similar to: Feature-request: ip based access control (libwrap)

Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?

Hi, A few things regarding logging and libwrap.. a) PAM_RHOST patch Back in July, dean gaudet helpfully posted a patch to dovecot PAM_RHOST the remote IP. Is this going to be included in the main dovecot tree? It seems like a worthwhile addition. The more informative and concise the logging the better. See http://www.dovecot.org/list/dovecot/2004-July/004011.html for the original message.

All, There was some discussion recently on Ubuntu Launchpad regarding the bug in NUT 2.2.1 where it was not possible to connect with an accept- all ACL: https://bugs.launchpad.net/bugs/235653 The package was patched for the upcoming Ubuntu release (intrepid), but the discussion drifted to the merits of application-level ACLs (comment 11 and beyond). Steve Langasek brings up a good point

Hello all, after a useless discussion on the opensuse ML I had to find out that they buried the removal news of libwrap last year in some half-sentence. So this is unfortunately pretty late for the topic. Nevertheless it is pretty obvious that you did not get any feedback from people using ssh over decades in server-administration. Let me make a clear point: libwrap removal was a pretty bad idea.

Hello, There is a small but annoying problem with linking libwrap in openssh. The library is added to LIBS which makes it be linked in to all binaries. This is unnecessary and leads to bogus dependencies if libwrap is a shared library. Following is a trivial fix that reserves a separate autoconf substitution variable LIBWRAP, which is only used for sshd. Please apply. Maciej -- +

On Thu, May 21, 2015 at 1:05 AM, Michael Stone <mstone at mathom.us> wrote: > On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote: > >> Show me this as an example of your firewall skills and replace this >> hosts.allow entry: >> >> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected >> me | >>

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and they are disabled because of that by default. I

Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap. In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap. Of course, the option needs to be integrated into configure in the long run. -------------- next part

Hi My lab setup: A windows server 2019, configured as PDC called X A windows 10 pro workstation, domain member called Y An Ubuntu 18 server w Samba 4.7, configured as a member server called Z All are KVM virtual machines on a single host. IP and DNS works fine between all. Sharing setup on Samba Personal home shares in /User, configured in the AD profiles as home directories

I have tried to update openssh-3.1p1 of our system that uses RH7.2 (Scyld). I is pretty much a standard Redhat 7.2 install with openssl-0.9.6b, zlib-1.1.4 etc. I have gotten openssh to work after some initial issues, but I still have not been able to get openssh/sshd to work with tcp-wrappers. I have in hosts.deny ALL: ALL: and in hosts.allow ALL: localhost, 127.0.0.1, 192.168.1. and still I

I have compiled dovecot2 for FreeBSD with the tcpwrap option. A tcpwrap binary gets built and resides in the FreeBSD directory /usr/local/libexec/dovecot an examination of the compiled options (using the FreeBSD pkg install dovecot2) confirms: LIBWRAP : on yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap I get the following logged error message: 20161229 17:02:49

It works ! It was THAT easy ! Can you suggest how to replace the hair I pulled out ? :-) On 2016-12-29 5:27 PM, Larry Rosenman wrote: > login_access_sockets = tcpwrap > > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user > mode = 0600 > user = $default_login_user > } > } > > > > On Thu, Dec 29, 2016 at

Hi! I ran into a problem with programs exec:ed by print/acroread8 picking up Linux libraries and thus failed to run. This includes the print program in the print dialogue and the browser configured in edit/preferences/internet. The reason is that the acroread launch script sets LD_LIBRARY_PATH which is propagated to its childs. See this PR:

On Wed, 20 May 2015 14:46:57 +0200 Peter Stuge <peter at stuge.se> wrote: > Stephan von Krawczynski wrote: > > it is pretty obvious > > I guess you're not only not subscribed to the development list, but > you seem to also not have looked at the list archives. > > You can only seem like a troll if you act as if you know best but > in fact you are wrong.

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with

I have a setup where a Vista machine that is behind a NAT connects to a Linux (debian) machine to access SMB shares on that machine. The connection is made with VPN using L2TP/IPSec. I have configured the Linux machine to act as WINS server and PPP will give the Vista machine a new IP on the same subnet and also tell Vista that the WINS server is the Linux machine. I have added one share

On Tue, 17 Apr 2001, Andrew M. Wu wrote: > Hello all, > > I have been having some trouble getting my Icecast server and IceS > streamer up and running properly. I have successfully compiled both > (Icecast 1.3.10 and IceS 0.0.1beta5) with libwrap and encrypt enabled. > > I can start up Icecast fine, with the following logged messages on > startup: > > Icecast

Hi. I run peridocally (from cron) on all of my machines 30 * * * * root /sbin/hwclock --systohc All of those machines in question take their time via NTP from the same local server, and that server gets its time from a ntp pool. Now I had to reboot a couple of them two days ago and to my surprise all had problems with the time upon booting. Here are the important files: [root at XXXXXX ~]

Hi all. Now that we have SSHDLIBS for the libraries required by sshd only, it's possible to remove some of the single-purpose variables from Makefile. If this is worth doing, the next step would probably be to move the OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't need to be linked with libcrypto. Index: Makefile.in

Hello everyone, I am having difficulties in setting up a tftp server on a Fedora 3.14.8-200.fc20.x86_64. Running tftp client to test the server functionality, a simple get from the terminal prompts 'Transfer timed out.' back. The version is tftp-hpa 5.2, with remap, with tcpwrappers, unfortunately I am not able to find any log in the system journal.? The server and related services appear