similar to: Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can

I'd like to see tcp-wrappers.patch getting integrated into dovecot. I ported the original 1.0 patch to 1.1, but would prefer not to have to maintain another local patch. As the name suggests, the patch adds libwrap support to dovecot. We use is to limit access from outside our network to secure (imaps/pop3s) protocols only and to exclude certain internal addresses from accessing dovecot in

Greetings, I am looking to implement tcp wrappers with dovecot; I am using the following two links as guides to configuration: http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom) I'm concerned in making the configuration correctly. If you set login_access_sockets =

Greetings, I am looking to implement tcp wrappers with dovecot; I am using the following two links as guides to configuration: http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom) I'm concerned in making the configuration correctly. If you set login_access_sockets =

Can anyone share the proper config to get wrappers working in dovecot on FreeBSD? The dovecot examples do not seem to work, and I thought perhaps FBSD needs slightly different configs. I've compiled with: -DHAVE_LIBWRAP which I presume is the first step. The example for dovecot.conf in uncommenting: login_access_sockets = tcpwrap merely causes a log error of "imap-login: Error:

I have tried to update openssh-3.1p1 of our system that uses RH7.2 (Scyld). I is pretty much a standard Redhat 7.2 install with openssl-0.9.6b, zlib-1.1.4 etc. I have gotten openssh to work after some initial issues, but I still have not been able to get openssh/sshd to work with tcp-wrappers. I have in hosts.deny ALL: ALL: and in hosts.allow ALL: localhost, 127.0.0.1, 192.168.1. and still I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, after some experimenting and digging through the code i found no solution how to completely disable access to upsd from specific hosts. In previous versions (before r1233) it was possible to allow or deny access to upsd completely by using ACL, ACCEPT and REJECT entries in upsd.conf. As this functionality was removed and tcp-wrappers support

Howdy, It seems that even when specifying the --with-tcp-wrappers configure flag, the LIBWRAP define in config.h never gets #define'd and -lwrap never gets added to LIBS in the Makefile. To make sure I wasn't dealing with a stale configure file, I ran autoconf on configure.in to roll a new configure. I also don't see anything wrong with the --with-tcp-wrappers defined in

Most certainly YES!!! Next to iptables tcp_wrappers is a solid seconde line of defense. The argument that is is no longer developped is rubbish. The package does what is should do, functionality isexactly what it should be and it is bug free. Also it is flexible enough to do other tricks with it like spawning something depending on the ip address the incoming connection is coming from. It is a

I looked on several mirrors, and nowhere seems to have it. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>

Hello Matthew, On Thu, 27 Jul 2017 14:27:47 -0400 Matthew Miller <mattdm at mattdm.org> wrote: > On Thu, Jul 27, 2017 at 07:25:25PM +0200, wwp wrote: > > I've just got a Dell XPS 15 (9590) at work and need to set up a stable > > GNU/Linux system on it. I thought of CentOS7, but.. obviously its > > kernel can't run on this hardware. > > What sense of

> src: > devhelp-0.9.2-2.4.6.src.rpm > mozilla-1.7.10-1.4.1.centos4.src.rpm The mozilla src.rpm is there, but the devhelp one seems to be missing from the mirrors.... -- Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 76 degrees

On Tue, Oct 22, 2019 at 12:11:04PM -0600, David G. Miller wrote: > "ip" should be used instead.? Likewise for using dnf instead of yum, > systemctl instead of service, firewallcmd instead of iptables, etc. > I wonder how many shell scripts there are "out there" that folks > have written or accumulated over the years and which now need to be > updated before

Did you already try current Centos? If yes what was the problem? Why it did not work? On Thu, Jul 27, 2017 at 9:59 PM, Matthew Miller <mattdm at mattdm.org> wrote: > On Thu, Jul 27, 2017 at 08:38:14PM +0200, wwp wrote: > > Say, instead of stable, something not rawhide. But I'll examine all > > options that do work, so let's forget about "stable". > >

Hello, I try to compile openssh-2.9p1 on a SGI Origin 200 computer under IRIX 6.5 with the option --with-tcp-wrappers enable. I have also compiled tcp-wrapper and have installed the library libwrap.a in /usr/lib and the file tcpd.h in /usr/include. When i run the ./configure script i have a error. The script asked me that the libwrap is missing. How can i resolve this ? Thanks. Bests Regards

Dear Open SSH and TCP Wrappers Colleagues, We are trying to use open ssh 3.1p1 on SPARC platforms under Solaris 2.8 using gcc 2.95.2, in conjunction with tcp wrappers 7.6 (IPv6 version). The wrapping of open ssh is not too well documented but I think we have figured most of this out (hearty thanks to Wietse Venema, Jim Mintha & Niels Provos for their helpful email exchanges) -- but have one

On Mon, Apr 27, 2015 at 1:47 PM, Matthew Miller <mattdm at mattdm.org> wrote: > On Mon, Apr 27, 2015 at 11:58:08AM -0500, Les Mikesell wrote: >> Is there an 'after the fact' way to find what yum groups are >> installed, including ones that were added with 'yum groupinstall' >> instead of the initial anaconda install? > > Yes. "yum

Hi everyone. I have a system where I'd like to give certain users time-limited access to the use of certain SSH private keys without actually exposing the keys. I have the idea of using ssh-agent to do this. The agent would run as a "keyholder" user, and group permissions on the UNIX-domain socket would allow read-write by both that account and the actual ssh user. Right now,

Greetings, Per the subject line, how does pop3 get tcp-wrapped when using dovecot? More specifically, when blocking email and (still) using sendmail, entries in /etc/hosts.deny look something like: sendmail: xxx.xxx. etc (depending on the depth/degree) for vsftpd it's vsftpd: xxx.xxx (where the x's are parts of an octet) for sshd it's sshd: xxx.xxx for pop3/dovecot it's?

I don't know if this is still a problem in the latest snapshot, but with 2.9.9p2, if you do a "./configure ... --with-tcp-wrappers", there's no way to specify a location for tcpd.h and libwrap.a. This is troublesome on Solaris where you might install stuff like that in /opt/lib or /usr/local/lib or something that is not searched by default. Ed Ed Phillips <ed at