Citadel combines webmail, IMAP/SMTP services, calendars, and contacts in one stack. Harden mail transport and relay behavior first, then secure web access and account policy.
- Ensure SMTP relay is authenticated and not open relay.
- Expose submission ports with TLS and disable plaintext auth on public interfaces.
- Restrict IMAP/POP access to required networks if possible.
- Keep administrative ports unavailable from the public internet.
¶ 2) Harden account and login protections
- Enforce strong password policy for all users.
- Restrict admin accounts to dedicated operators only.
- Add reverse-proxy rate limiting and
fail2ban for auth failures.
- Disable unused legacy protocols where possible.
¶ 3) Protect backup and message data
- Encrypt backups that include mailboxes and calendar data.
- Keep filesystem permissions strict on Citadel data directories.
- Apply regular patching for Citadel and host OS packages.
- Monitor authentication and SMTP logs for abuse patterns.
- Citadel project documentation: https://www.citadel.org/
- Citadel source information: https://www.citadel.org/source.html
Any questions?
Feel free to contact us. Find all contact information on our contact page.