dovecot / tcp-wrappers / FBSD 10.3
Can anyone share the proper config to get wrappers working in dovecot on FreeBSD?
The dovecot examples do not seem to work, and I thought perhaps FBSD needs slightly different configs.
I've compiled with: -DHAVE_LIBWRAP
which I presume is the first step.
The example for dovecot.conf in uncommenting:
login_access_sockets = tcpwrap
merely causes a log error of "imap-login: Error: connect(tcpwrap) failed: No such file or directory"
Suggestions/Direction much appreciated.
# Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = login_access_sockets = tcpwrap
service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } }
I believe that's all. I had placed it all in /usr/local/etc/dovecot/dovecot.conf.
On Mon, Nov 14, 2016 at 11:45 AM, Jim Pazarena <dovecot@paz.bz> wrote:
Can anyone share the proper config to get wrappers working in dovecot on FreeBSD?
The dovecot examples do not seem to work, and I thought perhaps FBSD needs slightly different configs.
I've compiled with: -DHAVE_LIBWRAP
which I presume is the first step.
The example for dovecot.conf in uncommenting:
login_access_sockets = tcpwrap
merely causes a log error of "imap-login: Error: connect(tcpwrap) failed: No such file or directory"
Suggestions/Direction much appreciated.
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
Am 14.11.2016 um 18:50 schrieb Larry Rosenman:
# Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = login_access_sockets = tcpwrap
service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } }
I believe that's all. I had placed it all in /usr/local/etc/dovecot/dovecot.conf.
for the record: the wiki doesn't mention the obvious part: configuring access rules.
dovecot configured like mentioned on http://wiki2.dovecot.org/LoginProcess#TCP_wrappers_support look into /etc/hosts.allow and /etc/hosts.deny. that allow two use cases: the format is described in "man 5 hosts.allow" + "man 5 hosts.deny"
allow any client but deny a specific one
deny all clients and allow only specific one
$ cat /etc/hosts.deny # deny 192.0.2.143 to use imap service, deny 192.0.2.110 to use pop3 service imap: 192.0.2.143 pop3: 192.0.2.110
$ cat /etc/hosts.deny # deny imap access at all imap: * $ cat /etc/hosts.allow # allow imap access for that client imap: 192.0.2.143
Andreas
participants (3)
-
A. Schulze
-
Jim Pazarena
-
Larry Rosenman