[TriLUG] tcpwrappers and imap

Stephen P. Schaefer sschaefer at acm.org
Sun Nov 17 19:14:02 EST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's one bit to consider: the iptables is not the problem.  If
iptables were getting in the way, then tcpwrappers wouldn't even report
an attempted connection.

If I'm reading the man page correctly, xinetd is going to drop any
connection where the name returned by the IP address reverse lookup does
not match an  IP address of the that name, e.g., if the reverse lookup
of 10.90.132.1 returns foo.example.com, and the lookup of
foo.example.com does not have an IP address of 10.90.132.1, then the
connection gets dropped.  It's possible to compile xinetd not to behave
that way, but, again, the man page implies that this check is present on
Red Hat.  Does anyone know this more certainly?

iptables could potentially interfere with DNS, which could exacerbate
the above.

~    - Stephen

sstancil at geekrooms.com wrote:

|I am having a slight problem with RedHat 8.0, tcpwrappers, and imaps.  I
|have iptables configures to allow TCP connections on port 993.
|
|In hosts.deny,
|
|ALL: ALL
|
|In hosts.allow,
|
|imaps: ALL
|
|(I have tried imap: ALL as well, just in case and confirmed that
|/etc/services has port 993 mapped to imaps.)
|
|In /etc/xinetd.d/imaps,
|
|service imaps
|{
|        disable = no
|        socket_type             = stream
|        wait                    = no
|        user                    = root
|        server                  = /usr/sbin/imapd
|        log_on_success  += HOST DURATION
|        log_on_failure  += HOST
|}
|
|I am getting the following in /var/log/messages,
|
| xinetd[23726]: libwrap refused connection to imaps from w.x.y.z
|
|
|Anyone seeing a similar problem from tcpwrappers or have suggestions?
|
|Scott Stancil
|sstancil at geekrooms.com
|
|
|
|
|
|_______________________________________________
|TriLUG mailing list
|    http://www.trilug.org/mailman/listinfo/trilug
|TriLUG Organizational FAQ:
|    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE92DDJV//0pa9oOLcRAmBfAJsGfmu1udYTHKgCg0kIUmEUYul5PACfWUzH
ahGiNcoWDJThxjxQwyNFgq4=
=dsZu
-----END PGP SIGNATURE-----

More information about the TriLUG mailing list