Systemd and listen restriction to localhost not enforced

Joseph Tam jtam.home at gmail.com
Wed Jul 8 21:56:13 UTC 2015


Sven Strickroth <sven at cs-ware.de> writes:

> in /etc/dovecot/conf.d/10-master.conf I have restricted IMAP to
> localhost only:
>
> service imap-login {
>  inet_listener imap {
>    address = 127.0.0.1
>    #port = 143
>  }
>  inet_listener imaps {
>    #port = 993
>    #ssl = yes
>  }
> }
>
> However, /lib/systemd/system/dovecot.socket make it listen on
> 0.0.0.0:143 and [::]:143 causing the service being available to
> the public which it should not. - IMHO this is a security issue.

I don't know much about systemd, but you'll probably need dovecot
configuration

 	listen = 127.0.0.1

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list