search for: tcpwrappers

Hi, This is an early warning: OpenSSH will drop tcpwrappers in the next release. sshd_config has supported the Match keyword for a long time and it is possible to express more useful conditions (e.g. matching by user and address) than tcpwrappers allowed. Removing it reduces the amount of code in the 'hot' pre-authentication path in sshd and rids u...

On Tue, Apr 22, 2014 at 9:33 AM, Damien Miller <djm at mindrot.org> wrote: > Hi, > > This is an early warning: OpenSSH will drop tcpwrappers in the next > release. sshd_config has supported the Match keyword for a long time > and it is possible to express more useful conditions (e.g. matching > by user and address) than tcpwrappers allowed. > > Removing it reduces the amount of code in the 'hot' pre-authentication...

...platforms which use for PAM. Pam is executed so late in the chain that any possible security issue has long been exposed to half of China and the KGB. Hackers will celebrate this day - openssh drops security. Time to move on to ssh.com's ssh variant. Seriously - the discussion is stupid: If tcpwrappers support gets removed than a replacement is required which is executed at the same location and not much later in the code. Ced -- Cedric Blancher <cedric.blancher at gmail.com> Institute Pasteur

...ow sendmail : 10.0.0.0/255.0.0.0 sendmail : LOCAL /etc/hosts.deny sendmail : ALL When I try to connect to port 25 from an Internet host via telnet, the server still responds as usual. The only difference I see is this in my /var/log/maillog: Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers (otherserver.example.com, xx.xx.xx.xx) rejection How do I make tcpwrappers simply drop the connection? I would prefer to do this with TCP Wrappers, at least until we get our official IPTables firewall policy worked out. thanks Sean

hi everybody having I believe sort of plain-vanilla config with section in 10-tcpwrapper.conf as per docs login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } /etc/hosts.deny contains: ALL: given_host and yet dovecot logins IMAP client in whereas other tcpwrapper aware

...user [mark] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that [2007/09/24 09:37:29, 0] rpc_server/srv_util.c:get_alias_user_groups(206) get_alias_user_groups: gid of user mark doesn't exist. Check your /etc/passwd and /etc/group files I am using tcpwrappers and have blocked the subnets that should not access my server. The IP of the auditor is within one of the blocked subnets, but still seems to be getting through. Is samba integrated with tcpwrappers. ldd smbd does not show a reference to libwrap, should it? Bob...

Hi, I used dovecot 1.x for quite a while and it worked fine. However, I used it through inetd and used hosts.allow/deny to restrict access to only certain groups of systems. Since yesterday I have dovecot 2.0.13. But in version 2.0.13 it seems that starting using inetd doesn't work anymore : I only get a strange error message if I try to connect using telnet : telnet localhost imap

Hello, I run dovecot-2/Maildir/LDAP user/passdb and would like to be able to deny acess to users who connect from certain domains/IP (google.com for instance since in that case they gave their credentials to a third party). My understanding is that I cannot use some negative form of "allow_nets". The only mechanism I can think of is tcp_wrappers. However, dovecot documentation mention

Hello there ! Has anyone managed to make work on tcp wrappers on hosts.allow the swpan command in order to check the ip if it is on the permitted one ..? __________ Information from ESET Endpoint Antivirus, version of detection engine 16143 (20170926) __________ The message was checked by ESET Endpoint Antivirus. Email message - is OK http://www.eset.com

Problem: setting --with-tcpwrappers does not configure code to be compiled with wrapper support Solution: references to with_tcp_wrappers (lines 4975, 6396, 6397) need to be changed to with_tcpwrappers David Purks Sr Sys Admin Cogent Communications

Hello, we want to use dovecot LMTP for efficient mail delivery from our MX servers (running postfix 2.8) to our storage servers (dovecot 2.0.17). However, the one problem we see is the lack of access control when using LMTP. It apears that every client in our network who has access to the storage machines can drop a message in a Maildir of any user on that storage server. To prevent this

I can't seem to get netmask notations to work in /etc/hosts.allow on my Centos 4.4 systems. The docs seem to indicate that network specifications like 192.168.100.0/24 or 192.168.100.0/255.255.255.0 should work. However, I can only get networks specified like 192.168.100. to work. Anyone know what I'm missing? Thanks, Tom

I don't know if this is RedHat 5.1 specific, but be aware that the version of portmap distributed is the enhanced (Wietse Venema) version. That's great, except for two things. The first is documented, but easy to overlook: "In order to avoid deadlocks, the portmap program does not attempt to look up the remote host name or user name...The upshot of all this is that only network

Hi, 2.0 compiles fine in Solaris but and I've found only one glitch so far. Tcpwapper support needs some tweaks. I need to add CPPFLAGS=/usr/sfw/include because tcpd.h is in there. Then also LDFLAGS='-R/usr/sfw/lib -L/usr/sfw/lib' is needed. It would be nice to have --with-tcpwrap-dir or something. After this linking gives an error Undefined first referenced symbol in file

http://bugzilla.mindrot.org/show_bug.cgi?id=973 Summary: sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option. Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: op...

Hi. Is there any way to limit access to dovecot by domains. I only need to give access to a well known set of domains, all from Australia and all networks are known and used either from people at home or mobile access (phones, laptops etc). iptables is not possible as e.g. OPTUS does not give away all of the networks mobile phones are connected to. I know some, but not all. It would be much

Hi! My mail server (ubuntu breezey badger) is connected by ADSL and has a dynamic address. I have noticed that, every day after the IP address changes, dovecot is no longer reachable from the net. Iguess this is because dovecot doesn't register this change and continues to listen on a non-existing interface/address. I'm trying to solve this problem by putting a script in /etc/ppp/ip-up/

Am 02.03.2015 um 10:06 schrieb Steffen Kaiser: > If such plugin(?) is available, I would expect immediate complains, it > does not support: > > + local file lists with various sets of syntaxes > + RBLs with a fine grained response matching > + use the same RBL response for multiple match-action pairs or it could work just with no config, unconditional and in front of any

Hi all, I''ve done as much bug-fixing as I''m going to be able to do in 0.24.2, I think, so please test the current code if you can. I made some unfortunately significant changes today, in order to try to remove any shared objects in the file server, which will hopefully solve the file corruption issues, plus some very strange issues resulting from renaming

Hello, I encountered the following problem while I typing "ssh -v <host_name>" " hkmarmmspd:/export/home/hkcheung> ssh -v hkmauat OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: Connecting to hkmauat [172.28.68.52]