[Dovecot] IP Based Access

kasharif at citech-bd.com kasharif at citech-bd.com
Tue Jun 28 06:54:02 EEST 2005


Thanks for your prompt solution...

This is my mail server...serving smtp, pop, imap and http...So do u think
its the perfect solution for me to control access 110 port?

I tried with hosts.allow it doesn't work. if dovecot doesn't have any ACL
system then i think ip filtering is the only solution isn't it?
Thanking
Sharif

> kasharif at citech-bd.com wrote:
>> Hi,
>> Can someone tell me how can I restrict 110 port access other than my IP
>> block?
>> if it through tcp-wrapper then how can i do that?
>> Thanking
>> Sharif
>>
>>
>>
>
> i would do it with netfilter/iptables (assuming you're on linux, with a
> recent enough distribution. Under bsd, use ipfilter, it's similar)
>
> something like:
>
> iptables -t filter -P INPUT DROP
> iptables -t filter -A INPUT -p tcp --dport 110 --source 10.0.0.0/8 -j
> ACCEPT
> iptables -t filter -A INPUT -p tcp -m state --state ESTABLISHED,RELATED
> -j ACCEPT
>
> this rule would block any incoming traffic except to port 110 coming
> from 10.x.x.x, and would allow any outgoing traffic
>
> i quickly write it from memory, so there may be errors (i mean, verify
> it :), and of course you should adapt it to your specific setup.
>
> --
>
>     \|||/
>     (o o)                              Matthieu Imbert
> ooO-(_)-Ooo------------------------------------------
>




More information about the dovecot mailing list