How to deny imap and pop access

Joe2007 · 12-18-2007, 07:55 AM

Hi,

How do I deny users from certain network segment from accessing my sendmail server using pop3 and imap protocols using TCP Wrappers (hosts.deny file) without using iptables?

e.g. prevent users from 192.168.203.0/24 network from accessing mail server using hosts.deny or/and hosts.allow files

Thank you.

Joe

ramram29 · 12-18-2007, 09:03 AM

In hosts.deny enter:

143: 192.168.203.0/24
110: 192.168.203.0/24

unSpawn · 12-18-2007, 09:44 AM

Quote:

Originally Posted by ramram29

In hosts.deny enter:

143: 192.168.203.0/24
110: 192.168.203.0/24

Are you sure the notation is ".0/24"? In my book it's just a trailing dot: 192.168.203.

ramram29 · 12-18-2007, 09:56 AM

You could also use the trailing dot or /255.255.255.0. Test it.

Joe2007 · 12-18-2007, 06:04 PM

Sorry, it is not still working using both suggestions.

Poetics · 12-18-2007, 07:25 PM

Do you know what ports they are using? If they are using SSL they may be checking mail on 995 and sending on 587 or 465 (as far as POP is concerned). I don't know the IMAP SSL ports off the top of my head, but you should be able to block what they are using. The above suggestions are indeed correct usage of the hosts.deny file. You can use 'man hosts.deny' to see other options.

Joe2007 · 12-20-2007, 07:22 AM

It looks like there is no way one can use TCP wrappers to prevent users from accessing pop3 (port 110) and imap (port 143) server.