On Mon, 1 Apr 2013, Eero Volotinen wrote:
http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blockin...
Much thanks for the link; there is this one also: http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)
so, I think that process name is pop3. remember to check that dovecot is compiled to support tcp wrappers.
Actually, the process is dovecot: root@brill ~> lsof -i | grep dovecot COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dovecot 3056 root 19u IPv4 49213594 0t0 TCP *:pop3 (LISTEN) dovecot 3056 root 20u IPv6 49213595 0t0 TCP *:pop3 (LISTEN) dovecot 3056 root 28u IPv4 49213620 0t0 TCP *:imap (LISTEN) dovecot 3056 root 29u IPv6 49213621 0t0 TCP *:imap (LISTEN)
So, in hosts.deny you would put dovecot: xxx.xxx.xxx.xxx
However going back to the links above, I'm concerned in making the configuration correctly.
If you set login_access_sockets = tcpwrap in /etc/dovecot/dovecot.conf
Then everything accessing ports controlled by dovecot (and open by iptables) is blocked.
So my question relates to the second part of the configuration examples in the links above:
service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } }
Where does this code get placed (in dovecot.conf or in one of the files in /etc/dovecot/conf.d)?
And regarding $default_login_user, it appears in a comment line in /etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Thanks.
Eero
Max Pyziur pyz@brama.com
2013/3/31 Max Pyziur pyz@brama.com
Greetings,
Per the subject line, how does pop3 get tcp-wrapped when using dovecot?
More specifically, when blocking email and (still) using sendmail, entries in /etc/hosts.deny look something like: sendmail: xxx.xxx. etc (depending on the depth/degree)
for vsftpd it's vsftpd: xxx.xxx (where the x's are parts of an octet)
for sshd it's sshd: xxx.xxx
for pop3/dovecot it's? ????: xxx.xxx
I'm concerned about what is to the left of the colon (":"), not to the right.
Is it a dovecot.conf configuration also?
Much thanks,
Max Pyziur pyz@brama.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos