search for: tcpwrapper

Displaying 20 results from an estimated 124 matches for "tcpwrapper".

Did you mean: tcpwrappers
2014 Apr 22
2
heads up: tcpwrappers support going away
Hi, This is an early warning: OpenSSH will drop tcpwrappers in the next release. sshd_config has supported the Match keyword for a long time and it is possible to express more useful conditions (e.g. matching by user and address) than tcpwrappers allowed. Removing it reduces the amount of code in the 'hot' pre-authentication path in sshd and rids...
2014 Apr 23
1
VETO! Re: heads up: tcpwrappers support going away
On Tue, Apr 22, 2014 at 9:33 AM, Damien Miller <djm at mindrot.org> wrote: > Hi, > > This is an early warning: OpenSSH will drop tcpwrappers in the next > release. sshd_config has supported the Match keyword for a long time > and it is possible to express more useful conditions (e.g. matching > by user and address) than tcpwrappers allowed. > > Removing it reduces the amount of code in the 'hot' pre-authenticatio...
2014 Apr 23
3
hackers celebrate this day: openssh drops security! was: Re: heads up: tcpwrappers support going away
...platforms which use for PAM. Pam is executed so late in the chain that any possible security issue has long been exposed to half of China and the KGB. Hackers will celebrate this day - openssh drops security. Time to move on to ssh.com's ssh variant. Seriously - the discussion is stupid: If tcpwrappers support gets removed than a replacement is required which is executed at the same location and not much later in the code. Ced -- Cedric Blancher <cedric.blancher at gmail.com> Institute Pasteur
2008 Apr 24
3
TCPWrappers + Sendmail = not working
...ow sendmail : 10.0.0.0/255.0.0.0 sendmail : LOCAL /etc/hosts.deny sendmail : ALL When I try to connect to port 25 from an Internet host via telnet, the server still responds as usual. The only difference I see is this in my /var/log/maillog: Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers (otherserver.example.com, xx.xx.xx.xx) rejection How do I make tcpwrappers simply drop the connection? I would prefer to do this with TCP Wrappers, at least until we get our official IPTables firewall policy worked out. thanks Sean
2013 Jul 03
1
tcpwrappers
hi everybody having I believe sort of plain-vanilla config with section in 10-tcpwrapper.conf as per docs login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } /etc/hosts.deny contains: ALL: given_host and yet dovecot logins IMAP client in whereas other tcpwrapper aw...
2007 Sep 25
1
Samba and TCPWrappers
...user [mark] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that [2007/09/24 09:37:29, 0] rpc_server/srv_util.c:get_alias_user_groups(206) get_alias_user_groups: gid of user mark doesn't exist. Check your /etc/passwd and /etc/group files I am using tcpwrappers and have blocked the subnets that should not access my server. The IP of the auditor is within one of the blocked subnets, but still seems to be getting through. Is samba integrated with tcpwrappers. ldd smbd does not show a reference to libwrap, should it? Bob...
2011 Jul 27
1
dovecot and tcpwrappers
Hi, I used dovecot 1.x for quite a while and it worked fine. However, I used it through inetd and used hosts.allow/deny to restrict access to only certain groups of systems. Since yesterday I have dovecot 2.0.13. But in version 2.0.13 it seems that starting using inetd doesn't work anymore : I only get a strange error message if I try to connect using telnet : telnet localhost imap
2011 Feb 09
4
Domain blacklisting
Hello, I run dovecot-2/Maildir/LDAP user/passdb and would like to be able to deny acess to users who connect from certain domains/IP (google.com for instance since in that case they gave their credentials to a third party). My understanding is that I cannot use some negative form of "allow_nets". The only mechanism I can think of is tcp_wrappers. However, dovecot documentation mention
2017 Sep 26
0
CentOS 7 & TCPWRappers & spawn ..
