[prev in list] [next in list] [prev in thread] [next in thread] 

List:       popa3d-users
Subject:    Re: Re[2]: Question about using popa3d and stunnel
From:       Daniel Leite <dleite+popa3d () ccg ! pt>
Date:       2002-12-23 19:41:28
[Download RAW message or body]

Hi again

On Mon, 23 Dec 2002 12:41:04 -0600
James Olsen <jamesml@planetolsen.com> wrote:
> DL>         the stunnel is a group and user JUST for stunnel
> DL>         the /var/run/stunnel must have a etc/hosts.allow and
> DL>         a etc/hosts.deny for proper tcp filter
> Please forgive me, I'm pretty new to configuration of these files. I'm
> not sure what I need to put into the hosts.allow and hosts.deny files
> regarding stunnel. May I ask to see what you've set up in your files?

	make a etc directory in your defined chroot, root owned

	do a create there a hosts.deny file with the line 
ALL:ALL

	then create the hosts.allow file and put there this

pop3s:all
ssmtp:all
imaps:all

	change the "all"  to the networks allowed to connect to this
	services... exemple:

pop3s: 192.168. 127.0.0.1 200.200.200. test.com

	this will allow connection to all computeres from
	192.168.0.0/16, 127.0.0.1 (localhost) 200.200.200.0/24 and
	finally all those that the reverse DNS ends with test.com

	put here more services that you are using in stunnel so it
	can accept connections or reject then

	dont forget to configure the /etc/hosts.allow and .deny to
	allow at least the localhost access for the popa3d
	test it with telnet localhost 110

	good luck

higuita
ps: please use the email dleite+popa3d @ ccg.pt instead of the dleite that i wrongly \
sent in the other message


[prev in list] [next in list] [prev in thread] [next in thread]