
An overview of the Citadel BBS
The Private Stronghold
Associations demand a plethora of applications to keep their members connected. At the very least, a small organization needs an email system and an address book. Often, they also need a private forum and a chat system. In practice, most small groups don't have the resources required to set up and host all the required services themselves and end up externalizing them. Externalizing IT, such as adopting the address book service provided by Google, might seem an easy solution, but it is not free from problems. Under some jurisdictions, uploading the personal data of contacts to a server managed by a third party is problematic.
Citadel [1] is a groupware solution that integrates many of the services an organization needs in a compact, easy-to-install package. In a matter of minutes, it offers the power to set up email, contacts, Extensible Messaging and Presence Protocol (XMPP) chat, and bulletin board services in a self-hosting environment, without handing over the control of your information to a third party. (See also the "Historical Perspective" box.)
Installing Citadel
Citadel provides an EasyInstall script that automatically sets up the software and its dependencies. The script works with Linux distributions that use the Apt or Yum package managers and will only succeed if systemd is included in the installation; otherwise, the process fails to complete. If the script does not work with your distribution, a manual install will be required [3].
The EasyInstall script has the following prerequisites:
- Apt or Yum package managers
- Systemd
- Curl or Wget
- Bash
In practice, EasyInstall requires a Debian-like or Red Hat-like distribution to manage the dependencies of Citadel automatically.
Citadel comes with its own message transfer agent, which replaces the one provided by your operating system. Citadel also requires access to privileged ports, which means it usually runs as a privileged user. For theses reasons, it is a good idea not to have another mailing system working on the same machine.
Express Firewall
Allowing access to the Citadel instance before setup has finished is undesirable, so the recommended procedure is to close the ports used by Citadel with a firewall and only open them when the instance is ready.
Firewalls are out of the scope of this article, but as a guide, issuing
# apt-get install ufw # ufw allow ssh # ufw default deny incoming # ufw default allow outgoing # ufw enable
as root in a Debian-like operating system will prevent access to Citadel from the Internet and may be issued before executing the EasyInstall script.
Once the setup is complete, the following command opens the ports Citadel uses:
# ufw allow 25,80,110,119,143,443,465,563,587,993,995,5222/tcp
The following commands install Citadel on Debian:
# apt-get install curl bash # curl http://easyinstall.citadel.org/install > EasyInstall.sh # chmod +x EasyInstall.sh # bash ./EasyInstall.sh
The EasyInstall script describes the actions it is going to attempt and asks for confirmation before proceeding (Figure 1); then, it asks whether to install the required dependencies automatically for Citadel and whether to accept the GPLv3 license. Answering affirmatively to these questions begins the installation procedure; then, the script compiles and installs the necessary components. Once the installation is complete, the script launches the setup utility, which allows it to configure the Citadel instance.

Configuring Citadel
First, the setup utility creates an administrative user. The program asks for a username and password. Beware that the maximum password length is 32 characters. If a longer password is introduced, the setup utility silently truncates it.
Second, the program asks which system user will be in charge of running the server, because this user will need permission to operate privileged ports; the default is root. The administrator is prompted for the IP address and port on which Citadel will listen. The default is to listen on every available address and use port 504. Remember, this port is intended for internal use and does not necessarily have to be reachable over the Internet.
Third, the program needs to know which authentication back end is to be used. The default is self contained, which means Citadel will take care of everything.
Fourth, the setup utility configures WebCit, the Citadel web interface. It asks which HTTP and HTTPS ports WebCit will use. Reasonable choices are 80 for HTTP and 443 for HTTPS.
Citadel Management
Once the setup is complete, the server can be accessed by its web interface. A self-signed Transport Layer Security (TLS) certificate is generated on installation, and the web interface will be available on port 80 (non-TLS) and port 443 (TLS). Once logged in, many server settings can be tweaked from the Administration tab (Figure 2), which can be accessed from the left sidebar. Ports 80 or 443 must be unfiltered at the firewall; otherwise, connection is not possible.

At the bare minimum, the administrator should visit Domain names and Internet mail configuration and input a domain name in the Local host aliases box (Figure 3), allowing the server to receive email from the Internet. Filling in the Masqueradable domains box is also a good idea. The Edit site-wide configuration link (reached from the Administration menu) is the place to set a name for the Citadel instance and configure its fully qualified domain name (FQDN) (Figure 4).


