Sven Strickroth
2015-Jul-08 21:44 UTC
Systemd and listen restriction to localhost not enforced
Hi, in /etc/dovecot/conf.d/10-master.conf I have restricted IMAP to localhost only: service imap-login { inet_listener imap { address = 127.0.0.1 #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } } However, /lib/systemd/system/dovecot.socket make it listen on 0.0.0.0:143 and [::]:143 causing the service being available to the public which it should not. - IMHO this is a security issue. PS: When starting dovecot I got: Jul 6 22:52:14 srv1 dovecot[19921]: Error: systemd listens on port 143, but it's not configured in Dovecot. Closing. Jul 6 22:52:14 srv1 dovecot: master: Error: systemd listens on port 143, but it's not configured in Dovecot. Closing. -- Best regards, Sven Strickroth PGP key id F5A9D4C4 @ any key-server