On 5.4.2013, at 18.19, Max Pyziur <pyz@brama.com> wrote:
So my question relates to the second part of the configuration examples in the links above:
service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } }
Where does this code get placed (in dovecot.conf or in one of the files in /etc/dovecot/conf.d)?
Doesn't really matter. I'd put it into conf.d/10-master.conf which has other services.
And regarding $default_login_user, it appears in a comment line in /etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Just leave it uncommented and it'll use the default value (which it has been using so far already).
After some delay, I'm returning to this project.
I've made the changes per above.
I've put in a test ip address in /etc/hosts.deny like so: dovecot: 166.84.1.2
And then I execute the following from 166.84.1.2 to port 110: bash-3.2$ telnet SiteWhereImConfiguringDovecot 110 Trying SiteWhereImConfiguringDovecot... Connected to SiteWhereImConfiguringDovecot. Escape character is '^]'. +OK Dovecot ready. quit +OK Logging out Connection closed by foreign host.
If dovecot is configured with tcp wrappers (which it is; built on a CentOS 6 system, installed and configured per instructions), and the firewall has ports 110 and 143 open, but I'm blocking a particular host through /etc/hosts.deny then I should not be able to telnet to either port 110 or 143; both requests should be blocked from the originating IP, no?
Much thanks for your help,
Max Pyziur pyz@brama.com