span
- style="font-style: italic;">crucial</span> setting which affects your
-system's disk utilization and backup recoverability. Please refer
-to the <a href="#Database_maintenance">database maintenance</a>
-section of this document to learn how the presence or absence of
-database logs affect your ability to reliably backup your Citadel
-system.<br>
-</p>
-<p>The next set of options affect how Citadel behaves on a network.</p>
-<pre>Server IP address (0.0.0.0 for 'any') [0.0.0.0]:<br>POP3 server port (-1 to disable) [110]:<br>POP3S server port (-1 to disable) [995]:<br>IMAP server port (-1 to disable) [143]:<br>IMAPS server port (-1 to disable) [993]:<br>SMTP MTA server port (-1 to disable) [25]:<br>SMTP MSA server port (-1 to disable) [587]:<br>SMTPS server port (-1 to disable) [465]:<br>Correct forged From: lines during authenticated SMTP [Yes]:<br>Allow unauthenticated SMTP clients to spoof my domains [No]: No<br>Instantly expunge deleted IMAP messages [No]: Yes<br></pre>
-<p>"Server IP address" refers to the IP address on <span
- style="font-style: italic;">your server</span> to which Citadel's
-protocol services should be bound. Normally you will leave this
-set to 0.0.0.0, which will cause Citadel to listen on all of your
-server's interfaces. However, if you are running multiple
-Citadels on a server with multiple IP addresses, this is where you
-would specify which one to bind this instance of Citadel to.</p>
-<p>Then you can specify TCP port numbers for the SMTP, POP3, and IMAP
-services. For a system being used primarily for Internet e-mail, these
-are essential, so you'll want to specify the standard port numbers: 25,
-110, and 143. If Citadel is running alongside some other mail system,
-though, then you might want to choose other, unused port numbers, or
-enter -1 for any protocol
-to disable it entirely.</p>
-<p>You'll also notice that you can specify two port numbers for SMTP:
-one
-for MTA (Mail Transport Agent) and one for MSA (Mail Submission Agent).
-The
-traditional ports to use for these purposes are 25 and 587. If you are
-running an external MTA, such as Postfix (which submits mail to Citadel
-using
-LMTP) or Sendmail (which submits mail to Citadel using the 'citmail'
-delivery agent), that external MTA will be running on port 25, and you
-should
-specify "-1" for the Citadel MTA port to disable it. The MSA port
-(again,
-usually 587) would be the port used by end-user mail client programs
-such as
-Aethera, Thunderbird, Eudora, or Outlook, to submit mail into the
-system.
-All connections to the MSA port <b>must</b> use Authenticated SMTP.<br>
-</p>
-<p>The protocols ending in "S" (POP3S, IMAPS, and SMTPS) are
-SSL-encrypted. Although all of these protocols support the
-STARTTLS command, older client software sometimes requires connecting
-to "always encrypted" server ports. Usually when you are looking
-at a client program that gives you a choice of "SSL or TLS," the SSL
-option will connect to one of these dedicated ports, while the TLS
-option will connect to the unencrypted port and then issue a STARTTLS
-command to begin encryption. (It is worth noting that this is <span
- style="font-style: italic;">not</span> the proper use of the acronyms
-SSL and TLS, but that's how they're usually used in many client
-programs.)<br>
-</p>
-<p>All of the default port numbers, including the encrypted ones, are
-the standard ones.<br>
-</p>
-<p>The question about correcting forged From: lines affects how Citadel
-behaves with authenticated SMTP clients. Citadel does not ever allow
-third-party SMTP relaying from unauthenticated clients -- any incoming
-messages must be
-addressed to a user on the system or somewhere in a Citadel network. To
-use Citadel with SMTP client software such as Netscape, Outlook,
-Eudora, or
-whatever, users must log in with a username and password. In order to
-prevent
-message forgeries, Citadel discards the <tt>From:</tt> line in any
-message
-entered by an authenticated user, and replaces it with a <tt>From:</tt>
-line
-containing the user's genuine name and e-mail address. Technically,
-this
-violates RFC822, because headers are never supposed to be altered, but
-common
-sense dictates that this is a good idea. Nevertheless, if you want to
-suppress
-this behavior, answer 'No' at the prompt (the default is 'Yes') and the
-headers
-will never be altered.</p>
-<p>"Instant expunge" affects what happens when IMAP users delete
-messages. As you may already know, messages are not <i>truly</i> deleted
-when an IMAP client sends a delete command; they are only <i>marked for
-deletion</i>. The IMAP client must also send an "expunge" command
-to actually delete the message. The Citadel server automatically expunges
-messages when the client logs out or selects a different folder, but if you
-select the Instant Expunge option, an expunge operation will automatically
-follow any delete operation (and the client will be notified, preventing any
-mailbox state problems). This is a good option to select, for example, if you
-have users who leave their IMAP client software open all the time and are
-wondering why their deleted messages show up again when they log in from a
-different location (such as WebCit).</p>
-<p>"Allow spoofing" refers to the security level applied to
-non-authenticated SMTP clients. Normally, when another host connects to
-Citadel via SMTP to deliver mail, Citadel will reject any attempt to send
-mail whose sender (From) address matches one of your host's own domains. This
-forces your legitimate users to authenticate properly, and prevents foreign
-hosts (such as spammers) from forging mail from your domains. If, however,
-this behavior is creating a problem for you, you can select this option to
-bypass this particular security check.<br>
-<span style="font-family: monospace;"><br>
-Connect this Citadel to an LDAP directory [No]: No</span><br>
-</p>
-<p>The LDAP configuration options are discussed elsewhere in this
-document.<br>
-</p>
-<p>The final set of options configures system-wide defaults for the
-auto-purger:</p>
-<pre>Default user purge time (days) [120]: <br>Default room purge time (days) [30]: <br>System default message expire policy (? for list) [0]: <br>Keep how many messages online? [150]:<br>Mailbox default message expire policy (? for list) [0]:<br>How often to run network jobs (in seconds) [1800]:<br>Enable full text search index (warning: resource intensive) [Yes]: Yes<br>Hour to run purges (0-23) [4]:<br>
-Perform journaling of email messages [No]:<br>Perform journaling of non-email messages [No]:<br>Email destination of journalized messages [example@example.com]:<br></pre>
-<p>Any user who does not log in for the period specified in 'Default
-user purge time' will be deleted the next time a purge is run. This
-setting may be modified on a per-user basis.</p>
-<p>'Default room purge time' behaves the same way, and may also be
-modified on a per-room basis.</p>
-<p>'System default message expire policy' defines the way in which old
-messages are expired (purged) off the system. You can specify any of:</p>
-<ul>
- <li>Purge by age (specify in days) </li>
- <li>Purge by message count in the room (specify number of messages) </li>
- <li>Do not purge at all </li>
-</ul>
-<p>Again, this setting may be overridden on a per-floor basis, and the
-floor setting may be overridden on a per-room basis. You'll also notice
-that you can set a <i>different</i> default for mailbox rooms if you
-want
-to. This can allow you, for example, to set a policy under which old
-messages scroll out of public rooms, but private mail stays online
-indefinitely
-until deleted by the mailbox owners.<br>
-</p>
-<p>"How often to run network jobs" refers to the sharing of content on
-a
-Citadel network. If your system is on a Citadel network, this
-configuration
-item dictates how often the Citadel server will contact other Citadel
-servers to send and receive messages. In reality, this will happen more
-frequently than you specify, because other Citadel servers will be
-contacting yours at regular intervals as well.<br>
-</p>
-<p>"Hour to run purges" determines when expired and/or deleted objects
-are purged from the database. These purge operations are
-typically run overnight and automatically, sometime during whatever
-hour you specify. If your site is much busier at night than
-during the day, you may choose to have the auto-purger run during the
-day.</p>
-<p>"Enable full text search index," if enabled, instructs the server to
-build and maintain a searchable index of all messages on the
-system. This is a time and resource intensive process -- it could
-take days to build the index if you enable it on a large
-database. It is also fairly memory intensive; we do not recommend
-that you enable the index unless your host system has at least 512 MB
-of memory. Once enabled, however, it will be updated
-incrementally
-and will not have any noticeable impact on the interactive response
-time of your system. The full text index is currently only
-searchable when using IMAP clients; other search facilities will be
-made available in the near future.</p>
-<p>The "Perform journaling..." options allow you to configure
-your Citadel server to send an extra copy of every message, along with
-recipient information if applicable, to the email address of your choice.
-The journaling destination address may be an account on the local Citadel
-server, an account on another Citadel server on your network, or an Internet
-email address. These options, used in conjunction with an archiving service,
-allow you to build an archive of all messages which flow through your Citadel
-system. This is typically used for regulatory compliance in industries which
-require such things. Please refer to the <a href="journaling.html">journaling
-guide</a> for more details on this subject.</p>
-<p><span style="font-family: monospace;">Save this configuration? No</span><br>
-</p>
-<p>When you're done, enter 'Yes' to confirm the changes, or 'No' to
-discard the changes.</p>
-</div>
-<hr size="2" width="100%">
-<h2 align="center"><a name="Configuring_Citadel_for_Internet_e-mail"></a>Configuring
-Citadel for Internet e-mail</h2>
-<div align="justify">
-<h3><a name="Introduction"></a>Introduction</h3>
-As you know by now, Citadel is a completely self-contained,
-full-featured Internet e-mail system. When you run Citadel you do
-not need any other mail software on your host system. This
-eliminates the need for tedious mucking about with sendmail, qmail,
-postfix, Cyrus, the UW IMAP
-server, or any of countless other needlessly complex programs that lead
-some people to the false assumption that Unix systems are difficult to
-administer.<br>
-<br>
-Some of the many features supported by Citadel are:<br>
-<ul>
- <li>Built-in SMTP and ESMTP service, for delivering and receiving
-e-mail on the Internet</li>
- <li>Built-in POP3 service, for remote fetching of messages</li>
- <li>Built-in IMAP service, for access to mail using any standard mail
-client program</li>
- <li>Web mail (implemented using the "WebCit" middleware, which is
-installed separately)</li>
- <li>Support for mailing lists, in both "individual message" and
-"digest" formats</li>
- <li>Multiple/virtual domain support</li>
- <li>Any user may have multiple Internet e-mail addresses, in multiple
-domains</li>
- <li>Global address book (Users with addresses in a domain may be
-spread out across many servers on a Citadel network)</li>
- <li>Easy-to-configure integration with <a
- href="http://www.spamassassin.org/">SpamAssassin</a> can block spam <i>before</i>
-it enters the mail system</li>
- <li>Easy-to-configure integration with most Realtime Blackhole
-Lists (RBL) provide further defense against spammers</li>
-</ul>
-This section of the documentation will demonstrate how to configure
-these features.<br>
-<br>
-<h3><a name="Basic_site_configuration"></a>Basic site configuration</h3>
-<p>Basic configuration of your Citadel system for Internet e-mail
-begins with
-the <tt><b>.A</b>ide <b>S</b>ystem configuration <b>I</b>nternet</tt>
-command:</p>
-<pre>Lobby> <b>.A</b>ide <b>S</b>ystem configuration <b>I</b>nternet<br><br>### Host or domain Record type<br>--- -------------------------------------------------- --------------------<br> 1<br><A>dd <D>elete <S>ave <Q>uit -><br></pre>
-<p>This is a "clean" setup. For a simple, standalone e-mail system you
-simply have to enter the <tt><b>A</b>dd</tt> command:</p>
-<pre><A>dd <D>elete <S>ave <Q>uit -> <b>A</b>dd<br><br>Enter host name: schmeep.splorph.com<br> (1) localhost (Alias for this computer)<br> (2) gateway domain (Domain for all Citadel systems)<br> (3) smart-host (Forward all outbound mail to this host)<br> (4) directory (Consult the Global Address Book)<br> (5) SpamAssassin (Address of SpamAssassin server)<br> (6) RBL (domain suffix of spam hunting RBL)<br><br>Which one [1]:<br></pre>
-<p><b>localhost:</b> Basically what you're doing here is telling
-Citadel
-what any aliases for your machine are. If your machine were <tt>schmeep.splorph.com</tt>
-and you also had a DNS entry set up for <tt>blah.com</tt>, you might
-want to enter '1' and enter <tt>blah.com</tt> as your alias, so that
-e-mail
-sent to that address won't bounce.</p>
-<p><i>Important tip:</i> if your system is known by one name and <i>only</i>
-one domain, you might not even need to do this at all. You will recall
-that you entered your system's fully qualified domain name earlier when
-you went through the <tt><b>.A</b>ide <b>S</b>ystem configuration <b>G</b>eneral</tt>
-command. The domain name you entered there is automatically considered
-by Citadel to be a 'localhost' entry in your Internet mail
-configuration. It does not hurt to enter it in both locations, though.</p>
-<p><b>gateway domain:</b> this is a simple way of mapping various
-Citadel hosts in an Internet domain. For example, if you enter <tt>bar.com</tt>
-as a gateway domain, then mail to users at <tt>foo.bar.com</tt> will
-be forwarded to the host called <tt>foo</tt> on a Citadel network,
-mail to users
-at <tt>kunst.bar.com</tt> will be delivered to the Citadel server
-called
-<tt>kunst</tt>, etc. This feature has limited usefulness; if you are
-operating
-a network of Citadel servers, it is more likely that you will use the
-'directory'
-feature, explained below.</p>
-<p><b>smart-host:</b> Normally, Citadel sends outbound Internet e-mail
-directly to its destination. This may not be appropriate for some
-sites; you may require (due to local convention, security policy, or
-whatever) that all outbound mail be sent to an SMTP relay or forwarder.
-To configure this
-functionality, simply enter the domain name or IP address of your relay
-as a 'smart-host' entry.</p>
-<p>If your relay server is running on a port other
-than the standard SMTP port 25, you can also specify the port number
-using "host:port" syntax; i.e. <tt>relay99.myisp.com:2525</tt></p>
-<p>Furthermore, if your relay server requires authentication, you can
-specify it using username:password@host or username:password@host:port
-syntax; i.e. <tt>jsmith:pass123@relay99.myisp.com:25</tt></p>
-<p><b>directory:</b> a domain for which you are participating in
-directory services across any number of Citadel nodes. For example, if
-users who have addresses in the domain <tt>citadel.org</tt> are spread
-out across multiple Citadel servers on your network, then enter <tt>citadel.org</tt>
-as a 'directory' entry. <i>For this to work, all Citadel servers
-participating in directory service <b>must</b> carry and share the <tt>Global
-Address Book></tt> room.</i></p>
-<p><b>spamassassin:</b> if you are running a <a
- href="http://www.spamassassin.org">SpamAssassin</a> service anywhere
-on your
-<b>local</b> network, enter its name or IP address as a 'spamassassin'
-entry. This may be (and, in fact, will usually be) <tt>127.0.0.1</tt>
-to specify
-that the service is running on the same host computer as the Citadel
-server.</p>
-<p>Please install SpamAssassin as per its own documentation. You will
-want to run SpamAssassin in client/server mode, where a <tt>spamd</tt>
-daemon is always running on your computer. Citadel does not utilize the
-<tt>spamc</tt> client; instead, it implements SpamAssassin's protocol
-on its own.</p>
-<p>Connecting to a SpamAssassin service across a wide area network is
-strongly discouraged. In order to determine whether an incoming e-mail
-is spam, Citadel must feed the <i>entire message</i> to the
-SpamAssassin service. Doing this over a wide area network would consume
-time and bandwidth,
-which would affect performance.</p>
-<p>Citadel invokes the SpamAssassin service when incoming messages are
-arriving via SMTP. Before a message is accepted, it is submitted to
-SpamAssassin. If SpamAssassin determines that the message is spam, the
-Citadel SMTP
-service <i>rejects the message,</i> causing a delivery failure on the
-sending
-host. This is superior to software which files away spam in a separate
-folder, because delivery failures will cause some spammers to assume
-the
-address is invalid and remove it from their mailing lists.</p>
-<p><b>RBL:</b> Realtime Blackhole Lists (RBL's) provide defense against
-spammers based on their source IP address. There are many such lists
-available on the Internet, some of which may be utilized free of
-charge. Since they are DNS based, the lists do not require storage on
-your server -- they are queried during the SMTP conversation.</p>
-<p>Citadel can utilize any RBL that uses the <tt>z.y.x.w.nameoflist.org</tt>
-syntax, where <tt>w.x.y.z</tt> is the source IP address which is
-attempting to deliver mail to your server. For example, <a
- href="http://www.spamcop.net">SpamCop</a> would use the query <tt>2.0.0.127.bl.spamcop.net</tt>
-to determine whether the host at <tt>127.0.0.2</tt> is a known spammer
-or open relay. In this case, you simply select option '6' to add an RBL
-entry, and provide it with the domain suffix of <tt>bl.spamcop.net</tt>
-(the IP address
-and extra dot will be automatically prepended for each query).</p>
-<p>Now select <tt><b>S</b>ave</tt> and you are just about ready for
-Internet e-mail.</p>
-<h3><a name="Enabling_the_Internet_mail_protocols"></a>Enabling the
-Internet mail protocols</h3>
-<p>As previously mentioned, Citadel contains its own SMTP, POP3, and
-IMAP services. Enabling them is simple.</p>
-<p>Check for the existance of a current MTA (sendmail, qmail, etc.) by
-connecting to port 25 on your host. If you see something similar to the
-following
-you're running an MTA already and you'll need to shut it down:</p>
-<pre>smw @ pixel % telnet localhost 25<br>Trying 127.0.0.1...<br>Connected to localhost.<br>Escape character is '^]'.<br>220 pixel.citadel.org ESMTP Sendmail 8.9.3/8.9.3; Wed, 15 Mar 2000 19:00:53 -0500<br></pre>
-<p>In the above example, we see that the host already has Sendmail
-listening on port 25. Before Citadel can use port 25, Sendmail must be
-shut off. Please consult the documentation for your operating system
-for instructions on how to do this. (On a Red Hat Linux system, for
-example, you can run the <tt>ntsysv</tt> utility, un-checking <tt>sendmail</tt>
-to disable it at
-the next reboot; then, run <tt>service sendmail stop</tt> to shut off
-the
-currently running service.)</p>
-<p>If you get a 'connection refused' message when you telnet to port 25
-there's nothing running and you should be able to continue. You might
-also want to turn off POP (try the above test substituting 110 for 25)
-and IMAP (port 143) and use Citadel's POP and IMAP services.</p>
-<p>Citadel will look for an existing pop/smtp server on startup. If
-they
-don't exist (and you've configured them properly) then Citadel should
-enable
-them at startup. You can check your logs to be sure, or you can start
-the
-server from a shell and watch it load. It might look something like
-this:</p>
-<font size="-2"> </font>
-<pre><font size="-2">smw @ pixel % ./citserver<br><br>Multithreaded message server for Citadel<br>Copyright (C) 1987-2006 by the Citadel development team.<br>Citadel is open source, covered by the GNU General Public License, and<br>you are welcome to change it and/or distribute copies of it under certain<br>conditions. There is absolutely no warranty for this software. Please<br>read the 'COPYING.txt' file for details.<br><br>Loading citadel.config<br>Opening databases<br>This is GDBM version 1.8.0, as of May 19, 1999.<br>Checking floor reference counts<br>Creating base rooms (if necessary)<br>Registered a new service (TCP port 504)<br>Registered a new service (TCP port 0)<br>Initializing loadable modules<br>Registered server command CHAT (Begin real-time chat)<br>Registered server command PEXP (Poll for instant messages)<br>Registered server command GEXP (Get instant messages)<br>Registered server command SEXP (Send an instant message)<br>Registered server command DEXP (Disable instant messages)<br>Registered a new session function (type 0)<br>Registered a new x-msg function (priority 0)<br>Loaded module: $Id$<br>Registered a new session function (type 1)<br>Registered a new message function (type 201)<br>Registered a new message function (type 202)<br>Registered server command REGI (Enter registration info)<br>Registered server command GREG (Get registration info)<br>Registered a new user function (type 100)<br>Loaded module: $Id$<br>Server-hosted upgrade level is 5.62<br>Loaded module: $Id$<br>Registered server command EXPI (Expire old system objects)<br>Registered server command FSCK (Check message ref counts)<br>Loaded module: $Id$<br><b>citserver: Can't bind: Address already in use<br>ERROR: could not bind to TCP port 25.</b><br>Registered a new service (TCP port 0)<br>Registered a new session function (type 50)<br>Loaded module: $Id$<br><b>citserver: Can't bind: Address already in use<br>ERROR: could not bind to TCP port 110.</b><br>Registered a new session function (type 0)<br>Loaded module: $Id$<br>Registered a new message function (type 202)Loaded module: $Id$<br>Registered server command RWHO (Display who is online)<br>Registered server command HCHG (Masquerade hostname)<br>Registered server command RCHG (Masquerade roomname)<br>Registered server command UCHG (Masquerade username)<br>Registered server command STEL (Enter/exit stealth mode)<br>Loaded module: $Id$<br>Changing uid to 513<br>Starting housekeeper thread<br></font></pre>
-<p>The lines emphasized in boldface in the above log output tell you
-that Citadel "can't bind" to various ports. The error 'address already
-in use' generally means that something else is already running on the
-requested port. Make SURE you've followed the above steps to remove
-sendmail/pop and start your Citadel server again.</p>
-<h3><a name="citmail"></a>Using Citadel in conjunction with another MTA</h3>
-<p>Occationally it is not practical to remove a non-Citadel MTA on your
-host system. For example, you might have multiple groups of users, some
-of
-which are using Citadel and some of which are using a legacy Unix mail
-spool. This type of configuration is discouraged, but two tools are
-provided
-to allow it.</p>
-<p>The tool is called <tt>citmail</tt> and it is, quite simply, a
-local MDA (Mail Delivery Agent) which you can configure into your MTA
-for final delivery of incoming messages to Citadel users. A full
-discussion of the finer points of complex Sendmail configurations is
-beyond the scope of this document; however, you might want to visit <a
- href="http://pixel.citadel.org/citadel/docs/">Pixel BBS</a> where some
-useful HOWTO documents are provided.<br>
-</p>
-<p>The other tool is an <a href="http://www.faqs.org/rfcs/rfc2033.html">RFC2033</a>
-compliant LMTP service running on a local socket. If you're
-running a mailer that speaks LMTP (such as <a
- href="http://www.postfix.org/">Postfix</a>), you can simply point your
-mailer at the socket called <span style="font-family: monospace;">citadel.socket</span>
-in your Citadel directory. For example, in Postfix you might put
-the following line into <span style="font-family: monospace;">main.cf</span>
-in order to tell it to use Citadel to deliver mail to local recipients:<br>
-</p>
-<pre>local_transport = lmtp:unix:/usr/local/citadel/lmtp.socket<br></pre>
-<p>Postfix also has something called a "fallback transport" which can
-be used to implement Citadel as a "secondary" mail system on your
-server, while keeping the existing Unix mailboxes intact.
-However, it is beyond the scope of this document to detail the finer
-points of the configuration of Postfix or any other mailer, so refer to
-the documentation to those programs and keep in mind that Citadel has
-LMTP support.<span style="font-family: monospace;"></span></p>
-<p>There are actually <i>two</i> LMTP sockets. One is called
-<tt>lmtp.socket</tt> and the other is called <tt>lmtp-unfiltered.socket</tt>
-(both are found in your Citadel directory). The difference should be
-obvious: messages submitted via <tt>lmtp.socket</tt> are subject to
-any
-spam filtering you may have configured (such as SpamAssassin), while
-messages
-submitted via <tt>lmtp-unfiltered.socket</tt> will bypass the filters.
-You
-would use the filtered socket when receiving mail from an external MTA
-such
-as Postfix, but you might want to use the unfiltered socket with
-utilities
-such as fetchmail.</p>
-<br>
-<p>For outbound mail, you
-can either allow Citadel to perform
-deliveries directly
-(this won't affect your other mail system because outbound mail doesn't
-tie
-up port 25) or enter <tt>127.0.0.1</tt> as your smart-host, which will
-tell
-Citadel to forward all of its outbound mail to your other mail system.</p>
-<h3><a name="Hosting_an_Internet_mailing_list"></a>Hosting an Internet
-mailing list</h3>
-<p>Citadel has built in mailing list service (known in Internet
-vernacular as "listserv") functionality. You can turn any room
-into a mailing list. Users can then choose how they participate
--- by logging on to your Citadel server directly, or by having the
-room's contents mailed to
-them somewhere else. Configuring this is easy.</p>
-<p>Citadel supports two modes of mailing list delivery: </p>
-<ul>
- <li>"List mode" -- each individual message is delivered as a single
-e-mail to each list mode recipient. The "From:" header will
-display the address of the message's original author.</li>
- <li>"Digest mode" -- groups of one or more messages are delivered
-to digest mode recipients. The number of messages in the group
-depends on how many new messages arrived since the last batch was
-delivered. The "From:" header will display the address of the
-room itself, which allows replies to be posted back to the room.</li>
-</ul>
-A room may have any combination of list mode and digest mode
-recipients.
-<p>As alluded to above, every room on your Citadel system has an
-Internet e-mail address of its own. Messages sent to that address
-will be
-posted in the room (and sent back out to mailing list recipients, as
-well
-as to any other Citadels you share the room with). The address
-format
-is <tt>room_</tt> plus the name of the room, with any spaces replaced
-by
-underscores, followed by <tt>@</tt> and your hostname. For example, if
-your
-system is known as <tt>phlargmalb.orc.org</tt> on the Internet, and
-you have
-a room called <tt>Bubblegum Collectors</tt>, you can post to that room
-from
-anywhere on the Internet simply by sending an e-mail to <tt>room_bubblegum_collectors@phlargmalb.orc.org</tt>.
-When the message arrives, it's automatically posted in that room.</p>
-<p>To manually edit the list of "list mode" recipients, simply enter
-the <tt><b>.A</b>ide
-mailing <b>L</b>ist management</tt> command. Your text editor will
-open
-up and you will be able to create or edit a list of recipients, one per
-line. Lines beginning with a hash (<tt>#</tt>) are comments.</p>
-<p>To manually edit the list of "digest mode" recipients, enter the <tt><b>.A</b>ide
-mailing list <b>D</b>igest recipients</tt> command. As with the
-previous command, the text editor will open up and you can edit the
-list of digest mode recipients, one per line.</p>
-<p>Citadel also has a facility which allows users to subscribe or
-unsubscribe to mailing lists using a web browser. In order to do this,
-WebCit must also be running on your server in addition to Citadel.
-WebCit is obtained and installed separately from the rest of the
-Citadel system.</p>
-<p>In order to prevent "just anyone" from subscribing to any room on
-your system, there is a setting in the <tt><b>.A</b>ide <b>E</b>dit
-room</tt> command:</p>
-<pre>CitaNews} . Aide Edit this room<br>
-Room name [CitaNews]:<br>
-<br>
-<i>(lots of other stuff omitted for brevity...)</i><br>
-<br>
-Self-service list subscribe/unsubscribe [No]: Yes<br></pre>
-<p>When you answer "Yes" to self-service list subscribe/unsubscribe,
-you are
-enabling that feature. Now, all you have to do is tell the world about
-the
-web page they need to visit. It looks like this:</p>
-<center><tt>http://foobar.baz.org:2000/listsub</tt></center>
-<p>In this example, the server is called <tt>foobar.baz.org</tt> and
-WebCit is running on port 2000. Edit appropriately.</p>
-<p>Citadel offers a subscribe/unsubscribe facility that is more
-intuitive than other listservs. With most systems, sending commands to
-the listserv requires that you e-mail it commands in a special format.
-It's easy to get it wrong. Citadel simply uses your web browser. You
-select the list you want to subscribe or unsubscribe (hint: it's the
-list of rooms you've enabled self-service for), select whether you want
-list mode or digest mode, and enter your e-mail address. For security
-purposes, a confirmation message is sent to the address you enter. But
-you don't have to reply to the message in a weird format, either: the
-confirmation contains another URL which
-you simply click on (or paste into your browser if you can't click on
-URL's
-in your e-mail software) and the confirmation is automatically
-completed.</p>
-<hr size="2" width="100%">
-<center>
-<h2><a name="Building_or_joining_a_Citadel_network"></a>Building or
-joining a Citadel network</h2>
-</center>
-<h3><a name="Overview__"></a>Overview</h3>
-<p>If you are running Citadel as a BBS or other forum type of
-application, one way to 'keep the conversation going' is to share rooms
-with other Citadel systems. In a shared room, a message posted to the
-room is automatically
-propagated to every system on the network. It's kind of like a UseNet
-newsgroup, but without the spam.</p>
-<p>If you are using Citadel as the e-mail and groupware platform for a
-large organization, you can use its networking features to build a
-large network of Citadel servers which share content (think of rooms as
-public folders), redistribute e-mail throughout the organization, and
-integrate the global address book. It might make sense, for
-example, in a large corporation to give each department or location its
-own Citadel server. Thanks
-to Citadel's global address book features, you could still have all of
-the users share a single e-mail domain.</p>
-<p>Obviously, the first thing you have to do is find another Citadel to
-share rooms with, and make arrangements with them. The following
-Citadels are a good place to start:</p>
-<ul>
- <li>UNCENSORED! - <a href="http://uncensored.citadel.org">uncensored.citadel.org</a>
- </li>
- <li>The Dog Pound II - <a href="http://dogpound2.citadel.org">dogpound2.citadel.org</a>
- </li>
-</ul>
-<p>You don't have to be a part of the citadel.org domain to participate
-in the public Citadel network, but the DNS service is provided free of
-charge by the Citadel community if you wish to do this.</p>
-<h3><a name="Conventions_and_etiquette_when"></a>Conventions and
-etiquette when connecting to the public Citadel network</h3>
-<p>Before we get into the technical nitty gritty, there are two points
-of etiquette to keep in mind. The first thing to keep in mind is that
-the operator of any particular Citadel may not be willing to share some
-of his/her rooms. Some sites are proud to offer exclusive content in
-certain areas. Chances are, if a room is already being shared on the
-network, it's available for anyone to share; if not, it can't hurt to
-ask -- but take care not to demand it of them. Ask if you may share the
-room instead of telling them that you wish to share the room. When
-looking at a <tt><b>K</b></tt>nown rooms list, network rooms are the
-ones ending in parentheses instead of angle brackets. For example, <tt>Gateway)</tt>
-would be a network room, <tt>Lobby></tt> would not.</p>
-<p>The other point of etiquette to remember is that you should be
-making
-the arrangements in advance, and then set it up. It is extremely rude
-to
-simply begin networking with another Citadel, or unilaterally start
-sharing
-a new room, without first obtaining permission from its operator.
-Always
-ask first. Most Citadel operators are more than happy to network with
-you. Also, if later on you decide to take your system down, please take
-the time
-to notify the operators of any other Citadels you network with, so they
-can
-unconfigure their end.</p>
-<h3><a name="Getting_ready_to_join_the_network"></a>Getting ready to
-join the network</h3>
-<p>Ok, first things first. On a Citadel room sharing network, the first
-thing you need to know is your own system's node name. Presumably you
-set
-this up during installation, but if you want to change it you can do so
-using
-the <tt><b>.A</b>ide <b>S</b>ysconfig <b>G</b>eneral</tt> command:</p>
-<pre>Lobby> . Aide System configuration General<br>Node name [uncnsrd]:<br>Fully qualified domain name [uncensored.citadel.org]:<br>Human readable node name [Uncensored]:<br></pre>
-<p>The "node name" is important, it's how the network identifies
-messages coming from your system. The "human readable node name" is
-simply a label; it shows up in messages coming from your system. "Fully
-qualified domain name" is your DNS name; it's used for routing messages
-on the Internet. In the above example, the node name is "uncnsrd".</p>
-<h3><a name="Defining_neighbor_nodes"></a>Defining neighbor nodes</h3>
-<p>The next thing you need to do is configure your neighbor node(s).
-You need to do this for each node you network with. Let's say you
-wanted
-to talk to a Citadel system called "frobozz". Use the <tt><b>.A</b>ide
-<b>S</b>ysconfig <b>N</b>etwork</tt> command:</p>
-<pre>Lobby> . Aide System configuration Network<br>### Node Secret Host or IP Port#<br>--- ---------------- ---------------- -------------------------------- -----<br><A>dd <D>elete <S>ave <Q>uit -> Add<br><br>Enter node name : frobozz<br>Enter shared secret: frotz<br>Enter host or IP : frobozz.magick.org<br>Enter port number : [504]: 504<br><br>### Node Secret Host or IP Port#<br>--- ---------------- ---------------- -------------------------------- -----<br> 1 frobozz frotz frobozz.magick.org 504<br><A>dd <D>elete <S>ave <Q>uit -> Save<br><br>Lobby><br></pre>
-<p>As you can see in the above example, you have to enter the Citadel
-node name, the DNS name or IP address of the server, and the port
-number the Citadel service is running on. The "shared secret" is a
-password to allow the two Citadel nodes to connect to each other to
-exchange network data. The password must be <i>identical</i> on both
-ends of the connection -- when the operator of the other Citadel node
-sets up the connection with
-your system, he/she must use the same password.</p>
-<h3><a name="Sharing_rooms"></a>Sharing rooms</h3>
-<p>Now you're ready to share rooms. You have to do this for each room
-you want to share, and you have to do it from BOTH ENDS -- again, when
-you
-share a room with another Citadel, they must share it with you as well.
-Let's say you have a room called "Quiche Recipes>" and you want to
-share
-it with the node you set up above. First, edit the room and flag it as
-a
-network room:</p>
-<pre>Quiche Recipes> . Aide Edit this room<br>Room name [Quiche Recipes]:<br>Private room [No]: No<br>Preferred users only [No]: No<br>Read-only room [No]: No<br>Directory room [No]: No<br>Permanent room [No]: No<br>Network shared room [No]: Yes<br>Automatically make all messages anonymous [No]: No<br>Ask users whether to make messages anonymous [No]: No<br>Listing order [64]:<br>Room aide (or 'none') [none]:<br>Message expire policy (? for list) [0]:<br>Save changes (y/n)? Yes<br>Ok<br><br>Quiche Recipes)<br></pre>
-<p>Notice how the prompt changed? It was > before, but it's ) now.
-That means it's a network room. Now you can tell Citadel that you want
-to
-share the room with frobozz. Enter this command:</p>
-<pre>Quiche Recipes) . Aide Network room sharing<br></pre>
-<p>Your text editor will pop up (you <i>did</i> configure Citadel to
-use
-your favorite text editor, right?) with a screen that looks like this:</p>
-<pre># Configuration for room: Quiche Recipes<br># Nodes with which we share this room<br># Specify one per line.<br></pre>
-<p>All you have to do is enter the name of the other Citadel node (i.e.
-"frobozz" in our example) on a line by itself. As usual, lines starting
-with a "#" are comments. Just go to the end of the file, type "frobozz"
-(without the quotes), save the file... and you're done!</p>
-<p>At this point, you just sit back and enjoy. Your Citadel and the
-other one will begin polling each other at regular intervals (once per
-hour by default) and sharing messages.</p>
-<h3><a name="Sending_mail"></a>Sending mail</h3>
-<p>You can send mail to any user on any node of your Citadel network.
-It may take a little while for your system to learn the entire node
-list, though, as this is done by watching incoming messages on the
-network and learning which nodes are out there.</p>
-<p>To send a private message, just enter <tt>user @ host</tt> as the
-recipient:</p>
-<pre>Mail> Enter message <br>Enter recipient: Some other user @ frobozz<br> Feb 11 2003 11:36pm from I. M. Me to Some other user @ frobozz<br>type message here...<br><br>Entry command (? for options) -><br><br></pre>
-<h3><a name="Changing_the_polling_interval"></a>Changing the polling
-interval</h3>
-<p>As previously mentioned, Citadel will poll other Citadel nodes for
-messages once per hour. If this is not an acceptable interval, you can
-change it using the <tt><b>.A</b>ide <b>S</b>ystem configuration <b>G</b>eneral</tt>
-command. Enter this command and look for the option:</p>
-<pre>How often to run network jobs (in seconds) [3600]:<br></pre>
-<p>Change it to whatever you like. For example, 15 minutes is 900
-seconds. So if you changed the default value to 900, network polling
-would occur every 15 minutes.</p>
-<hr>
-<h2 align="center"><a name="Database_maintenance"></a>Database
-maintenance</h2>
-<h3><a name="Introduction_"></a>Introduction</h3>
-The data store used by Citadel is reliable and self-maintaining.
