dovecot - Nov 2016 - dovecot / tcp-wrappers / FBSD 10.3

Can anyone share the proper config to get wrappers working in dovecot on 
FreeBSD?

The dovecot examples do not seem to work, and I thought perhaps FBSD 
needs slightly different configs.

I've compiled with:   -DHAVE_LIBWRAP

which I presume is the first step.

The example for dovecot.conf in uncommenting:

login_access_sockets = tcpwrap

merely causes a log error of "imap-login: Error: connect(tcpwrap) 
failed: No such file or directory"


Suggestions/Direction much appreciated.

# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets login_access_sockets = tcpwrap

service tcpwrap {
  unix_listener login/tcpwrap {
    group = $default_login_user
    mode = 0600
    user = $default_login_user
  }
}


I believe that's all.  I had placed it all in
/usr/local/etc/dovecot/dovecot.conf.



On Mon, Nov 14, 2016 at 11:45 AM, Jim Pazarena <dovecot at paz.bz> wrote:
> Can anyone share the proper config to get wrappers working in dovecot on
> FreeBSD?
>
> The dovecot examples do not seem to work, and I thought perhaps FBSD needs
> slightly different configs.
>
> I've compiled with:   -DHAVE_LIBWRAP
>
> which I presume is the first step.
>
> The example for dovecot.conf in uncommenting:
>
> login_access_sockets = tcpwrap
>
> merely causes a log error of "imap-login: Error: connect(tcpwrap)
failed:
> No such file or directory"
>
>
> Suggestions/Direction much appreciated.
>


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281

Am 14.11.2016 um 18:50 schrieb Larry Rosenman:
> # Space separated list of login access check sockets (e.g. tcpwrap)
> #login_access_sockets > login_access_sockets = tcpwrap
> 
> service tcpwrap {
>   unix_listener login/tcpwrap {
>     group = $default_login_user
>     mode = 0600
>     user = $default_login_user
>   }
> }
> 
> 
> I believe that's all.  I had placed it all in
> /usr/local/etc/dovecot/dovecot.conf.
for the record: the wiki doesn't mention the obvious part: configuring
access rules.

dovecot configured like mentioned on
http://wiki2.dovecot.org/LoginProcess#TCP_wrappers_support look into
/etc/hosts.allow and /etc/hosts.deny.
that allow two use cases:
1. allow any client but deny a specific one
2. deny all clients and allow only specific one

1. $ cat /etc/hosts.deny
   # deny 192.0.2.143 to use imap service, deny 192.0.2.110 to use pop3 service
   imap: 192.0.2.143
   pop3: 192.0.2.110

2. $ cat /etc/hosts.deny
   # deny imap access at all
   imap: *
   $ cat /etc/hosts.allow
   # allow imap access for that client
   imap: 192.0.2.143

the format is described in "man 5 hosts.allow" + "man 5
hosts.deny"

Andreas