|
Editor's note:
The information in this node may be obsolete or otherwise inaccurate. This message will disappear, once this node revised. |
tcp-wrappers {
# Enable TCP wrapper access control.
enable bool;
# Set daemon name for TCP wrapper lookups.
daemon name;
# Use file for positive client address access control.
allow-table file;
# Use file for negative client address access control.
deny-table file;
# Log allowed accesses at this syslog priority.
allow-syslog-priority prio;
# Log denied accesses at this syslog priority.
deny-syslog-priority prio;
}
The tcp-wrappers statements provides an alternative way to
control accesses to the resources served by GNU Mailutils. This
statement is enabled if Mailutils is compiled with TCP wrappers
library libwrap.
Access control using TCP wrappers is based on two files, called tables, containing access rules. There are two tables: the allow table, usually stored in file /etc/hosts.allow, and the deny table, kept in file /etc/hosts.deny. The rules in each table begin with an identifier called daemon name. Each utility wishing to verify a connection, select the entries having its daemon name from the allow table. A connection is allowed if it matches any of these entries. Otherwise, the utility retrieves all entries with its daemon name from the deny table. If any of these matches the connection, then it is refused. Otherwise, if neither table contains matching entries, the connection is allowed.
Description of a TCP wrapper table format lies outside the scope of this document. Please, see ACCESS CONTROL FILES, for details.