thr3ads.net - dovecot - Systemd and listen restriction to localhost not enforced [Jul 2015]

If this information is useful, please help other people find it:
Share via:

Sven Strickroth

2015-Jul-08 21:44 UTC

Systemd and listen restriction to localhost not enforced

Hi,

in /etc/dovecot/conf.d/10-master.conf I have restricted IMAP to
localhost only:

service imap-login {
  inet_listener imap {
    address = 127.0.0.1
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }
}

However, /lib/systemd/system/dovecot.socket make it listen on
0.0.0.0:143 and [::]:143 causing the service being available to
the public which it should not. - IMHO this is a security issue.

PS: When starting dovecot I got:
Jul  6 22:52:14 srv1 dovecot[19921]: Error: systemd listens on port 143,
but it's not configured in Dovecot. Closing.
Jul  6 22:52:14 srv1 dovecot: master: Error: systemd listens on port
143, but it's not configured in Dovecot. Closing.

-- 
Best regards,
 Sven Strickroth
 PGP key id F5A9D4C4 @ any key-server

Maybe Matching Threads

Search for more reasonably related threads

dovecot - Jul 2015 - Systemd and listen restriction to localhost not enforced

Systemd and listen restriction to localhost not enforced

Maybe Matching Threads

Wisdom of the Ancients