dovecot / tcp-wrappers / FBSD 10.3

A. Schulze sca at andreasschulze.de
Mon Nov 14 21:01:32 UTC 2016



Am 14.11.2016 um 18:50 schrieb Larry Rosenman:
> # Space separated list of login access check sockets (e.g. tcpwrap)
> #login_access_sockets =
> login_access_sockets = tcpwrap
> 
> service tcpwrap {
>   unix_listener login/tcpwrap {
>     group = $default_login_user
>     mode = 0600
>     user = $default_login_user
>   }
> }
> 
> 
> I believe that's all.  I had placed it all in
> /usr/local/etc/dovecot/dovecot.conf.

for the record: the wiki doesn't mention the obvious part: configuring access rules.

dovecot configured like mentioned on http://wiki2.dovecot.org/LoginProcess#TCP_wrappers_support look into /etc/hosts.allow and /etc/hosts.deny.
that allow two use cases:
1. allow any client but deny a specific one
2. deny all clients and allow only specific one

1. $ cat /etc/hosts.deny
   # deny 192.0.2.143 to use imap service, deny 192.0.2.110 to use pop3 service
   imap: 192.0.2.143
   pop3: 192.0.2.110

2. $ cat /etc/hosts.deny
   # deny imap access at all
   imap: *
   $ cat /etc/hosts.allow
   # allow imap access for that client
   imap: 192.0.2.143

the format is described in "man 5 hosts.allow" + "man 5 hosts.deny"

Andreas


More information about the dovecot mailing list