Re: C6: tcp-wrapping pop3?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, 1 Apr 2013, Eero Volotinen wrote:

> http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers

Much thanks for the link; there is this one also:
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)

> so, I think that process name is pop3. remember to check that dovecot is
> compiled to support tcp wrappers.

Actually, the process is dovecot:
root@brill ~> lsof -i | grep dovecot
COMMAND     PID     USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
dovecot    3056     root   19u  IPv4 49213594      0t0  TCP *:pop3 
(LISTEN)
dovecot    3056     root   20u  IPv6 49213595      0t0  TCP *:pop3 
(LISTEN)
dovecot    3056     root   28u  IPv4 49213620      0t0  TCP *:imap 
(LISTEN)
dovecot    3056     root   29u  IPv6 49213621      0t0  TCP *:imap 
(LISTEN)

So, in hosts.deny you would put
dovecot: xxx.xxx.xxx.xxx

However going back to the links above, I'm concerned in making the 
configuration correctly.

If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf

Then everything accessing ports controlled by dovecot (and open by 
iptables) is blocked.

So my question relates to the second part of the configuration examples in 
the links above:

service tcpwrap {
   unix_listener login/tcpwrap {
     group = $default_login_user
     mode = 0600
     user = $default_login_user
   }
}

Where does this code get placed (in dovecot.conf or in one of the files in 
/etc/dovecot/conf.d)?

And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf

Should that line be uncommented?

Thanks.


> Eero

Max Pyziur
pyz@xxxxxxxxx

> 2013/3/31 Max Pyziur <pyz@xxxxxxxxx>
>
>>
>> Greetings,
>>
>> Per the subject line, how does pop3 get tcp-wrapped when using dovecot?
>>
>> More specifically, when blocking email and (still) using sendmail, entries
>> in /etc/hosts.deny look something like:
>> sendmail: xxx.xxx. etc (depending on the depth/degree)
>>
>> for vsftpd it's
>> vsftpd: xxx.xxx (where the x's are parts of an octet)
>>
>> for sshd it's
>> sshd: xxx.xxx
>>
>> for pop3/dovecot it's?
>> ????: xxx.xxx
>>
>> I'm concerned about what is to the left of the colon (":"), not to the
>> right.
>>
>> Is it a dovecot.conf configuration also?
>>
>> Much thanks,
>>
>> Max Pyziur
>> pyz@xxxxxxxxx
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> http://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux