If you are running Cyrus 2.x and compiled with TCP_wrappers support you just need to put entries in /etc/hosts.[allow|deny] and cyrus will do the rest.. In Cyrus 2.x xinetd/inetd aren't used to launch cyrus binaries. It sounds like you're using a linux box.. If you're using redhat tcp_wrappers are already compiled into xinetd. Here is an example hosts.allow
imaps: ALL imap: ALL sieve: webserver.domain.com lmtp: 10.10.10.0/26 Do a man hosts.allow for more information on wrappers. Mark London wrote: > > Hi - A couple of weeks ago people suggested that I could use TCP Wrapper to > restrict access to the IMAP port. I'm confused, because I'm running xinetd, > which normally does not use libwrap, and instructions on using the TCP Wrapper > all talk about using inetd. I see mention that xinetd can be compiled with > libwrap support, but I want to avoid doing that if I can. And I assume I need > to either configure xinetd or inetd to get TCP Wrapper to work, or am I wrong? > I.e. I just can't compile cyrus with libwrap (which I've done) and set up > entries I hosts.allow and hosts.deny, right? > > Some people suggested I use iptables to restrict access to the IMAP port. > While this might be the "simpler" approach, the documentation on iptables all > seems to include examples on how to set up a firewall. I can't find an > example of just what I want to do, and since it looks like it would take days > to read the documentation on iptables, the TCP Wrapper option seems simpler. > Thanks. - Mark
