dovecot / tcp-wrappers / FBSD 10.3
A. Schulze
sca at andreasschulze.de
Mon Nov 14 21:01:32 UTC 2016
Am 14.11.2016 um 18:50 schrieb Larry Rosenman:
> # Space separated list of login access check sockets (e.g. tcpwrap)
> #login_access_sockets =
> login_access_sockets = tcpwrap
>
> service tcpwrap {
> unix_listener login/tcpwrap {
> group = $default_login_user
> mode = 0600
> user = $default_login_user
> }
> }
>
>
> I believe that's all. I had placed it all in
> /usr/local/etc/dovecot/dovecot.conf.
for the record: the wiki doesn't mention the obvious part: configuring access rules.
dovecot configured like mentioned on http://wiki2.dovecot.org/LoginProcess#TCP_wrappers_support look into /etc/hosts.allow and /etc/hosts.deny.
that allow two use cases:
1. allow any client but deny a specific one
2. deny all clients and allow only specific one
1. $ cat /etc/hosts.deny
# deny 192.0.2.143 to use imap service, deny 192.0.2.110 to use pop3 service
imap: 192.0.2.143
pop3: 192.0.2.110
2. $ cat /etc/hosts.deny
# deny imap access at all
imap: *
$ cat /etc/hosts.allow
# allow imap access for that client
imap: 192.0.2.143
the format is described in "man 5 hosts.allow" + "man 5 hosts.deny"
Andreas
More information about the dovecot
mailing list