courier-imap
Odhiambo Washington
wash at wananchi.com
Wed Apr 20 22:40:39 PDT 2005
* Christian Damm <christian.damm at diewebmaster.at> [20050421 00:08]: wrote:
>
>
> Odhiambo Washington schrieb:
> >Hello Sysadmins,
> >
> >Does anyone have any clues as to how I can easily limit access to my
> >imapd daemon to just a few hosts?
> >I am running courier-imap but looking at /etc/inetd.conf, I don't
> >see how I could put it in there and hence use hosts.allow to control
> >access. Google has not helped much, but again I may be searching using
> >wrong keyword.
>
> 1.) you can use the courier-suites own tcp server (quite similar to the
> DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do
> ip restrictions and much more.
This assumes that I use courier as the MTA, yes?
In my case I only use the IMAP daemon. I use other MTA.
> 2.) dont know if it is possible to compile courier imap aginst libwrap
> and use the tcp wrapper (hosts.allow).
Perhaps this one might be better. I will look into this.
> 3.) i would not start courier imap via inetd/xinetd - courier imap was
> developed to be a stanalone imap daemon running within the
> courier-suite/framework...sure, you could use tcp wrapper without probs
> when using inetd/xinetd but there are better solutions than using one of
> the "super servers" *urghh*.
I learnt that as well just yesterday! I had forgotten it's supposed to
be a standalone server.
> 4.) use the packet filter on your border router/gateway/firewall or
> firewall the host directly via ipfw/ipf/pf to restrict access.
I will start with this, since it's the easiest.
-Wash
http://www.netmeister.org/news/learn2quote.html
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wash at wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
Make it myself? But I'm a physical organic chemist!
More information about the freebsd-isp
mailing list