[dovecot] Re: inetd/xinetd/tcpserver support

Farkas Levente lfarkas at bnap.hu
Wed Feb 26 10:58:36 EET 2003


I always prefer standalone daemons, and as we see the tendency is that 
most server run as standalone (apache, vsftpd, ssh...). at the begining 
they has (x)inetd version later remove it...
IMHO ip/tcp filtering should have done in a firewall or some fitering 
can be implemented in the standalone server too..
but this is just my 2c:-)

Timo Sirainen wrote:
> I was just thinking how they could be easily supported. This would work,
> right? :
> 
> imap stream tcp nowait root /usr/sbin/tcpd /usr/local/libexec/dovecot/imap-login
> imaps stream tcp nowait root /usr/sbin/tcpd /usr/local/libexec/dovecot/imap-login --ssl
> 
> imap-login would try to connect to master process using some named
> socket. If it couldn't, it would create the master process itself.
> Master process would work as usual (executes auth and imap processes),
> except it wouldn't be executing login processes.
> 
> This wouldn't require much code changing, and it would still be using
> all the same privilege separations as the standalone version so it would
> be just a secure.
> 
> Only thing I'm wondering is if any of the TCP wrappers care about the
> created child processes? The master process would have to stay alive
> after the connection that created it dies.
> 
> I guess I'll implement this soon and try if it works.
> 
> 
> 


-- 
   Levente                               "Si vis pacem para bellum!"





More information about the dovecot mailing list