[CentOS] C6: tcp-wrapping pop3?

Thu Apr 4 13:41:13 UTC 2013
Max Pyziur <pyz at brama.com>

On Mon, 1 Apr 2013, Eero Volotinen wrote:

> http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers

Much thanks for the link; there is this one also:
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)

> so, I think that process name is pop3. remember to check that dovecot is
> compiled to support tcp wrappers.

Actually, the process is dovecot:
root at brill ~> lsof -i | grep dovecot
COMMAND     PID     USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
dovecot    3056     root   19u  IPv4 49213594      0t0  TCP *:pop3 
(LISTEN)
dovecot    3056     root   20u  IPv6 49213595      0t0  TCP *:pop3 
(LISTEN)
dovecot    3056     root   28u  IPv4 49213620      0t0  TCP *:imap 
(LISTEN)
dovecot    3056     root   29u  IPv6 49213621      0t0  TCP *:imap 
(LISTEN)

So, in hosts.deny you would put
dovecot: xxx.xxx.xxx.xxx

However going back to the links above, I'm concerned in making the 
configuration correctly.

If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf

Then everything accessing ports controlled by dovecot (and open by 
iptables) is blocked.

So my question relates to the second part of the configuration examples in 
the links above:

service tcpwrap {
   unix_listener login/tcpwrap {
     group = $default_login_user
     mode = 0600
     user = $default_login_user
   }
}

Where does this code get placed (in dovecot.conf or in one of the files in 
/etc/dovecot/conf.d)?

And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf

Should that line be uncommented?

Thanks.


> Eero

Max Pyziur
pyz at brama.com

> 2013/3/31 Max Pyziur <pyz at brama.com>
>
>>
>> Greetings,
>>
>> Per the subject line, how does pop3 get tcp-wrapped when using dovecot?
>>
>> More specifically, when blocking email and (still) using sendmail, entries
>> in /etc/hosts.deny look something like:
>> sendmail: xxx.xxx. etc (depending on the depth/degree)
>>
>> for vsftpd it's
>> vsftpd: xxx.xxx (where the x's are parts of an octet)
>>
>> for sshd it's
>> sshd: xxx.xxx
>>
>> for pop3/dovecot it's?
>> ????: xxx.xxx
>>
>> I'm concerned about what is to the left of the colon (":"), not to the
>> right.
>>
>> Is it a dovecot.conf configuration also?
>>
>> Much thanks,
>>
>> Max Pyziur
>> pyz at brama.com
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>