Tools Citadel Lead image: Lead Image © braverabbit; 123RF.com

An overview of the Citadel BBS

The Private Stronghold

Citadel is a free, compact bulletin board system that integrates email, calendar, address book, and forum functions for administrators and hobbyists that need a groupware solution for a small organization. By Rubén Llorente

Associations demand a plethora of applications to keep their members connected. At the very least, a small organization needs an email system and an address book. Often, they also need a private forum and a chat system. In practice, most small groups don't have the resources required to set up and host all the required services themselves and end up externalizing them. Externalizing IT, such as adopting the address book service provided by Google, might seem an easy solution, but it is not free from problems. Under some jurisdictions, uploading the personal data of contacts to a server managed by a third party is problematic.

Citadel [1] is a groupware solution that integrates many of the services an organization needs in a compact, easy-to-install package. In a matter of minutes, it offers the power to set up email, contacts, Extensible Messaging and Presence Protocol (XMPP) chat, and bulletin board services in a self-hosting environment, without handing over the control of your information to a third party. (See also the "Historical Perspective" box.)

Historical Perspective

Those whose hair grows gray might remember the days of bulletin board systems (BBSs). Early BBSs were used over a modem and allowed users to post public messages, send netmail and email, and play games. BBSs were primitive and had clumsy terminal interfaces, but they allowed people to communicate, which was the point of the tools, after all.

A strong BBS community still exists, although it is no longer common to access these systems over modems. Instead, system operators provide access to their BBSs over Telnet or secure shell (SSH). The primary function of BBSs, however, has not changed.

The original Citadel was written in 1981 and has a convoluted story [2]. The implementation discussed in this article, technically named Citadel/UX, uses the original Citadel interface, but none of its code. Born as a commercial BBS package, its initial release was in 1988. In 1998, efforts were taken to expand the scope of the software and turn Citadel/UX into an actual groupware solution. In 1999, Citadel/UX was licensed under GNU General Public Licence (GPLv2), becoming free software.

With its roots in the BBS realm, the core of Citadel/UX features a geeky terminal interface, designed to be used over Telnet or SSH. Fortunately, modern Citadel comes with WebCit, an easy-to-use and easy-to-understand web interface that allows use by non-technical people.

Throughout this article, I use "Citadel" to refer to the modern "Citadel/UX" software.

Installing Citadel

Citadel provides an EasyInstall script that automatically sets up the software and its dependencies. The script works with Linux distributions that use the Apt or Yum package managers and will only succeed if systemd is included in the installation; otherwise, the process fails to complete. If the script does not work with your distribution, a manual install will be required [3].

The EasyInstall script has the following prerequisites:

Apt or Yum package managers
Systemd
Curl or Wget
Bash

In practice, EasyInstall requires a Debian-like or Red Hat-like distribution to manage the dependencies of Citadel automatically.

Citadel comes with its own message transfer agent, which replaces the one provided by your operating system. Citadel also requires access to privileged ports, which means it usually runs as a privileged user. For theses reasons, it is a good idea not to have another mailing system working on the same machine.

Express Firewall

Allowing access to the Citadel instance before setup has finished is undesirable, so the recommended procedure is to close the ports used by Citadel with a firewall and only open them when the instance is ready.

Firewalls are out of the scope of this article, but as a guide, issuing

# apt-get install ufw
# ufw allow ssh
# ufw default deny incoming
# ufw default allow outgoing
# ufw enable

as root in a Debian-like operating system will prevent access to Citadel from the Internet and may be issued before executing the EasyInstall script.

Once the setup is complete, the following command opens the ports Citadel uses:

# ufw allow 25,80,110,119,143,443,465,563,587,993,995,5222/tcp

The following commands install Citadel on Debian:

# apt-get install curl bash
# curl http://easyinstall.citadel.org/install > EasyInstall.sh
# chmod +x EasyInstall.sh
# bash ./EasyInstall.sh

The EasyInstall script describes the actions it is going to attempt and asks for confirmation before proceeding (Figure 1); then, it asks whether to install the required dependencies automatically for Citadel and whether to accept the GPLv3 license. Answering affirmatively to these questions begins the installation procedure; then, the script compiles and installs the necessary components. Once the installation is complete, the script launches the setup utility, which allows it to configure the Citadel instance.

