On Fri, 16 Feb 2001, scott.list wrote:
> OK guys, I'm come on something that's worrying me. I have inetd/hosts.allow
> set to only allow ipop3d from my IP's.
>
> cat /etc/hosts|grep pop:
> ipop3d: xx.xx.80.0/255.255.252.0
> ipop3d: xx.xx.105.184.
>
> I allow (hope to allow) only ipop3d from (2) IP ranges as shown above.
>
> I've tested poping mail from alternate accounts on other domains I have
> accounts on and I am rejected as I should be.
>
> In /var/log/maillog I'm seeing what appears to be sucessfull connects from
> outside my network. In every case the userid is valid but the hostname and
> IP should not be valid and should not be allowed to pop mail. A SAMPLE (of
> many) apparantly sucessful connect and downlaod of 16 messages follows:
>
[snip]
>
> Where does this reported hostname and IP logged by ipop3d come from? Are
> these users really logging in from outside my network? If so, how do I stop
> it? FWIW, RH6.0+patches, ipop3d v7.59.
>
> Thanks,
> Scott
>
Scott, I would start by blocking incomming connections to ports 109,
110, and 143 from the internet on your firewall. You may also want to
limit outgoing connections to specific hosts.
As for the tcp wrappers, what do you have in hosts.deny?
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
