Mailing List
Home
Forum Home
Linux - General Red Hat Linux discussion list
Installation - Getting started with Red Hat Linux
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
dovecot services problem

dovecot services problem

2006-04-25       - By Rick Stevens

 Back
Reply:     1     2     3     4  

On Tue, 2006-04-25 at 09:59 +0800, fta7wmt@(protected) wrote:
> Dear Rick
> Thank you for your reply
> I try to restrict the pop3 services with your suggestion.
> I can block the service by iptables, but I cannot ensure the hosts.deny is
work on restrict the pop3 services.
> After I configure the hosts.deny and I try to telnet ip 110, I still can
access the POP3 services.
> How can I test the pop3 service with hosts.deny ?

I don't know if dovecot comes compiled with tcpwrapper support.  If it
is NOT compiled with tcpwrapper, then it won't even consult hosts.allow
or hosts.deny.  You'd have to rebuild dovecot with tcpwrapper enabled
to make it go.

That's one of the problems with tcpwrapper...the program MUST be
compiled with tcpwrapper and linked against its library or it doesn't
work.  iptables, however, blocks packets at the IP protocol stack long
before applications could even see them.  In other words, iptables works
at kernel level and will work with ANY application, while tcpwrapper
works at application level and demands the cooperation of the
application to operate.

That's why I prefer iptables.  It ALWAYS works with ALL applications--
even if it's a bit more difficult to configure than tcpwrappers.

>
> On Sun, 2006-04-23 at 17:35 +0800, lstar wrote:
> > Hi All,
> > I would like to block the pop3 services.
> > In dovecot configuration, I modify the statement 'protocol pop3 pop3s
> > imap imaps'
>
> Did you disable pop3 and pop3s in your dovecot config?
>
> > After restart the service, I use nmap to deterfine which port is open.
> > I found that port 110,143,993 and 995 also open.
>
> Yes, port 110 is POP3, and 995 is POP3S.  143 is IMAP and 993 is IMAPS.
>
> > If i need to restrict some domain cannot access pop3 services, I
> > should set the iptables to block all above ports.
> > Or I only need to block 110 port that 's ok
> > On the other hand, if i want to use tcp wrapper to block pop3 services
> > for some of domain , how can i modify the host.deny
>
> You can do either.  If you want to block POP3 access, you can add lines
> like
>
>   -A INPUT -s 0/0 -p tcp -m tcp --dport 110 -j DROP
>   -A INPUT -s 0/0 -p tcp -m tcp --dport 995 -j DROP
>
> to /etc/sysconfig/iptables to block POP3/POP3S access, or you can use
>
>   pop3 : ALL
>   pop3s : ALL
>
> to /etc/hosts.deny.
>
> Personally, I prefer an iptables solution.  It's implemented in the IP
> stack--not userspace--and it will block access even if a given
> application was NOT built with tcpwrappers support.  The "DROP" option
> is also nice since the machine won't respond with an "access denied"
> packet...it simply throws the probes in the bit bucket.
>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
> - Rick Stevens, Senior Systems Engineer     rstevens@(protected) -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> -      Do you know how to save five drowning lawyers?  No?  GOOD!    -
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____
> Redhat-install-list mailing list
> Redhat-install-list@(protected)
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request@(protected)
> Subject: unsubscribe
>
>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____
> Redhat-install-list mailing list
> Redhat-install-list@(protected)
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request@(protected)
> Subject: unsubscribe
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
- Rick Stevens, Senior Systems Engineer     rstevens@(protected) -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-            We look for things.  Things that make us go!            -
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --

__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe