Re: [Exim] TCP_Wrappers question...

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Kevin Reed, Exim Users Mailing List
Subject: Re: [Exim] TCP_Wrappers question...
On 2002-01-22 at 18:29 -0700, Kevin Reed wrote:
> I have tcp_wrappers on my Solaris 8 box (Sparc) with the language
> extensions enabled. As such, I use a single hosts.allow file (no
> host.deny) with the format of:


To enable the language extensions, did you have to upgrade
tcp_wrappers? If so, did you rebuild Exim after that upgrade?

> I have noticed however, that despite entries in the file to indicate
> that I want to block specific IP's, they don't appear to be phased by
> it at all.


(side-note: ITYM "fazed" not "phased")

>     exim : xx.xx.xx.xx    : deny

>
> Using tcpdmatch exim xx.xx.xx.xx
>
> shows denied like it should, but it appears that Exim doesn't see it.
>
> I've even restarted exim thinking maybe it wants to reread the file??
>
> Not knowing how Exim internally deals with this, the only idea I
> could come up with was it wanted the info in a hosts.deny file??


Exim just uses the TCP Wrappers functionality to ask hosts_ctl() if it
should accept a connection for "exim", with a supplied IP address,
hostname and ident (if known and looked up by Exim). If rejected
because of hosts_ctl, there'll be a log message to mainlog and rejectlog
of the form:
connection from XXX refused (tcp wrappers)
where XXX identifies the remote host, and the remote host will get a 554
service unavailable error.

Exim only uses the published hosts_ctl() interface. Do you have two
different installs of tcp_wrappers? If there's only one, was it
upgraded and was Exim upgraded afterwards too?

Is the box lightly loaded enough that you can add a last directive of
something like:

ALL : ALL : spawn ( logger -p daemon.info -t daemonchk "%d: %c" ) & : allow

That should not modify any of the previous rules, but should result in
an extra syslog line at daemon.info, tagged 'daemonchk', which contains
the actual name which tcp_wrappers is being asked about (should be
"exim" for the Exim requests), followed by ": " and then as much
information about the remote system as tcp_wrappers knows about.

Because this will spawn many subprocesses, this isn't advisable on a
busy machine.
--
Ciphertext (n.): Euphemism for garbage.