Greetings,
I am looking to implement tcp wrappers with dovecot; I am using the
following two links as guides to configuration:
http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)
I'm concerned in making the configuration correctly.
If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf
Then everything accessing ports controlled by dovecot (and open by
iptables) is blocked.
So my question relates to the second part of the configuration examples in
the links above:
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
Where does this code get placed (in dovecot.conf or in one of the files in
/etc/dovecot/conf.d)?
And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Much thanks.
Max Pyziur
p...@brama.com
Report of dovecot -n:
pyz@pangea ~> dovecot -n
# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.2.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
ssl = no
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
