Systemd and listen restriction to localhost not enforced
Joseph Tam
jtam.home at gmail.com
Wed Jul 8 21:56:13 UTC 2015
Sven Strickroth <sven at cs-ware.de> writes:
> in /etc/dovecot/conf.d/10-master.conf I have restricted IMAP to
> localhost only:
>
> service imap-login {
> inet_listener imap {
> address = 127.0.0.1
> #port = 143
> }
> inet_listener imaps {
> #port = 993
> #ssl = yes
> }
> }
>
> However, /lib/systemd/system/dovecot.socket make it listen on
> 0.0.0.0:143 and [::]:143 causing the service being available to
> the public which it should not. - IMHO this is a security issue.
I don't know much about systemd, but you'll probably need dovecot
configuration
listen = 127.0.0.1
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list