I've just set up a Fedora Core 3 box to handle some mail. I use the included Dovecot and connect to it over IMAPS. I've opened port 993 and planned to use tcpwrappers to allow only a few selected hosts to connect. However, this does not seem to work?

My /etc/hosts.deny contains only one line:

ALL: ALL

And my /etc/hosts.allow currently contains only

sshd: 192.168.0.5 # my desktop machine

Still, Thunderbird happily logs on to the server.

How can I make Dovecot use the hosts.allow/deny files?

Late answer but for other people who's searching for answers.

If you use dovecot with inetd or xinetd. You activate it with /path/to/dovecot/pop3-login or pop3-login --ssl (if you use TLS/SSL). This is the binary we want to exclude people from using through hosts.deny.

Use
to exclude anyone at all from using dovecot pop3 through hosts.deny. Works for me! if you use an the IMAP enabled part of Dovecot, checkout what the corresponding entries would be in the Dovecot documentation but a wild guess is imap-login

Also, when it comes to Thunderbird, you can't expect it to show you what's really going on. I first picked up mail and everything was fine. I then activated the above and Thunderbird still said he could fetch mail, even though there was a delay between the "Checking for mail" messages and "No mail to fetch" message... However, the mails in the mailbox were not fetched, the Thunderbird error console reported an error (Component not available) and the Linux secure log reported that my IP was denied a connection to the pop3 service.

..still, Thunderbird, if you didn't bother to "look under the table", said that "No mail to fetch"...