Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Apr 2005 17:53:53 -0700
From:      Sam Nilsson <lists@servingpeace.com>
Cc:        freebsd-isp@freebsd.org
Subject:   Re: courier-imap
Message-ID:  <42699CA1.2090007@servingpeace.com>
In-Reply-To: <20050421101626.GE23284@ns2.wananchi.com>
References:  <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com> <42676862.5040605@diewebmaster.at> <20050421101626.GE23284@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Odhiambo Washington wrote:
> * Christian Damm <christian.damm@diewebmaster.at> [20050421 11:51]: wrote:
> 
>>
>>Odhiambo Washington schrieb:
>>
>>>* Christian Damm <christian.damm@diewebmaster.at> [20050421 00:08]: wrote:
>>>
>>>
>>>>Odhiambo Washington schrieb:
>>>>
>>>>
>>>>>Hello Sysadmins,
>>>>>
>>>>>Does anyone have any clues as to how I can easily limit access to my
>>>>>imapd daemon to just a few hosts?
>>>>>I am running courier-imap but looking at /etc/inetd.conf, I don't
>>>>>see how I could put it in there and hence use hosts.allow to control
>>>>>access. Google has not helped much, but again I may be searching using
>>>>>wrong keyword.
>>>>
>>>>1.) you can use the courier-suites own tcp server (quite similar to the 
>>>>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do 
>>>>ip restrictions and much more.
>>>
>>>
>>>This assumes that I use courier as the MTA, yes?
>>>
>>>In my case I only use the IMAP daemon. I use other MTA.
>>>
>>
>>no, if you look at your PS output you`ll see 'couriertcpd' running - 
>>regardless which part of the courier suite you are using ('couriertcpd' 
>>is the courier suites generic tcp server)
> 
> 
> 
> You are damn right!! Now I just need to give it ACLs, you mean??
> I need to find out HOW it is invoked and how I can pass it the arguments
> that will lead to the access control.

Look here:

/usr/local/etc/rc.d/courier-imap-imapd.sh

And here:

$ man couriertcpd
...
OPTIONS
        -access=filename
               Specifies  an optional access file. The access file lists 
the IP
               addresses from which connections should be accepted or 
rejected.
               The access file is also used to initialize environment 
variables

...

I figured this out the hard way. Not too hard really. Remember that all 
3rd party packages have their rc scripts in /usr/local/etc/rc.d and that 
man pages are your friend!

- Sam

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42699CA1.2090007>