- It requires very little maintenance. This is primarily due
-to its use of the <a href="http://www.sleepycat.com">Berkeley DB</a>
-record manager. It is robust, high-performance, and transactional.<br>
-<br>
-A few small data files are kept in your main Citadel directory, but the
-databases are in the <tt>data/</tt> subdirectory. The files with
-names that begin with "cdb" are the databases themselves; the files
-with names that begin with "log" are the logs (sometimes referred to as
-"journals"). Log files will continue to appear as you use your
-system; each will grow to approximately 10 megabytes in size before a
-new one is started. There is a system configuration setting
-(found in <span style="font-family: monospace;"><span
- style="font-weight: bold;">.A</span>ide <span
- style="font-weight: bold;">S</span>ystem-configuration <span
- style="font-weight: bold;">G</span>eneral</span> in the text mode
-client, or in <span style="font-family: monospace;">Administration
---> Edit site-wide configuration --> Tuning</span> in the WebCit
-client) which specifies "Automatically delete committed database
-logs." If you have this option enabled, Citadel will
-automatically delete any log files whose contents have been fully
-committed to the database files.<br>
-<br>
-For more insight into how the database and log files work, you may wish
-to read the <a
- href="http://www.sleepycat.com/docs/ref/transapp/archival.html">Berkeley
-DB documentation</a> on this subject.<br>
-<br>
-<h3><a name="Backing_up_your_Citadel_database"></a>Backing up your
-Citadel database</h3>
-<span style="font-weight: bold;">Please read this section carefully.</span><br>
-<br>
-There are two backup strategies you can use, depending on your site's
-availability requirements and disk space availability.<br>
-<h5>Strategy #1: Standard backup</h5>
-The standard (or "offline") backup is used when your Citadel server is
-configured to automatically delete committed database logs. The
-backup procedure is as follows:<br>
-<ol>
- <li>Shut down the Citadel server.</li>
- <li>Back up all files (database files, log files, etc.) to tape or
-some other backup media.</li>
- <li>Start the Citadel server.</li>
-</ol>
-<span style="font-style: italic;">Advantage:</span> very little disk
-space is consumed by the logs.<br>
-<span style="font-style: italic;">Disadvantage:</span> Citadel is not
-available during backups.<br>
-<br>
-<h5>Strategy #2: "Hot" backup</h5>
-The "hot backup" procedure is used when your Citadel server is
-configured <span style="font-weight: bold;">not</span> to
-automatically delete committed database logs. The backup
-procedure is as follows:<br>
-<ol>
- <li>Back up all files. Make sure the database files (<span
- style="font-family: monospace;">cdb.*</span>) are backed up <span
- style="font-style: italic;">before</span> the log files (<span
- style="font-family: monospace;">log.*</span>). This will usually
-be the case, because the database files tend to appear first in both
-alphabetical and on-disk ordering of the <span
- style="font-family: monospace;">data/</span> directory.</li>
- <li>After verifying that your backup completed successfully, delete
-the committed log files with a command like this:</li>
-</ol>
-<span style="font-family: monospace;">/usr/local/citadel/sendcommand
-"CULL"</span><br>
-<br>
-<span style="font-style: italic;">Advantage:</span> Citadel continues
-to run normally during backups.<span style="font-style: italic;"><br>
-Disadvantage:</span> Much disk space is consumed by the log files,
-particularly if the full text indexer is turned on.<br>
-<br>
-<br>
-It is up to you to decide which backup strategy to use. <span
- style="font-weight: bold;">Warning: if you configure Citadel to
-automatically delete committed database logs, and do not shut the
-Citadel service down during backups, there is no guarantee that your
-backups will be usable!</span><br>
-<br>
-<h3><a name="Database_repair"></a>Database repair</h3>
-Although Citadel's data store is quite reliable, database corruption
-can occur in rare instances. External factors such as an
-operating system crash or an unexpected loss of power might leave the
-database in an unknown state. A utility is provided which may
-be able to repair your database if this occurs. If you find
-that your Citadel server is not running, and reading the logs shows
-that it is crashing because of an inability to validate a database,
-follow these steps:<br>
-<ol>
- <li>Edit <tt>/etc/inittab</tt> and switch the Citadel service from
-"respawn" to "off." Type <tt>init q</tt> to make this setting
-permanent.</li>
- <li><b>Make a backup of your data.</b> Either write it out to
-tape or copy it to another directory, or a tarball.<br>
- </li>
- <li><tt>cd</tt> to your Citadel directory and type <tt>./database_cleanup.sh</tt></li>
- <li>Let the cleanup script run. <b>Do not interrupt this
-process for any reason.</b><br>
- </li>
- <li>Edit <tt>/etc/inittab</tt> and switch the Citadel service from
-"off" to "respawn". Type <tt>init q</tt> to activate your
-changes.</li>
-</ol>
-If this procedure does not work, you must restore from your most recent
-backup.<br>
-<b>Please note: this utility should <i>only</i> be used for recovering
-a database that is causing the Citadel server to crash upon startup. If
-you have some other type of problem, but the citserver process is not
-aborting with "Berkeley DB Panic" errors, this is <i>not</i> the way to
-fix it.</b><br>
-<br>
-<h3><a name="ImportingExporting_your_Citadel"></a>Importing/Exporting
-your Citadel database<br>
-</h3>
-<p>Citadel contains an importer/exporter module, affectionately
-known as the "Art Vandelay" module (a not-so-obscure Seinfeld
-reference). It
-allows you to export the entire contents of your Citadel databases to a
-flat file, which may then be imported on another system. (This
-procedure
-is also known as "dump and load" to database gurus.)</p>
-<p>Why would you want to do this? Here are some scenarios: </p>
-<ul>
- <li>You are moving a Citadel installation to another computer, which
-uses a different CPU. Since Citadel stores data in an
-architecture-dependent format, the data files wouldn't work on the new
-computer as-is. </li>
- <li>Your computer crashed, lost power, etc. and you suspect that your
-databases have become corrupted. </li>
- <li>You want to switch to a different back-end data store. (For
-example, from GDBM to Berkeley DB) </li>
-</ul>
-<p>So ... how do we work this magic? Follow these steps <i>exactly</i>
-as documented and you should be able to do it all with very little
-trouble.</p>
-<ol>
- <li>This should be obvious, but it's still worth mentioning: <b>Make
-sure you have a backup of everything before you start this! </b>
-You're performing a major operation here. Don't risk it. </li>
- <li>First, get all the users logged off from your system. Disconnect
-it from the network if possible. You don't want anyone logging in while
-you're doing this. </li>
- <li>Log on as root, or some other user that has read/write access to
-all relevant files. </li>
- <li>Go to the directory that Citadel is installed in. For example,
-issue a command like <tt>cd /usr/local/citadel</tt> </li>
- <li>Export the databases with the following command:<br>
- <br>
- <tt>./sendcommand "ARTV export" >exported.dat</tt><br>
- <br>
-This command may run for a while. On a very large system it could take
-an hour or more. Please be patient! </li>
- <li>When the export completes, check to make sure that <tt>exported.dat</tt>
-exists and has some data in it. (Type "ls -l exported.dat") </li>
- <li>Shut down the Citadel server. If you have a line in <tt>/etc/inittab</tt>
-that reads like this:<br>
- <br>
- <tt>c1:2345:respawn:/usr/local/citadel/citserver
--h/usr/local/citadel</tt> <br>
-...then you should change the <tt>respawn</tt> to <tt>off</tt> and
-then type <tt>/sbin/init q</tt> to make the changes take effect. </li>
- <li>Now it's time to delete your current binary databases. Type:<br>
- <br>
- <tt>rm -f citadel.config citadel.control data/*</tt> </li>
- <li>If you're moving Citadel to another computer, you should move the
- <i>entire</i> directory over at this time. <tt>exported.dat</tt>
-only contains the information that was in the binary databases.
