<body>
<div align="center">
<h1>C I T A D E L</h1>
-<h2>a messaging and collaboration platform for BBS and groupware
-applications</h2>
-Copyright ©1987-2005 by the Citadel development team:<br>
+<h2>an open source messaging and collaboration platform</h2>
+Copyright ©1987-2006 by the Citadel development team:<br>
<br>
-<table cellpadding="2" cellspacing="2" border="0" align="center">
+<table align="center" border="0" cellpadding="2" cellspacing="2">
<tbody>
<tr>
<td valign="top">Clint Adams<br>
<tr>
<td valign="top">Art Cancro<br>
</td>
- <td valign="top"><i>overall system design and lead
-developer<br>
+ <td valign="top"><i>overall system design and lead developer<br>
</i></td>
</tr>
<tr>
</i></td>
</tr>
<tr>
- <td valign="top">Michael Hampton<br>
+ <td valign="top">Wilfried Goesgens<br>
</td>
- <td valign="top"><i>client software development<br>
+ <td valign="top"><i>build system patches<br>
</i></td>
</tr>
<tr>
- <td style="vertical-align: top;">Urs Jannsen<br>
- </td>
- <td style="vertical-align: top;"><span style="font-style: italic;">text
-search algorithm</span><br>
+ <td valign="top">Michael Hampton<br>
</td>
+ <td valign="top"><i>client software development<br>
+ </i></td>
</tr>
<tr>
<td valign="top">Andru Luvisi<br>
<tr>
<td valign="top">Stu Mark<br>
</td>
- <td valign="top"><i>additional client features, IGnet protocol
-design<br>
+ <td valign="top"><i>additional client features, IGnet protocol design<br>
+ </i></td>
+ </tr>
+ <tr>
+ <td valign="top">Edward S. Marshall<br>
+ </td>
+ <td valign="top"><i>RBL checking function design<br>
</i></td>
</tr>
<tr>
<td valign="top"><i>assistance with project management<br>
</i></td>
</tr>
+ <tr>
+ <td valign="top">Trey Van Riper<br>
+ </td>
+ <td valign="top"><i>QA and portability enhancements<br>
+ </i></td>
+ </tr>
<tr>
<td valign="top">John Walker<br>
</td>
- <td valign="top"><i>author of public domain base64
-encoder/decoder<br>
+ <td valign="top"><i>author of public domain base64 encoder/decoder<br>
</i></td>
</tr>
<tr>
</table>
</div>
<br>
-<div align="justify">The entire package is open source; you can
+<div align="justify">The entire package is open source software. You may
redistribute and/or modify it under the terms of the GNU General Public
-License as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.<br>
+License, version 2, which is included in this manual.<br>
<br>
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details. </div>
<div align="justify"><br>
For more information, visit either of these locations on
<li>UNCENSORED! BBS, the home of Citadel: <a
href="http://uncensored.citadel.org">http://uncensored.citadel.org</a></li>
</ul>
-<hr width="100%" size="2">
+<hr size="2" width="100%">
<h2 align="center">Table of Contents</h2>
<ol>
<li><a href="#GPL">License</a></li>
<li><a href="#Database_maintenance">Database maintenance</a></li>
<ol>
<li><a href="#Introduction_">Introduction</a></li>
+ <li><a href="#Backing_up_your_Citadel_database">Backing up your
+Citadel database</a><br>
+ </li>
<li><a href="#Database_repair">Database repair</a></li>
<li><a href="#ImportingExporting_your_Citadel">Importing/Exporting
your Citadel database</a><br>
</ol>
</ol>
<br>
-<hr width="100%" size="2"><br>
+<hr size="2" width="100%"><br>
<h2 align="center"><a name="GPL"></a>GNU General Public License<br>
</h2>
</div>
<p align="justify"> </p>
<h3>END OF TERMS AND CONDITIONS</h3>
<br>
-<hr width="100%" size="2"><br>
+<hr size="2" width="100%"><br>
<div align="center">
<h2><a name="Installation"></a>Installation</h2>
</div>
the system. It is mandatory that the sysop have "root" access to the
operating system. The following are required to install Citadel: </p>
<ul>
- <li>A Unix operating system (Linux, BSD, Solaris, Tru64, HP/UX) </li>
+ <li>A unix-like operating system (Linux, FreeBSD, Solaris, etc.) </li>
<li>C compiler (<a href="http://gcc.gnu.org/">GCC</a> with <a
href="http://www.gnu.org/software/make/make.html">gmake</a> is the
recommended build environment) </li>
<li>Enough disk space to hold all of the programs and data </li>
</ul>
<p>If you are running Citadel on a Linux system, it is STRONGLY
-recommended that you run it on a recent distribution (such as <a
- href="http://www.redhat.com">Red Hat</a> 7.3 or newer). A new-ish
+recommended that you run it on a recent distribution (such as Fedora
+Core 3 or newer). A new-ish
distribution will have most or all of the prerequisite tools and
libraries already integrated for you.</p>
-<h3>Now available:</h3>
+<h3>Other pieces which complete the Citadel system:</h3>
<ul>
<li>"WebCit", a gateway program to allow full access to Citadel via
the World Wide Web. Interactive access through any Web browser. </li>
<li>Access to Citadel via <i>any</i> standards-compliant e-mail
program, thanks to Citadel's built-in SMTP, POP, and IMAP services.
You can use Mozilla, Netscape, Evolution, Eudora, Pine, Outlook, etc.
-with Citadel. </li>
+with Citadel.</li>
+ <li>Access to Citadel's calendar and address book functions using any
+GroupDAV-enabled PIM client (requires WebCit).<br>
+ </li>
</ul>
<h3>Coming soon:</h3>
<ul>
- <li>Newer and better GUI-based clients.</li>
+ <li>More integration with third-party software.<br>
+ </li>
</ul>
<h3><a name="Everything_in_its_place..."></a>Everything in its place...</h3>
<p>Hopefully you've unpacked the distribution archive into its own
"citadel" in
that directory, or a script that will start up the citadel client.
Example:</p>
-<pre>bbs::100:1:Citadel Login:/usr/local/citadel:/usr/local/citadel/citadel<br></pre>
+<pre>citadel::100:1:Citadel Login:/usr/local/citadel:/usr/local/citadel/citadel<br></pre>
<p>When you run setup later, you will be required to tell it the
username or user ID of the account you created is, so it knows what
-user to run as. If you create an account called <tt>bbs</tt>, <tt>guest</tt>,
-or <tt>citadel</tt>, the setup program will automatically pick up the
+user to run as. If you create an account called <tt>citadel, bbs</tt>,
+or <tt>guest</tt>, the setup program will automatically pick up the
user ID by default.</p>
<p>For all other users in /etc/passwd (or in some other name service
such as NIS), Citadel will automatically set up
a line in your citadel.rc file like this:</p>
<pre>editor=/usr/bin/vi<br></pre>
<p>The above example would make Citadel call the vi editor when using
-the <tt><b>.E</b>nter <b>E</b>ditor</tt> command. You can also make
+the <tt><b>.E</b>nter <b>E</b>ditor</tt> command, or when a user
+selects the "Always compose messages with the full-screen
+editor" option. You can also make
it the default editor for the <tt><b>E</b>nter</tt> command by editing
the <tt>citadel.rc</tt> file. <b>But be warned:</b> external editors
on public systems can
specifies what command you use to print. Text is sent to the standard
input (stdin) of the print command.</p>
<p>So if you did this:</p>
-<pre>printcmd="nl|pr|lpr -Plocal"<br></pre>
-<p>...that would add line numbers, then paginate, then print on the
+<pre>printcmd="a2ps -o - |lpr -Plocal"<br></pre>
+<p>...that would convert the printed text to PostScript, then print on
+the
printer named "local". There's tons of stuff you can do with this
feature. For example, you could use a command like <tt>cat
<<$HOME/archive</tt> to save copies of important messages in a
</ul>
<p>To report a problem, you can log on to <a
href="http://uncensored.citadel.org">UNCENSORED!</a> or any other BBS
-on the Citadel network which carries the <tt>Citadel></tt> room.
+on the Citadel network which carries the <tt>Citadel/UX></tt> room.
Please DO NOT e-mail the developers directly. Post a request for help
on the BBS, with all of the following information: </p>
<ul>
</ul>
</div>
<div align="center">
-<hr width="100%" size="2">
+<hr size="2" width="100%">
<h2><a name="sysop"></a>System Administration</h2>
</div>
<div align="justify">
they become a certain number of days old, or until a certain number of
additional messages are posted in the room, at which time the oldest
ones will scroll out.</p>
+<p>When a new Citadel system is first installed, the default
+system-wide
+expire policy is set to 'manual' -- no automatic purging of messages
+takes place anywhere. For public message boards, you will probably want
+to set some sort of automatic expire policy, in order to prevent your
+message base from growing forever.</p>
<p>You will notice that you can also fall back to the default expire
policy for the floor upon which the room resides. This is the default
setting. You can change the floor's default with the <tt><b>;A</b>ide <b>E</b>dit
If you wish to change these policies, the next two options allow you
to. You may 'Allow Aides to Zap (forget) rooms', in which case they may
use the <tt><b>Z</b>ap</tt> command just like any other user.
-Aides may also <tt><b>.G</b>oto</tt> any private mailbox belonging to any
+Aides may also <tt><b>.G</b>oto</tt> any private mailbox belonging to
+any
user, using a special room name format.</p>
<p>If your local security and/or privacy policy dictates that you keep
a
copy.</p>
<p>The next set of options deals with the tuning of your system. It is
usually safe to leave these untouched.</p>
-<pre>Server connection idle timeout (in seconds) [900]: <br>Maximum concurrent sessions [20]: <br>Maximum message length [2147483647]: <br>Minimum number of worker threads [5]: <br>Maximum number of worker threads [256]: <br></pre>
+<pre>Server connection idle timeout (in seconds) [900]: <br>Maximum concurrent sessions [20]: <br>Maximum message length [10000000]: <br>Minimum number of worker threads [5]: <br>Maximum number of worker threads [256]: <br>Automatically delete committed database logs [Yes]:<br></pre>
<p>The 'Server connection idle timeout' is for the connection between
client and server software. It is <b>not</b> an idle timer for the
user interface. 900 seconds (15 minutes) is the default and a sane
sessions
with a much smaller thread pool. If you don't know the programming
theory
-behind multithreaded servers, you should leave these parameters alone.</p>
+behind multithreaded servers, you should leave these parameters alone.<br>
+</p>
+<p>'Automatically delete committed database logs' is a <span
+ style="font-style: italic;">crucial</span> setting which affects your
+system's disk utilization and backup recoverability. Please refer
+to the <a href="#Database_maintenance">database maintenance</a>
+section of this document to learn how the presence or absence of
+database logs affect your ability to reliably backup your Citadel
+system.<br>
+</p>
<p>The next set of options affect how Citadel behaves on a network.</p>
-<pre>How often to run network jobs (in seconds) [3600]: <br><br>POP3 server port (-1 to disable) [110]:<br><br>IMAP server port (-1 to disable) [143]:<br><br>SMTP MTA server port (-1 to disable) [25]: <br><br>SMTP MSA server port (-1 to disable) [587]: <br><br>Correct forged From: lines during authenticated SMTP [Yes]:<br><br></pre>
-<p>"How often to run network jobs" refers to the sharing of content on
-a
-Citadel network. If your system is on a Citadel network, this
-configuration
-item dictates how often the Citadel server will contact other Citadel
-servers to send and receive messages. In reality, this will happen more
-frequently than you specify, because other Citadel servers will be
-contacting yours at regular intervals as well.</p>
+<pre>Server IP address (0.0.0.0 for 'any') [0.0.0.0]:<br>POP3 server port (-1 to disable) [110]:<br>POP3S server port (-1 to disable) [995]:<br>IMAP server port (-1 to disable) [143]:<br>IMAPS server port (-1 to disable) [993]:<br>SMTP MTA server port (-1 to disable) [25]:<br>SMTP MSA server port (-1 to disable) [587]:<br>SMTPS server port (-1 to disable) [465]:<br>Correct forged From: lines during authenticated SMTP [Yes]:<br>Allow unauthenticated SMTP clients to spoof my domains [No]: No<br>Instantly expunge deleted IMAP messages [No]: Yes<br></pre>
