Date: Thu, 21 Apr 2005 10:46:26 +0200 From: Christian Damm <christian.damm@diewebmaster.at> To: Odhiambo Washington <wash@wananchi.com> Cc: freebsd-isp@freebsd.org Subject: Re: courier-imap Message-ID: <42676862.5040605@diewebmaster.at> In-Reply-To: <20050421054035.GA82393@ns2.wananchi.com> References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Odhiambo Washington schrieb:
> * Christian Damm <christian.damm@diewebmaster.at> [20050421 00:08]: wrote:
>
>>
>>Odhiambo Washington schrieb:
>>
>>>Hello Sysadmins,
>>>
>>>Does anyone have any clues as to how I can easily limit access to my
>>>imapd daemon to just a few hosts?
>>>I am running courier-imap but looking at /etc/inetd.conf, I don't
>>>see how I could put it in there and hence use hosts.allow to control
>>>access. Google has not helped much, but again I may be searching using
>>>wrong keyword.
>>
>>1.) you can use the courier-suites own tcp server (quite similar to the
>>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do
>>ip restrictions and much more.
>
>
> This assumes that I use courier as the MTA, yes?
>
> In my case I only use the IMAP daemon. I use other MTA.
>
no, if you look at your PS output you`ll see 'couriertcpd' running -
regardless which part of the courier suite you are using ('couriertcpd'
is the courier suites generic tcp server)
>
>
>>2.) dont know if it is possible to compile courier imap aginst libwrap
>>and use the tcp wrapper (hosts.allow).
>
>
>
> Perhaps this one might be better. I will look into this.
>
method 1 is the best in any case imho.
>
>
>>3.) i would not start courier imap via inetd/xinetd - courier imap was
>>developed to be a stanalone imap daemon running within the
>>courier-suite/framework...sure, you could use tcp wrapper without probs
>>when using inetd/xinetd but there are better solutions than using one of
>>the "super servers" *urghh*.
>
>
> I learnt that as well just yesterday! I had forgotten it's supposed to
> be a standalone server.
>
ok
>
>
>
>>4.) use the packet filter on your border router/gateway/firewall or
>>firewall the host directly via ipfw/ipf/pf to restrict access.
>
>
>
> I will start with this, since it's the easiest.
>
true
>
>
>
> -Wash
>
> http://www.netmeister.org/news/learn2quote.html
>
> --
> +======================================================================+
> |\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com>
> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
> |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
> '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
> +======================================================================+
> Make it myself? But I'm a physical organic chemist!
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
> !DSPAM:42673d00268302104424051!
>
--
mfg.
christian damm
technische leitung
phone: dw 42
email: christian.damm@diewebmaster.at
icq at work: 124464652
die webmaster - flötzerweg 156 - 4030 linz - austria
phone: +43-732-381242, fax: +43-732-381242-22, isdn (leonardo):
+43-732-381242-33
homepage: www.diewebmaster.at, public email: office@diewebmaster.at
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42676862.5040605>