Hello there ! Has anyone managed to make work on tcp wrappers on hosts.allow the swpan command in order to check the ip if it is on the permitted one ..? __________ Information from ESET Endpoint Antivirus, version of detection engine 16143 (20170926) __________ The message was checked by ESET Endpoint Antivirus. Email message - is OK http://www.eset.com
2003 Sep 17
2
problem with configure in openssh-3.7p1
Problem: setting --with-tcpwrappers does not configure code to be compiled with wrapper support Solution: references to with_tcp_wrappers (lines 4975, 6396, 6397) need to be changed to with_tcpwrappers David Purks Sr Sys Admin Cogent Communications
2012 Jan 19
1
LMTP ignoring tcpwrappers
Hello, we want to use dovecot LMTP for efficient mail delivery from our MX servers (running postfix 2.8) to our storage servers (dovecot 2.0.17). However, the one problem we see is the lack of access control when using LMTP. It apears that every client in our network who has access to the storage machines can drop a message in a Maildir of any user on that storage server. To prevent this
2007 Feb 12
0
tcpwrappers hosts.allow netmask problem
I can't seem to get netmask notations to work in /etc/hosts.allow on my Centos 4.4 systems. The docs seem to indicate that network specifications like 192.168.100.0/24 or 192.168.100.0/255.255.255.0 should work. However, I can only get networks specified like 192.168.100. to work. Anyone know what I'm missing? Thanks, Tom
1998 Dec 15
1
portmap & tcpwrappers
I don't know if this is RedHat 5.1 specific, but be aware that the version of portmap distributed is the enhanced (Wietse Venema) version. That's great, except for two things. The first is documented, but easy to overlook: "In order to avoid deadlocks, the portmap program does not attempt to look up the remote host name or user name...The upshot of all this is that only network
2010 Feb 25
2
dovecot-2.0.beta3 tcpwrapper support in Solaris
Hi, 2.0 compiles fine in Solaris but and I've found only one glitch so far. Tcpwapper support needs some tweaks. I need to add CPPFLAGS=/usr/sfw/include because tcpd.h is in there. Then also LDFLAGS='-R/usr/sfw/lib -L/usr/sfw/lib' is needed. It would be nice to have --with-tcpwrap-dir or something. After this linking gives an error Undefined first referenced symbol in file
2005 Jan 17
19
[Bug 973] sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option.
http://bugzilla.mindrot.org/show_bug.cgi?id=973 Summary: sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option. Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: o...
2010 Oct 13
6
Limit access to dovecot by domains?
Hi. Is there any way to limit access to dovecot by domains. I only need to give access to a well known set of domains, all from Australia and all networks are known and used either from people at home or mobile access (phones, laptops etc). iptables is not possible as e.g. OPTUS does not give away all of the networks mobile phones are connected to. I know some, but not all. It would be much
2006 Aug 08
3
Dynamic server address
Hi! My mail server (ubuntu breezey badger) is connected by ADSL and has a dynamic address. I have noticed that, every day after the IP address changes, dovecot is no longer reachable from the net. Iguess this is because dovecot doesn't register this change and continues to listen on a non-existing interface/address. I'm trying to solve this problem by putting a script in /etc/ppp/ip-up/
2015 Mar 02
3
IP drop list
Am 02.03.2015 um 10:06 schrieb Steffen Kaiser: > If such plugin(?) is available, I would expect immediate complains, it > does not support: > > + local file lists with various sets of syntaxes > + RBLs with a fine grained response matching > + use the same RBL response for multiple match-action pairs or it could work just with no config, unconditional and in front of any
2008 Feb 24
8
0.24.2 release candidate
Hi all, I''ve done as much bug-fixing as I''m going to be able to do in 0.24.2, I think, so please test the current code if you can. I made some unfortunately significant changes today, in order to try to remove any shared objects in the file server, which will hopefully solve the file corruption issues, plus some very strange issues resulting from renaming
2003 Aug 06
6
ssh_exchange_identification: Connection closed by remote host
Hello, I encountered the following problem while I typing "ssh -v <host_name>" " hkmarmmspd:/export/home/hkcheung> ssh -v hkmauat OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: Connecting to hkmauat [172.28.68.52]