Self-service user account creation is active by default. Therefore, anybody can create a user in Citadel and log in, which is not desirable for a private system. To prevent outsiders from creating accounts in a private bulletin board, the administrator can head to Edit site-wide configuration, click the Access tab, and mark the Disable self-service user account creation checkbox (Figure 5). Users can be created manually from Add, change, delete user accounts.

Citadel Rooms
Citadel's main characteristic is that everything is a room, at least internally. Rooms are arranged by floors (Figure 6). For example, on a floor called Animal Talk, you might have the rooms Horses, Dogs, and Cats. The Rooms section, reached from the menubar on the left, shows how rooms are organized within the Citadel instance. By default, any user may create rooms on existing floors by clicking the Advanced section on the sidebar and selecting Create a new room (Figure 7).


On login, a user can click the Goto next room link in the top right corner and visit rooms sequentially where unread messages exist. The Skip this room link moves to the next room without marking the posts in the current room as read. In low-traffic sites, this method is a quick and convenient way to check for unread posts.
Email and Messaging
Private local messages are sent from the Mail section, as can external Internet email. Messages the user sends are kept in the special Sent Items private room, and incoming mail is stored in the Mail private room (both under My Folders in Figure 8). The administrator authorizes users to send external email and sets them up with addresses (Figure 9).


The software provides POP3, IMAP, and SMPT access, so the email services from Citadel can be used with common email clients, such as Thunderbird. Better yet, Thunderbird can be used to read messages in discussion rooms (Figure 10).

As an additional bonus, discussion rooms can be turned into mailing lists by configuring rooms to send new messages to subscribers by email and to post messages sent to specific email addresses to the room (Figure 11). To do so, click the Advanced section on the sidebar, then click Edit or delete this room. The Mailing list service tab is used to configure the mailing list and manage subscribers.

Citadel can integrate many popular features for email services, such as spam filters and SMTP blacklists. For detailed instructions, see the project website [4] [5].
Chat in the Citadel
Text chat is an area where Citadel definitively does not shine, but the option is there. The left sidebar has a Chat section that allows users to chat in real time. Additionally, an XMPP client, such as Pidgin, can be used for chatting. Citadel offers an XMPP service on port 5222 by default.
The main downside is that the XMPP interface only allows person-to-person chat; group chat is not supported through this protocol, although it is possible through the web interface.
Other Features
In theory, Citadel supports Network News Transfer Protocol (NNTP). Regrettably, tests show that the feature does not work. According to the developer, the feature was never fully implemented.
The contacts and calendar systems are available, both in the web interface and by the GroupDAV protocol, which is interesting because it allows users to manage address books and calendars with common desktop tools, like KOrganizer or Kontact. A noticeable miss is the lack of support for the CardDAV and CalDAV protocols. Sadly, most users will be stuck with the web interface for these features, because GroupDAV support was not very reliable during tests.
True to its roots as an old school BBS system, Citadel can be used over SSH and Telnet. Setting up this configuration is a bit involved. The project website offers some instructions for performing a manual install.
Conclusions
Citadel is a nice bundle that includes a bit of everything required to satisfy the communication needs of a group of friends, a club, or a small organization. The mailing list functionality alone is a good reason to consider trying Citadel. However, it looks like Citadel is a jack of all trades and does not manage to excel in most of the tasks it performs.
The Contacts and Calendar functionality are a bit disappointing, so administrators in need of these services should look elsewhere. Nextcloud [6], for example, supports both CalDAV and CardDAV, very useful features Citadel lacks, and will integrate easily with desktop and mobile clients to allow shared contacts and calendars.
The whole Citadel experience feels a bit fiddly. Configuring the server to send and receive email properly is not very intuitive. (See the "Email Connectivity" box.) Although it is much easier than running a full-featured email service stack, an organization with more than a score of users might consider installing a complete email package suck as iRedMail [7].
That said, Citadel shines at its original purpose: being a forum in which members can initiate discussion threads and respond to questions posted by other people. The Floor and Rooms paradigm might sound strange at first, but once the workflow is understood, it leads to a very productive use of the BBS.
Those who want to try out the software can visit the official Citadel instance [9], which is also a good place to find support.