dovecot services problem
Rick Stevens
rstevens at vitalstream.com
Mon Apr 24 18:46:42 UTC 2006
On Sun, 2006-04-23 at 17:35 +0800, lstar wrote:
> Hi All,
> I would like to block the pop3 services.
> In dovecot configuration, I modify the statement 'protocol pop3 pop3s
> imap imaps'
Did you disable pop3 and pop3s in your dovecot config?
> After restart the service, I use nmap to deterfine which port is open.
> I found that port 110,143,993 and 995 also open.
Yes, port 110 is POP3, and 995 is POP3S. 143 is IMAP and 993 is IMAPS.
> If i need to restrict some domain cannot access pop3 services, I
> should set the iptables to block all above ports.
> Or I only need to block 110 port that 's ok
> On the other hand, if i want to use tcp wrapper to block pop3 services
> for some of domain , how can i modify the host.deny
You can do either. If you want to block POP3 access, you can add lines
like
-A INPUT -s 0/0 -p tcp -m tcp --dport 110 -j DROP
-A INPUT -s 0/0 -p tcp -m tcp --dport 995 -j DROP
to /etc/sysconfig/iptables to block POP3/POP3S access, or you can use
pop3 : ALL
pop3s : ALL
to /etc/hosts.deny.
Personally, I prefer an iptables solution. It's implemented in the IP
stack--not userspace--and it will block access even if a given
application was NOT built with tcpwrappers support. The "DROP" option
is also nice since the machine won't respond with an "access denied"
packet...it simply throws the probes in the bit bucket.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Do you know how to save five drowning lawyers? No? GOOD! -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list