[Dovecot] Configuring dovecot to use tcp wrappers
Max Pyziur
pyz at brama.com
Thu Apr 11 19:33:58 EEST 2013
> On 5.4.2013, at 18.19, Max Pyziur <pyz at brama.com> wrote:
>
>> So my question relates to the second part of the configuration examples
>> in the links above:
>>
>> service tcpwrap {
>> unix_listener login/tcpwrap {
>> group = $default_login_user
>> mode = 0600
>> user = $default_login_user
>> }
>> }
>>
>> Where does this code get placed (in dovecot.conf or in one of the files
>> in /etc/dovecot/conf.d)?
>
> Doesn't really matter. I'd put it into conf.d/10-master.conf which has
> other services.
>
>> And regarding $default_login_user, it appears in a comment line in
>> /etc/dovecot/conf.d/10-master.conf
>>
>> Should that line be uncommented?
>
> Just leave it uncommented and it'll use the default value (which it has
> been using so far already).
After some delay, I'm returning to this project.
I've made the changes per above.
I've put in a test ip address in /etc/hosts.deny like so:
dovecot: 166.84.1.2
And then I execute the following from 166.84.1.2 to port 110:
bash-3.2$ telnet SiteWhereImConfiguringDovecot 110
Trying SiteWhereImConfiguringDovecot...
Connected to SiteWhereImConfiguringDovecot.
Escape character is '^]'.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
If dovecot is configured with tcp wrappers (which it is; built on a CentOS
6 system, installed and configured per instructions),
and the firewall has ports 110 and 143 open,
but I'm blocking a particular host through /etc/hosts.deny
then I should not be able to telnet to either port 110 or 143; both
requests should be blocked from the originating IP, no?
Much thanks for your help,
Max Pyziur
pyz at brama.com
More information about the dovecot
mailing list