[Dovecot] Configuring dovecot to use tcp wrappers

Max Pyziur pyz at brama.com
Fri Apr 5 18:19:46 EEST 2013


Greetings,

I am looking to implement tcp wrappers with dovecot; I am using the 
following two links as guides to configuration:
http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)

I'm concerned in making the configuration correctly.

If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf

Then everything accessing ports controlled by dovecot (and open by 
iptables) is blocked.

So my question relates to the second part of the configuration examples in 
the links above:

service tcpwrap {
   unix_listener login/tcpwrap {
     group = $default_login_user
     mode = 0600
     user = $default_login_user
   }
}

Where does this code get placed (in dovecot.conf or in one of the files in 
/etc/dovecot/conf.d)?
And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf

Should that line be uncommented?

Much thanks.

Max Pyziur
pyz at brama.com


Report of dovecot -n:
pyz at pangea ~> dovecot -n
# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.2.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
ssl = no
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
   driver = passwd
}



More information about the dovecot mailing list