Figure 1: The EasyInstall script makes it possible to install Citadel in a painless, automated manner.

Configuring Citadel

First, the setup utility creates an administrative user. The program asks for a username and password. Beware that the maximum password length is 32 characters. If a longer password is introduced, the setup utility silently truncates it.

Second, the program asks which system user will be in charge of running the server, because this user will need permission to operate privileged ports; the default is root. The administrator is prompted for the IP address and port on which Citadel will listen. The default is to listen on every available address and use port 504. Remember, this port is intended for internal use and does not necessarily have to be reachable over the Internet.

Third, the program needs to know which authentication back end is to be used. The default is self contained, which means Citadel will take care of everything.

Fourth, the setup utility configures WebCit, the Citadel web interface. It asks which HTTP and HTTPS ports WebCit will use. Reasonable choices are 80 for HTTP and 443 for HTTPS.

Citadel Management

Once the setup is complete, the server can be accessed by its web interface. A self-signed Transport Layer Security (TLS) certificate is generated on installation, and the web interface will be available on port 80 (non-TLS) and port 443 (TLS). Once logged in, many server settings can be tweaked from the Administration tab (Figure 2), which can be accessed from the left sidebar. Ports 80 or 443 must be unfiltered at the firewall; otherwise, connection is not possible.

The Administration tab is accessed from the sidebar (1), from which you can manage email (2), general configuration (3), users (4), and floors (5). — Figure 2: The *Administration* tab is accessed from the sidebar (1), from which you can manage email (2), general configuration (3), users (4), and floors (5).

At the bare minimum, the administrator should visit Domain names and Internet mail configuration and input a domain name in the Local host aliases box (Figure 3), allowing the server to receive email from the Internet. Filling in the Masqueradable domains box is also a good idea. The Edit site-wide configuration link (reached from the Administration menu) is the place to set a name for the Citadel instance and configure its fully qualified domain name (FQDN) (Figure 4).

Figure 4: Entering a name and FQDN for the Citadel instance.

Self-service user account creation is active by default. Therefore, anybody can create a user in Citadel and log in, which is not desirable for a private system. To prevent outsiders from creating accounts in a private bulletin board, the administrator can head to Edit site-wide configuration, click the Access tab, and mark the Disable self-service user account creation checkbox (Figure 5). Users can be created manually from Add, change, delete user accounts.

Figure 5: Disabling account self-creation keeps the Citadel instance private.

Citadel Rooms

Citadel's main characteristic is that everything is a room, at least internally. Rooms are arranged by floors (Figure 6). For example, on a floor called Animal Talk, you might have the rooms Horses, Dogs, and Cats. The Rooms section, reached from the menubar on the left, shows how rooms are organized within the Citadel instance. By default, any user may create rooms on existing floors by clicking the Advanced section on the sidebar and selecting Create a new room (Figure 7).

Only the administrator is allowed to create floors in Add/change/delete floors. — Figure 6: Only the administrator is allowed to create floors in *Add/change/delete floors*.

Figure 7: Users can create rooms within the floors created by the administrator.

On login, a user can click the Goto next room link in the top right corner and visit rooms sequentially where unread messages exist. The Skip this room link moves to the next room without marking the posts in the current room as read. In low-traffic sites, this method is a quick and convenient way to check for unread posts.

Email and Messaging

Private local messages are sent from the Mail section, as can external Internet email. Messages the user sends are kept in the special Sent Items private room, and incoming mail is stored in the Mail private room (both under My Folders in Figure 8). The administrator authorizes users to send external email and sets them up with addresses (Figure 9).

Personal information is kept in the My Folders area of the Citadel BBS. — Figure 8: Personal information is kept in the *My Folders* area of the Citadel BBS.

