Systemd and listen restriction to localhost not enforced
Sven Strickroth
sven at cs-ware.de
Wed Jul 8 21:44:56 UTC 2015
Hi,
in /etc/dovecot/conf.d/10-master.conf I have restricted IMAP to
localhost only:
service imap-login {
inet_listener imap {
address = 127.0.0.1
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
}
However, /lib/systemd/system/dovecot.socket make it listen on
0.0.0.0:143 and [::]:143 causing the service being available to
the public which it should not. - IMHO this is a security issue.
PS: When starting dovecot I got:
Jul 6 22:52:14 srv1 dovecot[19921]: Error: systemd listens on port 143,
but it's not configured in Dovecot. Closing.
Jul 6 22:52:14 srv1 dovecot: master: Error: systemd listens on port
143, but it's not configured in Dovecot. Closing.
--
Best regards,
Sven Strickroth
PGP key id F5A9D4C4 @ any key-server
More information about the dovecot
mailing list