Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20021223194128.6cf4cc95.dleite+popa3d@ccg.pt>
Date: Mon, 23 Dec 2002 19:41:28 +0000
From: Daniel Leite <dleite+popa3d@....pt>
To: popa3d-users@...ts.openwall.com
Subject: Re: Re[2]: Question about using popa3d and stunnel

Hi again

On Mon, 23 Dec 2002 12:41:04 -0600
James Olsen <jamesml@...netolsen.com> wrote:
> DL>         the stunnel is a group and user JUST for stunnel
> DL>         the /var/run/stunnel must have a etc/hosts.allow and
> DL>         a etc/hosts.deny for proper tcp filter
> Please forgive me, I'm pretty new to configuration of these files. I'm
> not sure what I need to put into the hosts.allow and hosts.deny files
> regarding stunnel. May I ask to see what you've set up in your files?

	make a etc directory in your defined chroot, root owned

	do a create there a hosts.deny file with the line 
ALL:ALL

	then create the hosts.allow file and put there this

pop3s:all
ssmtp:all
imaps:all

	change the "all"  to the networks allowed to connect to this
	services... exemple:

pop3s: 192.168. 127.0.0.1 200.200.200. test.com

	this will allow connection to all computeres from
	192.168.0.0/16, 127.0.0.1 (localhost) 200.200.200.0/24 and
	finally all those that the reverse DNS ends with test.com

	put here more services that you are using in stunnel so it
	can accept connections or reject then

	dont forget to configure the /etc/hosts.allow and .deny to
	allow at least the localhost access for the popa3d
	test it with telnet localhost 110

	good luck

higuita
ps: please use the email dleite+popa3d @ ccg.pt instead of the dleite that i wrongly sent in the other message

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.