From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 05:40:39 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE7D616A4CE for ; Thu, 21 Apr 2005 05:40:39 +0000 (GMT) Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCE2943D41 for ; Thu, 21 Apr 2005 05:40:38 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DOUQV-0000EH-Bo by authid for ; Thu, 21 Apr 2005 08:40:35 +0300 Date: Thu, 21 Apr 2005 08:40:35 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20050421054035.GA82393@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4266C4BA.1010205@diewebmaster.at> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 05:40:39 -0000 * Christian Damm [20050421 00:08]: wrote: > > > Odhiambo Washington schrieb: > >Hello Sysadmins, > > > >Does anyone have any clues as to how I can easily limit access to my > >imapd daemon to just a few hosts? > >I am running courier-imap but looking at /etc/inetd.conf, I don't > >see how I could put it in there and hence use hosts.allow to control > >access. Google has not helped much, but again I may be searching using > >wrong keyword. > > 1.) you can use the courier-suites own tcp server (quite similar to the > DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do > ip restrictions and much more. This assumes that I use courier as the MTA, yes? In my case I only use the IMAP daemon. I use other MTA. > 2.) dont know if it is possible to compile courier imap aginst libwrap > and use the tcp wrapper (hosts.allow). Perhaps this one might be better. I will look into this. > 3.) i would not start courier imap via inetd/xinetd - courier imap was > developed to be a stanalone imap daemon running within the > courier-suite/framework...sure, you could use tcp wrapper without probs > when using inetd/xinetd but there are better solutions than using one of > the "super servers" *urghh*. I learnt that as well just yesterday! I had forgotten it's supposed to be a standalone server. > 4.) use the packet filter on your border router/gateway/firewall or > firewall the host directly via ipfw/ipf/pf to restrict access. I will start with this, since it's the easiest. -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Make it myself? But I'm a physical organic chemist!