+<p>"Server IP address" refers to the IP address on <span
+ style="font-style: italic;">your server</span> to which Citadel's
+protocol services should be bound. Normally you will leave this
+set to 0.0.0.0, which will cause Citadel to listen on all of your
+server's interfaces. However, if you are running multiple
+Citadels on a server with multiple IP addresses, this is where you
+would specify which one to bind this instance of Citadel to.</p>
<p>Then you can specify TCP port numbers for the SMTP, POP3, and IMAP
services. For a system being used primarily for Internet e-mail, these
are essential, so you'll want to specify the standard port numbers: 25,
though, then you might want to choose other, unused port numbers, or
enter -1 for any protocol
to disable it entirely.</p>
-<p>You'll also notice that you can specify two port numbers for SMTP: one
-for MTA (Mail Transport Agent) and one for MSA (Mail Submission Agent). The
-traditional ports to use for these purposes are 25 and 587. If you are
-running an external MTA, such as Postfix (which submits mail to Citadel using
+<p>You'll also notice that you can specify two port numbers for SMTP:
+one
+for MTA (Mail Transport Agent) and one for MSA (Mail Submission Agent).
+The
+traditional ports to use for these purposes are 25 and 587. If you are
+running an external MTA, such as Postfix (which submits mail to Citadel
+using
LMTP) or Sendmail (which submits mail to Citadel using the 'citmail'
-delivery agent), that external MTA will be running on port 25, and you should
-specify "-1" for the Citadel MTA port to disable it. The MSA port (again,
-usually 587) would be the port used by end-user mail client programs such as
-Aethera, Thunderbird, Eudora, or Outlook, to submit mail into the system.
-All connections to the MSA port <b>must</b> use Authenticated SMTP.</p>
+delivery agent), that external MTA will be running on port 25, and you
+should
+specify "-1" for the Citadel MTA port to disable it. The MSA port
+(again,
+usually 587) would be the port used by end-user mail client programs
+such as
+Aethera, Thunderbird, Eudora, or Outlook, to submit mail into the
+system.
+All connections to the MSA port <b>must</b> use Authenticated SMTP.<br>
+</p>
+<p>The protocols ending in "S" (POP3S, IMAPS, and SMTPS) are
+SSL-encrypted. Although all of these protocols support the
+STARTTLS command, older client software sometimes requires connecting
+to "always encrypted" server ports. Usually when you are looking
+at a client program that gives you a choice of "SSL or TLS," the SSL
+option will connect to one of these dedicated ports, while the TLS
+option will connect to the unencrypted port and then issue a STARTTLS
+command to begin encryption. (It is worth noting that this is <span
+ style="font-style: italic;">not</span> the proper use of the acronyms
+SSL and TLS, but that's how they're usually used in many client
+programs.)<br>
+</p>
+<p>All of the default port numbers, including the encrypted ones, are
+the standard ones.<br>
+</p>
<p>The question about correcting forged From: lines affects how Citadel
behaves with authenticated SMTP clients. Citadel does not ever allow
third-party SMTP relaying from unauthenticated clients -- any incoming
this behavior, answer 'No' at the prompt (the default is 'Yes') and the
headers
will never be altered.</p>
+<p>"Instant expunge" affects what happens when IMAP users delete
+messages. As you may already know, messages are not <i>truly</i> deleted
+when an IMAP client sends a delete command; they are only <i>marked for
+deletion</i>. The IMAP client must also send an "expunge" command
+to actually delete the message. The Citadel server automatically expunges
+messages when the client logs out or selects a different folder, but if you
+select the Instant Expunge option, an expunge operation will automatically