-Information which was stored in portable formats doesn't need to be
-exported/imported, so
-you must bring it all over in its current form. </li>
- <li>Now get Citadel running on the new computer (or whatever). Run <tt>setup</tt>
-and turn the service back on (from <tt>/etc/inittab</tt>) but DO NOT
-log in. </li>
- <li>As root, run the import command:<br>
- <br>
- <tt>./sendcommand "ARTV import" <exported.dat</tt><br>
- <br>
-This will import your databases. Again, it may run for a long time. </li>
- <li>Restart the Citadel server. You can do this any way you like.
-From the command line, you can do it with a command like:<br>
- <br>
- <tt>./sendcommand "DOWN"</tt> <br>
- </li>
- <li>Now you're finished. Log in and test everything. You may delete
-exported.dat at this time, or you might want to save it somewhere as a
-sort of pseudo-backup. </li>
-</ol>
-<hr>
-<center>
-<h2><a name="crypto"></a>Cryptography support (TLS/SSL)</h2>
-</center>
-<h3><a name="crypto_intro"></a>Overview</h3>
-<p>Citadel provides built-in support for encryption using Transport
-Layer Security (TLS) for ESMTP, IMAP, POP3, and the Citadel client
-protocol.
-A simple cryptographic configuration is installed automatically when
-you
-bring the system online. The remainder of this section describes how
-this
-configuration is built, and what you can do to make changes to it.</p>
-<p>Encryption files are kept in the <tt>keys/</tt> directory. The
-three
-files used by Citadel are:</p>
-<ul>
- <li><tt>citadel.key</tt> - Contains your system's RSA private key.
-Citadel
-generates a new key automatically if one is not found. </li>
- <li><tt>citadel.csr</tt> - Contains a Certificate Signing Request
-(CSR)
-for your system. Citadel generates a new CSR automatically, using your
-private key, if one is not found. </li>
- <li><tt>citadel.cer</tt> - Contains the public certificate for your
-system. The public key in the certificate <b>must</b> correspond with
-the
-private key in <tt>citadel.key</tt>, otherwise encryption will not
-function properly. Citadel will generate a self-signed certificate,
-again
-using your private key, if a certificate is not found. </li>
-</ul>
-<h3><a name="real_cert"></a>Generating and installing a Trusted
-Certificate</h3>
-<p>If you wish to interact with 3rd party clients
-that have hard coded lists of acceptable Certificate Authorities, and
-you
-do not want annoying dialog boxes popping up for the user on the first
-(or
-all) connections, then you will have to have your key signed by a valid
-Certificate Authority.</p>
-<p>It is beyond the scope of this document to provide a complete
-tutorial
-on SSL certificates. Here are the general rules to follow:</p>
-<ul>
- <li>Generally, the Certificate Signing Requeste which is
-automatically
-generated by Citadel will not contain enough information for any
-Certificate
-Authority to sign it. Generate a new CSR with the following commands:<br>
- <br>
- <tt>cd keys</tt><br>
- <tt>openssl req -new -key citadel.key -out citadel.csr</tt><br>
- <br>
-Answer all questions (your geographic location, organization name,
-etc.)
-and then send the new <tt>citadel.csr</tt> to your Certificate
-Authority
-when you order the certificate. </li>
- <li>When the certificate is received, simply save it as <tt>citadel.cer</tt>
-and restart the Citadel server. </li>
- <li>If your certificate authority delivers a 'chained' certificate
-(one
-with intermediate certificate authorities), simply append the
-intermediate
-certificate after your server's own certificate in the <tt>citadel.cer</tt>
-file.</li>
-</ul>
-<br>
-<hr style="width: 100%; height: 2px;">
-<div style="text-align: center;">
-<h2><a name="LDAP_Directory_Support"></a>LDAP (Directory) Support</h2>
-<div style="text-align: justify;">
-<h3><a name="Introduction_ldap"></a>Introduction</h3>
-LDAP (Lightweight Directory Access Protocol) has become the open
-standard protocol for directory access. There are many client
-programs which are capable of making use of an LDAP directory
-service. Therefore it may be beneficial for some sites to have a
-directory available which is populated with Citadel user information.<br>
-<br>
-Citadel does not contain its own LDAP service, because that would
-eliminate its ability to coexist with any existing directory you may
-already have in place at your organization. Instead, we provide
-the LDAP Connector for Citadel, which allows the Citadel service to
-populate an external LDAP directory. If you do not already have
-an LDAP directory in place, you can use the OpenLDAP server, which is
-probably already present in your operating system, or at least can be
-loaded from the installation CD's. The supplied configuration
-file <tt>citadel-slapd.conf</tt> can be used as a starting
-point to get your LDAP server running.<br>
-<br>
-<h3><a name="Preparing_your_LDAP_server_for_Citadel"></a>Preparing your
-LDAP server for Citadel connections</h3>
-It is difficult to find a commonly accepted LDAP scheme. It seems, most
-real life LDAP installations go for the domain oriented apporach
-and lay out the structure after an existing domain/subdomain structure.
-<p> The most widely accepted and standardized object for storing
-personal data clearly is "inetOrgPerson". Citadel therefore extends this
-standard schema with an object class called "citadelInetOrgPerson".</p>
-<p>If you are using OpenLDAP as your directory server, you should
-choose options similar to the following:</p>
-<pre>
-include /etc/openldap/schema/core.schema
-include /etc/openldap/schema/cosine.schema
-include /etc/openldap/schema/inetorgperson.schema
-include /etc/openldap/schema/rfc2739.schema
-include /etc/openldap/schema/citadel.schema
-
-...
