[CentOS] C6: tcp-wrapping pop3?
Max Pyziur
pyz at brama.com
Thu Apr 4 13:41:13 UTC 2013
On Mon, 1 Apr 2013, Eero Volotinen wrote:
> http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers
Much thanks for the link; there is this one also:
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)
> so, I think that process name is pop3. remember to check that dovecot is
> compiled to support tcp wrappers.
Actually, the process is dovecot:
root at brill ~> lsof -i | grep dovecot
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dovecot 3056 root 19u IPv4 49213594 0t0 TCP *:pop3
(LISTEN)
dovecot 3056 root 20u IPv6 49213595 0t0 TCP *:pop3
(LISTEN)
dovecot 3056 root 28u IPv4 49213620 0t0 TCP *:imap
(LISTEN)
dovecot 3056 root 29u IPv6 49213621 0t0 TCP *:imap
(LISTEN)
So, in hosts.deny you would put
dovecot: xxx.xxx.xxx.xxx
However going back to the links above, I'm concerned in making the
configuration correctly.
If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf
Then everything accessing ports controlled by dovecot (and open by
iptables) is blocked.
So my question relates to the second part of the configuration examples in
the links above:
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
Where does this code get placed (in dovecot.conf or in one of the files in
/etc/dovecot/conf.d)?
And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Thanks.
> Eero
Max Pyziur
pyz at brama.com
> 2013/3/31 Max Pyziur <pyz at brama.com>
>
>>
>> Greetings,
>>
>> Per the subject line, how does pop3 get tcp-wrapped when using dovecot?
>>
>> More specifically, when blocking email and (still) using sendmail, entries
>> in /etc/hosts.deny look something like:
>> sendmail: xxx.xxx. etc (depending on the depth/degree)
>>
>> for vsftpd it's
>> vsftpd: xxx.xxx (where the x's are parts of an octet)
>>
>> for sshd it's
>> sshd: xxx.xxx
>>
>> for pop3/dovecot it's?
>> ????: xxx.xxx
>>
>> I'm concerned about what is to the left of the colon (":"), not to the
>> right.
>>
>> Is it a dovecot.conf configuration also?
>>
>> Much thanks,
>>
>> Max Pyziur
>> pyz at brama.com
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list