C6: Tcp-wrapping Pop3?

Home » CentOS » C6: Tcp-wrapping Pop3?
CentOS 3 Comments


Per the subject line, how does pop3 get tcp-wrapped when using dovecot?

More specifically, when blocking email and (still) using sendmail, entries in /etc/hosts.deny look something like:
sendmail: xxx.xxx. etc (depending on the depth/degree)

for vsftpd it’s vsftpd: xxx.xxx (where the x’s are parts of an octet)

for sshd it’s sshd: xxx.xxx

for pop3/dovecot it’s?
????: xxx.xxx

I’m concerned about what is to the left of the colon (“:”), not to the right.

Is it a dovecot.conf configuration also?

Much thanks,

Max Pyziur pyz@brama.com

3 thoughts on - C6: Tcp-wrapping Pop3?

  • I remember on the left side of the colon, it should be the name of the daemon. Then, tcp-wrapped is able to map it. So, just have to find out what the name of the process is.


  • Much thanks for the link; there is this one also:
    http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)

    Actually, the process is dovecot:
    root@brill ~> lsof -i | grep dovecot COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    dovecot 3056 root 19u IPv4 49213594 0t0 TCP *:pop3
    dovecot 3056 root 20u IPv6 49213595 0t0 TCP *:pop3
    dovecot 3056 root 28u IPv4 49213620 0t0 TCP *:imap
    dovecot 3056 root 29u IPv6 49213621 0t0 TCP *:imap

    So, in hosts.deny you would put dovecot: xxx.xxx.xxx.xxx

    However going back to the links above, I’m concerned in making the configuration correctly.

    If you set login_access_sockets = tcpwrap in /etc/dovecot/dovecot.conf

    Then everything accessing ports controlled by dovecot (and open by iptables) is blocked.

    So my question relates to the second part of the configuration examples in the links above:

    service tcpwrap {
    unix_listener login/tcpwrap {
    group = $default_login_user
    mode = 0600
    user = $default_login_user

    Where does this code get placed (in dovecot.conf or in one of the files in

    And regarding $default_login_user, it appears in a comment line in

    Should that line be uncommented?


    Max Pyziur pyz@brama.com