From owner-freebsd-isp@FreeBSD.ORG Sat Apr 23 00:54:36 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BFB216A4E2 for ; Sat, 23 Apr 2005 00:54:36 +0000 (GMT) Received: from smtp.servingpeace.com (servingpeace.com [69.55.225.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9D6C43D58 for ; Sat, 23 Apr 2005 00:54:35 +0000 (GMT) (envelope-from lists@servingpeace.com) Received: from [10.0.0.2] (adsl-69-104-90-235.dsl.pltn13.pacbell.net [69.104.90.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.servingpeace.com (Postfix) with ESMTP id 925BDBA224 for ; Fri, 22 Apr 2005 17:54:35 -0700 (PDT) Message-ID: <42699CA1.2090007@servingpeace.com> Date: Fri, 22 Apr 2005 17:53:53 -0700 From: Sam Nilsson User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-isp@freebsd.org References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com> <42676862.5040605@diewebmaster.at> <20050421101626.GE23284@ns2.wananchi.com> In-Reply-To: <20050421101626.GE23284@ns2.wananchi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Apr 2005 00:54:36 -0000 Odhiambo Washington wrote: > * Christian Damm [20050421 11:51]: wrote: > >> >>Odhiambo Washington schrieb: >> >>>* Christian Damm [20050421 00:08]: wrote: >>> >>> >>>>Odhiambo Washington schrieb: >>>> >>>> >>>>>Hello Sysadmins, >>>>> >>>>>Does anyone have any clues as to how I can easily limit access to my >>>>>imapd daemon to just a few hosts? >>>>>I am running courier-imap but looking at /etc/inetd.conf, I don't >>>>>see how I could put it in there and hence use hosts.allow to control >>>>>access. Google has not helped much, but again I may be searching using >>>>>wrong keyword. >>>> >>>>1.) you can use the courier-suites own tcp server (quite similar to the >>>>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do >>>>ip restrictions and much more. >>> >>> >>>This assumes that I use courier as the MTA, yes? >>> >>>In my case I only use the IMAP daemon. I use other MTA. >>> >> >>no, if you look at your PS output you`ll see 'couriertcpd' running - >>regardless which part of the courier suite you are using ('couriertcpd' >>is the courier suites generic tcp server) > > > > You are damn right!! Now I just need to give it ACLs, you mean?? > I need to find out HOW it is invoked and how I can pass it the arguments > that will lead to the access control. Look here: /usr/local/etc/rc.d/courier-imap-imapd.sh And here: $ man couriertcpd ... OPTIONS -access=filename Specifies an optional access file. The access file lists the IP addresses from which connections should be accepted or rejected. The access file is also used to initialize environment variables ... I figured this out the hard way. Not too hard really. Remember that all 3rd party packages have their rc scripts in /usr/local/etc/rc.d and that man pages are your friend! - Sam