tcp wrappers problem?
Jesse Ross
jross at cyber.law.harvard.edu
Tue Feb 15 19:26:51 EST 2005
Hello,
I am having a minor problem with cyrus imap. My machine has two IPs,
and I want cyrus to listen to both, so I have set up the following lines
in my cyrus.conf:
imap cmd="/usr/cyrus/bin/imapd" listen="imap.example.com:imap"
prefork=0
imapprivate cmd="/usr/cyrus/bin/imapd" listen="[192.168.20.13]:imap"
prefork=0
This seems to be working partially. The server is listening on both
addresses, and the server listening at imap.example.com works fine. But
when I try to connect to the server listening at 192.268.20.13, my
connection is closed before cyrus even has a chance to put out its
"ready" message.
When this happens, cyrus logs the following:
imapprivate[10614]: refused connection from 192.168.20.1
(where 192.168.20.1 is the machine I'm trying from)
This problem is very definitely related to my /etc/hosts.allow file.
Currently I have hosts.deny set up restrictively; it reads:
ALL: ALL
And here is hosts.allow:
sshd: ALL except 218.232.109.103 140.247.37.54
imap: ALL
imaps: ALL
smtp: ALL
smtps: ALL
ALL: 127.0.0.1
To my eye, this should mean that anybody in the world can connect to
imap, but for some reason I am being refused when I try it from
192.168.20.1. I can "fix" the problem by adding a line which says "ALL:
192.168.20.1" to the hosts.allow file, but really I only want to allow
imap and smtp as already specified, so this isn't a great solution for me.
The other very strange thing is that my smtp server, which is ocnfigured
identically in /etc/hosts.allow, allows connections from the
192.168.20.1 machine. If my hosts.* files were locking out 192.168.20.1
due to a configuration error, why wouldn't it happen with smtp as well
as imap?
Does anyone have any ideas what I could be doing wrong here?
Thanks very much,
Jesse Ross
Technology Support Analyst
Berkman Center for Internet & Society
Harvard Law School
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list