similar to: Re-install libwrap in OpenSSH

On Wed, 20 May 2015 14:46:57 +0200 Peter Stuge <peter at stuge.se> wrote: > Stephan von Krawczynski wrote: > > it is pretty obvious > > I guess you're not only not subscribed to the development list, but > you seem to also not have looked at the list archives. > > You can only seem like a troll if you act as if you know best but > in fact you are wrong.

On Thu, May 21, 2015 at 1:05 AM, Michael Stone <mstone at mathom.us> wrote: > On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote: > >> Show me this as an example of your firewall skills and replace this >> hosts.allow entry: >> >> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected >> me | >>

Hello, There is a small but annoying problem with linking libwrap in openssh. The library is added to LIBS which makes it be linked in to all binaries. This is unnecessary and leads to bogus dependencies if libwrap is a shared library. Following is a trivial fix that reserves a separate autoconf substitution variable LIBWRAP, which is only used for sshd. Please apply. Maciej -- +

All, There was some discussion recently on Ubuntu Launchpad regarding the bug in NUT 2.2.1 where it was not possible to connect with an accept- all ACL: https://bugs.launchpad.net/bugs/235653 The package was patched for the upcoming Ubuntu release (intrepid), but the discussion drifted to the merits of application-level ACLs (comment 11 and beyond). Steve Langasek brings up a good point

Hi, A few things regarding logging and libwrap.. a) PAM_RHOST patch Back in July, dean gaudet helpfully posted a patch to dovecot PAM_RHOST the remote IP. Is this going to be included in the main dovecot tree? It seems like a worthwhile addition. The more informative and concise the logging the better. See http://www.dovecot.org/list/dovecot/2004-July/004011.html for the original message.

Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap. In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap. Of course, the option needs to be integrated into configure in the long run. -------------- next part

Is there plans to use libwrap Or is there already some kind of access control i have missed?? What i really want is a mechanism so i can say: If The request comes from "123.121.212.0" dont offer ssl and accept plain else demand ssl and no plain I now have this (almost) in another imap server by xinetd and two ip addresses. I could solve this by iptables or access list on the router

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and they are disabled because of that by default. I

I have compiled dovecot2 for FreeBSD with the tcpwrap option. A tcpwrap binary gets built and resides in the FreeBSD directory /usr/local/libexec/dovecot an examination of the compiled options (using the FreeBSD pkg install dovecot2) confirms: LIBWRAP : on yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap I get the following logged error message: 20161229 17:02:49

It works ! It was THAT easy ! Can you suggest how to replace the hair I pulled out ? :-) On 2016-12-29 5:27 PM, Larry Rosenman wrote: > login_access_sockets = tcpwrap > > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user > mode = 0600 > user = $default_login_user > } > } > > > > On Thu, Dec 29, 2016 at

Hi all. Now that we have SSHDLIBS for the libraries required by sshd only, it's possible to remove some of the single-purpose variables from Makefile. If this is worth doing, the next step would probably be to move the OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't need to be linked with libcrypto. Index: Makefile.in

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with

I'm trying to kickstart 2.0b3 on my NetBSD system (where 1.2.x works great!), and keep hitting: Fatal: service(tcpwrap) access(/software/dovecot-2.0beta3/libexec/dovecot/tcpwrap) failed: No such file or directory Indeed, that file doesn't exist...but I don't have nor want libwrap. It appears that doveconf includes tcpwrap... service tcpwrap { chroot = client_limit = 1

On Sun, 13 Mar 2016 09:45:06 +0000 James <lista at xdrv.co.uk> wrote: > On 11/03/2016 15:17, Stephan von Krawczynski wrote: > > > zfs set sync=disabled ? > > Only if you are happy to loose data on power failure. I don't know the actual setup, but if you have no UPC you shouldn't host email services anyway. -- Regards, Stephan

On Mon, 14 Mar 2016 09:32:42 +1000 Noel Butler <noel.butler at ausics.net> wrote: > On 13/03/2016 20:47, Stephan von Krawczynski wrote: > > On Sun, 13 Mar 2016 09:45:06 +0000 > > James <lista at xdrv.co.uk> wrote: > > > >> On 11/03/2016 15:17, Stephan von Krawczynski wrote: > >> > >> > zfs set sync=disabled ? > >> >

> On Aug 20, 2017, at 11:52 AM, Stephan von Krawczynski <skraw at ithnet.com> wrote: > > On Sat, 19 Aug 2017 21:39:18 -0400 > KT Walrus <kevin at my.walr.us> wrote: > >>> On Aug 18, 2017, at 4:05 AM, Stephan von Krawczynski <skraw at ithnet.com> >>> wrote: >>> >>> On Fri, 18 Aug 2017 00:24:39 -0700 (PDT) >>> Joseph

All, I have successfully compiled and installed openssl 0.9.6g and am attempting to install openssh-3.4p1. I am using the following cofigure command for openssh: ./configure --prefix=/opt/local --sysconfdir=/opt/local/etc/ssh --with-tcp-wrappers --with-ssl-dir=/opt/local --with-rand-helper The configuration appears to work flawlessly. However, when I try to make the package I get the

Hello all, I am trying to do something very simple - at least thats what I thought. I have some fs, it contains folders and subfolders with email files ordered like maildir. Now I try to set up dovecot on top simply to let some imap account watch these email files. But I cannot see any folders at all. I can create new folders and see them, but I cannot create subfolders as subdirs like

Hi all, I've hit a problem with OpenSSH 2.1.1p4 and TCP Wrappers, and have noticed others may also have seen the problem. When OpenSSH is compiled with wrapper support, access using standard userid/password fails - authentication works ok and a shell is gained and then immediately terminated. Running client in debug mode shows no obvious errors, and debug output from syslog also reveals

Hi, I noticed recently that libwrap (TCP Wrappers) is supported, although disabled by default, in the current Dovecot 2.0 but doesn't seem to be mentioned anywhere on the wiki. Is this working well/at all? Anyone care with experience using this care to share their experiences? My OS is FreeBSD, I noticed on some Linux distributions there may be issues, but this won't affect