-
-database bdb
-suffix "dc=example,dc=com"
-rootdn "cn=manager,dc=example,dc=com"
-rootpw secret
-directory /var/openldap-data
-
-</pre>
-
-<p>Notes on this configuration:
-<ul>
- <li>Obviously, you can make your suffix and rootdn whatever you wish,
-but in most cases you'd simply follow a DC path that looks similar to
-your DNS domain.</li>
- <li>In earlier versions of OpenLDAP, you could use the
-option <span style="font-family: monospace;">schemacheck off</span> to
-make life easier by relaxing the strict schema checking. This option
-has been removed from OpenLDAP, so now you <strong>must</strong> install
-the supplied schema extensions. <tt>rfc2739.schema</tt> and
-<tt>citadel.schema</tt> are included with the Citadel distribution.</li>
- <li>Your <span style="font-family: monospace;">rootdn</span> and <span
- style="font-family: monospace;">rootpw</span> can be whatever you
-want. Usually the rootdn is <span style="font-family: monospace;">cn=manager,</span>
-followed by your usual suffix. Please don't use <span
- style="font-family: monospace;">secret</span> as your password, as in
-this example. Select a new password for your site.</li>
-</ul>
-<br>
-Your LDAP service <span style="font-weight: bold;">must</span> be up
-and running before you attempt to connect Citadel to it.<br>
-<br>
-<h3><a name="Configuring_the_LDAP_Connector_for"></a>Configuring the
-LDAP Connector for Citadel</h3>
-Once you've located or installed your LDAP server, connecting Citadel
-to it is easily completed with the <span style="font-weight: bold;"><span
- style="font-family: monospace;">.A</span></span><span
- style="font-family: monospace;">ide <span style="font-weight: bold;">S</span>ystem-configuration
-<span style="font-weight: bold;">G</span>eneral command:<br>
-</span>
-<pre>Lobby> . Aide System configuration General<br><br><span
- style="font-style: italic;">(lots of other stuff omitted for brevity...)</span><br><br>Connect this Citadel to an LDAP directory [Yes]: <span
- style="font-weight: bold;">Yes</span><br>Host name of LDAP server []: <span
- style="font-weight: bold;">127.0.0.1</span><br>Port number of LDAP service [389]: <span
- style="font-weight: bold;">389</span><br>Base DN []: <span
- style="font-weight: bold;">dc=servername,dc=domain,dc=org</span><br>Bind DN []: <span
- style="font-weight: bold;">cn=manager,dc=servername,dc=domain,dc=org</span><br>Password for bind DN []: <span
- style="font-weight: bold;">secret</span><br style="font-weight: bold;"><br><span
- style="font-style: italic;">(more questions omitted...)</span><br><br>Save this configuration? <span
- style="font-weight: bold;">Yes</span><br></pre>
-Once you've done this, restart your Citadel service with the <span
- style="font-weight: bold;"><span style="font-family: monospace;">.A</span></span><span
- style="font-family: monospace;">ide <span style="font-weight: bold;">T</span>erminate-server
-<span style="font-weight: bold;">N</span>ow</span> command. When
-Citadel restarts, it will connect to your LDAP directory. Note
-that we gave Citadel the same Base DN, Bind DN, and password that was
-in our LDAP server configuration example. Obviously, everything
-needs to be identical on both sides or the connection will be
-refused. 127.0.0.1 is the loopback address, and 389 is the
-standard port number for LDAP, so this would be the proper host and
-port combination for an LDAP service running on your local
-server. It could just as easily be on another server, for example
-an organization-wide directory server.<br>
-<br>
-You can also configure the LDAP Connector for Citadel from a WebCit
-session. Log on as an Aide and click on Advanced Options -->
-Edit Site-Wide Configuration --> Directory, and you will be
-presented with the same set of questions.<br>
-<br>
-So, what kind of information will be entered into LDAP? As a
-rule, anything that gets saved to your Global Address Book room will
-also be saved to LDAP. Citadel will set up OU's (Organizational
-Units) for each node on your Citadel network, so if you are running
-multiple Citadel servers in an organization, you will automatically
-have a hierarchial view built for you. Below the OU's will be an
-entry for each user who has a vCard registered on the system.
-Citadel automatically translates vCard information to LDAP.<br>
-<br>
-If you already have a Global Address Book full of existing information,
-you can execute an <span style="font-family: monospace;">IGAB</span>
-(Initialize Global Address Book) server command to rebuild it. In
-addition to performing its usual function of rebuilding the internal
-Internet e-mail address mapping table, Citadel will also repopulate
-LDAP with all existing vCards. You should be aware, however, that
-existing LDAP entries will not be cleared from your directory
-server. If your directory contains only Citadel data, you can
-safely delete your database and start over, because it will be
-repopulated. Otherwise, Citadel will merely update any existing
-records with fresh information.<br>
-<br>
-The LDAP Connector for Citadel is a recent development, so expect more
-functionality in this space in the near future.<br>
-</div>
-<br>
-</div>
-<hr>
-<center>
-<h2><a name="utilities"></a>Utilities</h2>
-</center>
-<h3><a name="overview"></a>Overview</h3>
-<p>The following utilities will be discussed: </p>
-<ul>
- <li><b>aidepost</b> - Post standard input to the Aide> room </li>
- <li><b>whobbs</b> - Who is on the system </li>
- <li><b>msgform</b> - Format a binary message to the screen (stdin or
-in a file) </li>
- <li><b>userlist</b> - Print the userlist </li>
- <li><b>sendcommand</b> - Send a server command </li>
-</ul>
-<p>It is up to you to decide which utilities should be made accessible
-only to system administrators. It is important that you set the file
-permissions correctly. All utilities should have access to the Citadel
-data files. We
-will attempt to address each program individually.</p>
-<h3><a name="aidepost"></a>aidepost</h3>
-<p>The nature of this program is rather simple. Standard input (stdin)
-is converted into a message, filed in the main message store, and
-posted in the Aide> room. This is useful for keeping transcripts of
-system activity that has to do with Citadel operations. You might even
-elect to send all of
-your system logs there, too.</p>
-<p><tt>aidepost</tt> also accepts the usage <tt>aidepost -rTargetRoom</tt>,
-where TargetRoom is the name of a room to which you'd like the message
-to be sent.</p>
-<h3><a name="whobbs"></a>whobbs</h3>
-<p>This program is similar to the <tt>who</tt> command. It lists all
-of the users who are currently connected to your Citadel server, either
-locally or
-across a network. Unless you're running a standalone system, <tt>who</tt>
-and <tt>whobbs</tt> will probably not have a one-to-one
-correspondence. Remember
-that you will see sessions for SMTP, POP, and IMAP users, as well as
-users
-running a Citadel client.</p>
-<p>One thing to keep in mind is that the <tt>whobbs</tt> utility
-actually opens a connection to the server. If the server is maxed out, <tt>whobbs</tt>
-will still be able to provide a listing, because it doesn't need to log
-in to execute the <tt>RWHO</tt> command. Note that whobbs does not
-list its own session.</p>
-<p>The <tt>whobbs</tt> utility is smart enough to know when it is
-being invoked by a web server as a CGI program. In this situation, it
-will output its listing
-as a nicely formatted web page instead of plain text. This makes it
-easy
-to just put a link to the whobbs binary in your cgi-bin directory,
-allowing
-a quick and easy way for web surfers to see who is online.</p>
-<p>Running the <tt><b>W</b>ho is online</tt> command from the Citadel
-client does <b>not</b> call this utility. It has this functionality
-built in.<br>
-<br>
-</p>
-<h3><a name="msgform"></a>msgform</h3>
-<p>The <tt>msgform</tt> utility reads its standard input (stdin)
-looking for
-Citadel messages stored in the internal format used on disk and over
-the
-network, and sends them in a human-readable format to standard output
-(stdout). There is no longer much use for this program, but it is
-included for hack
-value.</p>
-<h3><a name="userlist"></a>userlist</h3>
-<p>This is a program to print the userlist. There are two flags that
-may be
-set when running this program. When called without any arguments, <tt>userlist</tt>
-will display all users (except those who have chosen to be unlisted),
-their user numbers, times called, messages posted, screen width, and
-date of their most recent call.</p>
-<p><tt>userlist</tt> is simply the same user listing code that is in
-the
-client, made into a standalone utility for convenience.<br>
-</p>
-<h3><a name="sendcommand"></a>sendcommand</h3>
-<p><tt>sendcommand</tt> will interpret its arguments (except for <tt>-hDIRNAME</tt>)
-as a server command, which is sent to the server. Commands which
-require textual input will read it from stdin. Commands which generate
-textual output will be sent to stdout.</p>
-<p>This utility is intended to be used to enable Citadel server
-commands to
-be executed from shell scripts.</p>
-<p><b>NOTE:</b> be sure that this utility is not world-executable. It
-connects to the server in privileged mode, and therefore could present
-a security hole if not properly restricted.</p>
-</div>
-<br>
-</body>
-</html>
projects / citadel.git / commitdiff