Re: dovecot / tcp-wrappers / FBSD 10.3

2016-11-14 Thread A. Schulze 


Am 14.11.2016 um 18:50 schrieb Larry Rosenman:
> # Space separated list of login access check sockets (e.g. tcpwrap)
> #login_access_sockets =
> login_access_sockets = tcpwrap
> 
> service tcpwrap {
>   unix_listener login/tcpwrap {
> group = $default_login_user
> mode = 0600
> user = $default_login_user
>   }
> }
> 
> 
> I believe that's all.  I had placed it all in
> /usr/local/etc/dovecot/dovecot.conf.

for the record: the wiki doesn't mention the obvious part: configuring access 
rules.

dovecot configured like mentioned on 
http://wiki2.dovecot.org/LoginProcess#TCP_wrappers_support look into 
/etc/hosts.allow and /etc/hosts.deny.
that allow two use cases:
1. allow any client but deny a specific one
2. deny all clients and allow only specific one

1. $ cat /etc/hosts.deny
   # deny 192.0.2.143 to use imap service, deny 192.0.2.110 to use pop3 service
   imap: 192.0.2.143
   pop3: 192.0.2.110

2. $ cat /etc/hosts.deny
   # deny imap access at all
   imap: *
   $ cat /etc/hosts.allow
   # allow imap access for that client
   imap: 192.0.2.143

the format is described in "man 5 hosts.allow" + "man 5 hosts.deny"

Andreas

Re: dovecot / tcp-wrappers / FBSD 10.3

2016-11-14 Thread Larry Rosenman 
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
login_access_sockets = tcpwrap

service tcpwrap {
  unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
  }
}


I believe that's all.  I had placed it all in
/usr/local/etc/dovecot/dovecot.conf.



On Mon, Nov 14, 2016 at 11:45 AM, Jim Pazarena  wrote:

> Can anyone share the proper config to get wrappers working in dovecot on
> FreeBSD?
>
> The dovecot examples do not seem to work, and I thought perhaps FBSD needs
> slightly different configs.
>
> I've compiled with:   -DHAVE_LIBWRAP
>
> which I presume is the first step.
>
> The example for dovecot.conf in uncommenting:
>
> login_access_sockets = tcpwrap
>
> merely causes a log error of "imap-login: Error: connect(tcpwrap) failed:
> No such file or directory"
>
>
> Suggestions/Direction much appreciated.
>



-- 
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com
US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281

dovecot / tcp-wrappers / FBSD 10.3

2016-11-14 Thread Jim Pazarena 
Can anyone share the proper config to get wrappers working in dovecot on 
FreeBSD?


The dovecot examples do not seem to work, and I thought perhaps FBSD 
needs slightly different configs.


I've compiled with:   -DHAVE_LIBWRAP

which I presume is the first step.

The example for dovecot.conf in uncommenting:

login_access_sockets = tcpwrap

merely causes a log error of "imap-login: Error: connect(tcpwrap) 
failed: No such file or directory"



Suggestions/Direction much appreciated.