Figure 9: A user must be authorized by the administrator to send external email.

The software provides POP3, IMAP, and SMPT access, so the email services from Citadel can be used with common email clients, such as Thunderbird. Better yet, Thunderbird can be used to read messages in discussion rooms (Figure 10).

Figure 10: Thunderbird can interface with Citadel by IMAP, so users can read new messages posted in discussion rooms.

As an additional bonus, discussion rooms can be turned into mailing lists by configuring rooms to send new messages to subscribers by email and to post messages sent to specific email addresses to the room (Figure 11). To do so, click the Advanced section on the sidebar, then click Edit or delete this room. The Mailing list service tab is used to configure the mailing list and manage subscribers.

To turn the Horses room into a mailing list, it must be selected from the Rooms section (1) and then configured through the Advanced tab (2). — Figure 11: To turn the *Horses* room into a mailing list, it must be selected from the *Rooms* section (1) and then configured through the *Advanced* tab (2).

Citadel can integrate many popular features for email services, such as spam filters and SMTP blacklists. For detailed instructions, see the project website [4] [5].

Chat in the Citadel

Text chat is an area where Citadel definitively does not shine, but the option is there. The left sidebar has a Chat section that allows users to chat in real time. Additionally, an XMPP client, such as Pidgin, can be used for chatting. Citadel offers an XMPP service on port 5222 by default.

The main downside is that the XMPP interface only allows person-to-person chat; group chat is not supported through this protocol, although it is possible through the web interface.

Other Features

In theory, Citadel supports Network News Transfer Protocol (NNTP). Regrettably, tests show that the feature does not work. According to the developer, the feature was never fully implemented.

The contacts and calendar systems are available, both in the web interface and by the GroupDAV protocol, which is interesting because it allows users to manage address books and calendars with common desktop tools, like KOrganizer or Kontact. A noticeable miss is the lack of support for the CardDAV and CalDAV protocols. Sadly, most users will be stuck with the web interface for these features, because GroupDAV support was not very reliable during tests.

True to its roots as an old school BBS system, Citadel can be used over SSH and Telnet. Setting up this configuration is a bit involved. The project website offers some instructions for performing a manual install.

Conclusions

Citadel is a nice bundle that includes a bit of everything required to satisfy the communication needs of a group of friends, a club, or a small organization. The mailing list functionality alone is a good reason to consider trying Citadel. However, it looks like Citadel is a jack of all trades and does not manage to excel in most of the tasks it performs.

The Contacts and Calendar functionality are a bit disappointing, so administrators in need of these services should look elsewhere. Nextcloud [6], for example, supports both CalDAV and CardDAV, very useful features Citadel lacks, and will integrate easily with desktop and mobile clients to allow shared contacts and calendars.

The whole Citadel experience feels a bit fiddly. Configuring the server to send and receive email properly is not very intuitive. (See the "Email Connectivity" box.) Although it is much easier than running a full-featured email service stack, an organization with more than a score of users might consider installing a complete email package suck as iRedMail [7].

Email Connectivity

An email server requires:

a static, reputable IP address,
a mail exchanger (MX) entry in the DNS record of your domain, and
a Sender Policy Framework (SPF) entry in the DNS record of your domain.

Theoretically, it is possible to run an email service from a dynamic IP with dynamic DNS (Figure 12), but in practice it can be troublesome and might cause your email to be rejected by other email providers.

Figure 12: Example DNS entries for a service capable of delivering and receiving email.

Setting the DomainKeys Identified Mail (DKIM) authentication method for the server and the domain could be beneficial. Citadel does not provide a DKIM service, but it can be set up separately. The Citadel website provides some hints [8].

That said, Citadel shines at its original purpose: being a forum in which members can initiate discussion threads and respond to questions posted by other people. The Floor and Rooms paradigm might sound strange at first, but once the workflow is understood, it leads to a very productive use of the BBS.

Those who want to try out the software can visit the official Citadel instance [9], which is also a good place to find support.