+follow any delete operation (and the client will be notified, preventing any
+mailbox state problems). This is a good option to select, for example, if you
+have users who leave their IMAP client software open all the time and are
+wondering why their deleted messages show up again when they log in from a
+different location (such as WebCit).</p>
+<p>"Allow spoofing" refers to the security level applied to
+non-authenticated SMTP clients. Normally, when another host connects to
+Citadel via SMTP to deliver mail, Citadel will reject any attempt to send
+mail whose sender (From) address matches one of your host's own domains. This
+forces your legitimate users to authenticate properly, and prevents foreign
+hosts (such as spammers) from forging mail from your domains. If, however,
+this behavior is creating a problem for you, you can select this option to
+bypass this particular security check.<br>
+<span style="font-family: monospace;"><br>
+Connect this Citadel to an LDAP directory [No]: No</span><br>
+</p>
+<p>The LDAP configuration options are discussed elsewhere in this
+document.<br>
+</p>
<p>The final set of options configures system-wide defaults for the
auto-purger:</p>
-<pre>Default user purge time (days) [120]: <br><br>Default room purge time (days) [30]: <br><br>System default message expire policy (? for list) [2]: <br><br>Keep how many messages online? [150]:<br><br>Mailbox default message expire policy (? for list) [1]: <br><br></pre>
+<pre>Default user purge time (days) [120]: <br>Default room purge time (days) [30]: <br>System default message expire policy (? for list) [0]: <br>Keep how many messages online? [150]:<br>Mailbox default message expire policy (? for list) [0]:<br>How often to run network jobs (in seconds) [1800]:<br>Enable full text search index (warning: resource intensive) [Yes]: Yes<br>Hour to run purges (0-23) [4]:<br>
+Perform journaling of email messages [No]:<br>Perform journaling of non-email messages [No]:<br>Email destination of journalized messages [example@example.com]:<br></pre>
<p>Any user who does not log in for the period specified in 'Default
user purge time' will be deleted the next time a purge is run. This
setting may be modified on a per-user basis.</p>
to. This can allow you, for example, to set a policy under which old
messages scroll out of public rooms, but private mail stays online
indefinitely
-until deleted by the mailbox owners.</p>
-<pre>Save this configuration? No<br></pre>
+until deleted by the mailbox owners.<br>
+</p>
+<p>"How often to run network jobs" refers to the sharing of content on
+a
+Citadel network. If your system is on a Citadel network, this
+configuration
+item dictates how often the Citadel server will contact other Citadel
+servers to send and receive messages. In reality, this will happen more
+frequently than you specify, because other Citadel servers will be
+contacting yours at regular intervals as well.<br>
+</p>
+<p>"Hour to run purges" determines when expired and/or deleted objects
+are purged from the database. These purge operations are
+typically run overnight and automatically, sometime during whatever
+hour you specify. If your site is much busier at night than
+during the day, you may choose to have the auto-purger run during the
+day.</p>
+<p>"Enable full text search index," if enabled, instructs the server to
+build and maintain a searchable index of all messages on the
+system. This is a time and resource intensive process -- it could
+take days to build the index if you enable it on a large
+database. It is also fairly memory intensive; we do not recommend
+that you enable the index unless your host system has at least 512 MB
+of memory. Once enabled, however, it will be updated
+incrementally
+and will not have any noticeable impact on the interactive response
+time of your system. The full text index is currently only
+searchable when using IMAP clients; other search facilities will be
+made available in the near future.</p>
+<p>The "Perform journaling..." options allow you to configure
+your Citadel server to send an extra copy of every message, along with
+recipient information if applicable, to the email address of your choice.
+The journaling destination address may be an account on the local Citadel
+server, an account on another Citadel server on your network, or an Internet
+email address. These options, used in conjunction with an archiving service,
+allow you to build an archive of all messages which flow through your Citadel
+system. This is typically used for regulatory compliance in industries which
+require such things. Please refer to the <a href="journaling.html">journaling
+guide</a> for more details on this subject.</p>
+<p><span style="font-family: monospace;">Save this configuration? No</span><br>
+</p>
<p>When you're done, enter 'Yes' to confirm the changes, or 'No' to
discard the changes.</p>
</div>
-<hr width="100%" size="2">
+<hr size="2" width="100%">
<h2 align="center"><a name="Configuring_Citadel_for_Internet_e-mail"></a>Configuring
Citadel for Internet e-mail</h2>
<div align="justify">
To configure this
functionality, simply enter the domain name or IP address of your relay
as a 'smart-host' entry.</p>
+<p>If your relay server is running on a port other
+than the standard SMTP port 25, you can also specify the port number
+using "host:port" syntax; i.e. <tt>relay99.myisp.com:2525</tt></p>
+<p>Furthermore, if your relay server requires authentication, you can
+specify it using username:password@host or username:password@host:port
+syntax; i.e. <tt>jsmith:pass123@relay99.myisp.com:25</tt></p>
<p><b>directory:</b> a domain for which you are participating in
directory services across any number of Citadel nodes. For example, if
users who have addresses in the domain <tt>citadel.org</tt> are spread
However, it is beyond the scope of this document to detail the finer
points of the configuration of Postfix or any other mailer, so refer to
the documentation to those programs and keep in mind that Citadel has
-LMTP support.<span style="font-family: monospace;"><br>
-</span></p>
+LMTP support.<span style="font-family: monospace;"></span></p>
+<p>There are actually <i>two</i> LMTP sockets. One is called
+<tt>lmtp.socket</tt> and the other is called <tt>lmtp-unfiltered.socket</tt>
+(both are found in your Citadel directory). The difference should be
+obvious: messages submitted via <tt>lmtp.socket</tt> are subject to
+any
+spam filtering you may have configured (such as SpamAssassin), while
+messages
+submitted via <tt>lmtp-unfiltered.socket</tt> will bypass the filters.
+You
+would use the filtered socket when receiving mail from an external MTA
+such
+as Postfix, but you might want to use the unfiltered socket with
+utilities
+such as fetchmail.</p>
+<br>
<p>For outbound mail, you
can either allow Citadel to perform
deliveries directly
URL's
in your e-mail software) and the confirmation is automatically
completed.</p>
-<hr width="100%" size="2">
+<hr size="2" width="100%">
<center>
<h2><a name="Building_or_joining_a_Citadel_network"></a>Building or
joining a Citadel network</h2>
A few small data files are kept in your main Citadel directory, but the
databases are in the <tt>data/</tt> subdirectory. The files with
names that begin with "cdb" are the databases themselves; the files
-with names that begin with "log" are the journals. Journal files
-will come and go as you use your system; when the database engine has
-determined that a particular log file is no longer needed, the file
-will automatically be deleted. Nevertheless, you should always
-ensure that there is ample disk space for the files to grow.<br>
+with names that begin with "log" are the logs (sometimes referred to as
+"journals"). Log files will continue to appear as you use your
+system; each will grow to approximately 10 megabytes in size before a
+new one is started. There is a system configuration setting
+(found in <span style="font-family: monospace;"><span
+ style="font-weight: bold;">.A</span>ide <span
+ style="font-weight: bold;">S</span>ystem-configuration <span
+ style="font-weight: bold;">G</span>eneral</span> in the text mode
+client, or in <span style="font-family: monospace;">Administration
+--> Edit site-wide configuration --> Tuning</span> in the WebCit
+client) which specifies "Automatically delete committed database
+logs." If you have this option enabled, Citadel will
+automatically delete any log files whose contents have been fully
+committed to the database files.<br>
+<br>
+For more insight into how the database and log files work, you may wish
+to read the <a
+ href="http://www.sleepycat.com/docs/ref/transapp/archival.html">Berkeley
+DB documentation</a> on this subject.<br>
+<br>
+<h3><a name="Backing_up_your_Citadel_database"></a>Backing up your
+Citadel database</h3>
+<span style="font-weight: bold;">Please read this section carefully.</span><br>
+<br>
+There are two backup strategies you can use, depending on your site's
+availability requirements and disk space availability.<br>
+<h5>Strategy #1: Standard backup</h5>
+The standard (or "offline") backup is used when your Citadel server is
+configured to automatically delete committed database logs. The
+backup procedure is as follows:<br>
+<ol>
+ <li>Shut down the Citadel server.</li>
+ <li>Back up all files (database files, log files, etc.) to tape or
+some other backup media.</li>
+ <li>Start the Citadel server.</li>
+</ol>
+<span style="font-style: italic;">Advantage:</span> very little disk
+space is consumed by the logs.<br>
+<span style="font-style: italic;">Disadvantage:</span> Citadel is not
+available during backups.<br>
+<br>
+<h5>Strategy #2: "Hot" backup</h5>
+The "hot backup" procedure is used when your Citadel server is
+configured <span style="font-weight: bold;">not</span> to
+automatically delete committed database logs. The backup
+procedure is as follows:<br>
+<ol>
+ <li>Back up all files. Make sure the database files (<span
+ style="font-family: monospace;">cdb.*</span>) are backed up <span
+ style="font-style: italic;">before</span> the log files (<span
+ style="font-family: monospace;">log.*</span>). This will usually
+be the case, because the database files tend to appear first in both
+alphabetical and on-disk ordering of the <span
+ style="font-family: monospace;">data/</span> directory.</li>
+ <li>After verifying that your backup completed successfully, delete
+the committed log files with a command like this:</li>
+</ol>
+<span style="font-family: monospace;">/usr/local/citadel/sendcommand
+"CULL"</span><br>
<br>
-There is no need to shut down Citadel during backups. The data
-store may be backed up "hot." The makers of Berkeley DB suggest
-that you should back up the data files <i>first</i> and the log files <i>second</i>.
- This is the only method that will guarantee that a database which
-is being changed while you back it up will still be usable when you
-restore it
-from the tape later.<br>
+<span style="font-style: italic;">Advantage:</span> Citadel continues
+to run normally during backups.<span style="font-style: italic;"><br>
+Disadvantage:</span> Much disk space is consumed by the log files,
+particularly if the full text indexer is turned on.<br>
+<br>
+<br>
+It is up to you to decide which backup strategy to use. <span
+ style="font-weight: bold;">Warning: if you configure Citadel to
+automatically delete committed database logs, and do not shut the
+Citadel service down during backups, there is no guarantee that your
+backups will be usable!</span><br>
<br>
<h3><a name="Database_repair"></a>Database repair</h3>
Although Citadel's data store is quite reliable, database corruption
when you order the certificate. </li>
<li>When the certificate is received, simply save it as <tt>citadel.cer</tt>
and restart the Citadel server. </li>
+ <li>If your certificate authority delivers a 'chained' certificate
+(one
+with intermediate certificate authorities), simply append the
+intermediate
+certificate after your server's own certificate in the <tt>citadel.cer</tt>
+file.</li>
</ul>
<br>
<hr style="width: 100%; height: 2px;">
textual output will be sent to stdout.</p>
<p>This utility is intended to be used to enable Citadel server
commands to
-be executed from shell scripts. Review the script called <tt>weekly</tt>
-which ships with the Citadel distribution for an example of how this
-can
-be used.</p>
+be executed from shell scripts.</p>
<p><b>NOTE:</b> be sure that this utility is not world-executable. It
connects to the server in privileged mode, and therefore could present
a security hole