Re: [courier-users] Re: Restrict POP access methods for source IP - Roland Schneider - net.sourceforge.lists.courier-users

8 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Re: Restrict POP ...

From	Sent On	Attachments
Marc Haber	Jan 27, 2001 1:49 am
Sam Varshavchik	Jan 27, 2001 2:18 am
Marc Haber	Jan 27, 2001 2:33 pm
Marc Haber	Mar 11, 2001 12:14 pm
Roland Schneider	Mar 11, 2001 1:01 pm
jeff jansen	Mar 11, 2001 4:28 pm
Patrick Price	Mar 12, 2001 9:54 am
Marc Haber	Mar 17, 2001 2:12 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [courier-users] Re: Restrict POP access methods for source IP	Actions...
From:	Roland Schneider (rol...@serv.ch)
Date:	Mar 11, 2001 1:01:11 pm
List:	net.sourceforge.lists.courier-users

--On Sonntag, 11. März 2001 21:14 +0100 Marc Haber <cour...@marc-haber.de> wrote:

Yes. Configure the POP3 server listen on 127.0.0.1 only. > > After recent
bugtraq discussions, I now believe this is not good

enough a measure since systems can be easily coaxed into accepting packets destined for 127.0.0.1 when they come in from the outside.

There should be a way to allow connections only from certain source

IPs, maybe by just using TCP wrappers (linking to libwrap).

Courier's pop3d[-ssl] is started via couriertcpd, any access control should be made there. Add the option '-access=dbfile', in sbin/pop3d and create the dbfile:

127.0.0.1 allow * deny

and then makedat -src=${ACCESSFILE} \ -file=${ACCESSFILE}.dat \ -tmp=${ACCESSFILE}.tmp || exit 1

should work, its copied verbatim from sbin/makesmtpaccess :)

Roland

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: