I have just started using the -access option to couriertcpd, which works
well but I propose a minor improvement: the attached patch lets you print a
customised error message rather than just dropping the connection silently.
e.g.
-access=/etc/access.db -denymsg="-ERR Not permitted from this IP"
Regards,
Brian.
--- courier-imap-1.6.0/tcpd/tcpd.c.orig Thu Nov 21 17:39:10 2002
+++ courier-imap-1.6.0/tcpd/tcpd.c Thu Nov 21 17:47:57 2002
@@ -58,6 +58,7 @@
static const char rcsid[]="$Id: tcpd.c,v 1.32 2002/08/01 15:58:21 mrsam Exp $";
static const char *accessarg=0;
+static const char *denymsgarg=0;
static const char *listenarg=0;
static const char *ipaddrarg=0;
static const char *userarg=0;
@@ -82,6 +83,7 @@
static struct args arginfo[]={
{"access", &accessarg},
+ {"denymsg", &denymsgarg},
{"address", &ipaddrarg},
{"block", 0, setup_block},
{"group", &grouparg},
@@ -1146,6 +1148,10 @@
if (allowaccess(&addr) == 0)
{
+ if (denymsgarg) {
+ write(sockfd, denymsgarg, strlen(denymsgarg));
+ write(sockfd, "\n", 1);
+ }
sox_close(sockfd);
_exit(0);
}
--- courier-imap-1.6.0/tcpd/couriertcpd.1.orig Thu Nov 21 17:52:52 2002
+++ courier-imap-1.6.0/tcpd/couriertcpd.1 Thu Nov 21 17:56:02 2002
@@ -77,6 +77,11 @@
DNS ACCESS LISTS, below.
Multiple \fB-block\fR options can be used.
.TP
+\fB-denymsg=\fItext\fB\fR
+Specifies an optional message to be returned to the client if the
+\fB-access\fR option rejects them. The default is to drop the TCP
+connection without sending back any message.
+.TP
\fB-group=\fIgroup\fB\fR
Set \fBcouriertcpd\fR's its
group ID. \fIgroup\fR may be specified numerically, or by
