[Dovecot] tcp_wrappers
Hi,
I've just started using Dovecot (v1.1.14), and I'm noticing a lot of dictionary attacks. I searched through the documentation and the mailing list archives hoping to find support for tcp_wrappers (hosts.deny) support.
I did find some suggested patches in the list from last year, but as far as I can tell, there is no support in the released versions.
Is this implemented and undocumented, or just unimplemented? I would be surprised to find it unimplemented in such an otherwise sophisticated project.
Thanks in advance, --Bill
On Sun, 2009-06-21 at 16:34 -0700, listmail wrote:
Hi,
I've just started using Dovecot (v1.1.14), and I'm noticing a lot of dictionary attacks. I searched through the documentation and the mailing list archives hoping to find support for tcp_wrappers (hosts.deny) support.
People seem to be using fail2ban commonly to prevent that.
I did find some suggested patches in the list from last year, but as far as I can tell, there is no support in the released versions.
http://dovecot.org/patches/1.1/tcp-wrappers.patch should work.
Is this implemented and undocumented, or just unimplemented? I would be surprised to find it unimplemented in such an otherwise sophisticated project.
http://www.dovecot.org/list/dovecot/2006-April/012476.html pretty much explains why it isn't there. Now that v2.0 is in a kind of usable state, I suppose I should finally implement it.
http://dovecot.org/patches/1.1/tcp-wrappers.patch should work. I'll attach an updated version for 1.2. Remember to run auto {conf,header,make} after applying.
On Tuesday, June 23, 2009 8:09 PM +0200 Edgar Fuß ef@math.uni-bonn.de wrote:
http://dovecot.org/patches/1.1/tcp-wrappers.patch should work. I'll attach an updated version for 1.2. Remember to run auto{conf,header,make} after applying.
Typo here (missing "p"):
i_fatal("Tried to use TCP wrapers with process_per_connection=no");
participants (4)
-
Edgar Fuß
-
Kenneth Porter
-
listmail
-
Timo Sirainen