It seems that Dovecot in Debian by default is lacking of TcpWrappers support My intention is adding GeoIP Support to Dovecot access I understand the procedure to config Dovecot for TcpWrappers and use external scripts. Although I need some help to compile Dovecot to get TcpWrappers working with ISPC. I know Dovecot should be compiled --with-libwrap option, although I don't know really how to do this because there are different related packets installed: Code: # dpkg-query -l | grep dovecot ii dovecot-core 1:2.3.4.1-5+deb10u7 amd64 secure POP3/IMAP server - core files ii dovecot-imapd 1:2.3.4.1-5+deb10u7 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-lmtpd 1:2.3.4.1-5+deb10u7 amd64 secure POP3/IMAP server - LMTP server ii dovecot-mysql 1:2.3.4.1-5+deb10u7 amd64 secure POP3/IMAP server - MySQL support ii dovecot-pop3d 1:2.3.4.1-5+deb10u7 amd64 secure POP3/IMAP server - POP3 daemon ii dovecot-sieve 1:2.3.4.1-5+deb10u7 amd64 secure POP3/IMAP server - Sieve filters support How can I know the Dovecot packets to be downloaded and compiled? What is the right procedure and ./configure options to compile Dovecot without problems for ISPC?
after some investigation I have tried this: Code: $ apt-get source dovecot-core $ cd ~/dovecot-2.3.4.1 $./configure --with-libwrap ... configure: error: Can't build with libwrap support: tcpd.h not found to solve this error, I have installed the libraries: Code: $ apt-get install libwrap0-dev and I have tried again the ./configure and make process. However, it leaves me this error: Code: ... /usr/bin/ld: test-message-parser.o: in function `test_parsed_parts': /root/dovecot-2.3.4.1/src/lib-mail/test-message-parser.c:90: undefined reference to `message_parser_init_from_parts' /usr/bin/ld: test-message-parser.o: in function `test_message_parser_stop_early': /root/dovecot-2.3.4.1/src/lib-mail/test-message-parser.c:216: undefined reference to `message_parser_init_from_parts' /usr/bin/ld: test-message-parser.o: in function `test_message_parser_small_blocks': /root/dovecot-2.3.4.1/src/lib-mail/test-message-parser.c:161: undefined reference to `message_parser_init_from_parts' collect2: error: ld returned 1 exit status then I have tried this: Code: $ apt build-dep dovecot and restart the configure and make process. However, again I'm receiving the same error: Code: ... /root/dovecot-2.3.4.1/src/lib-mail/test-message-parser.c:161: undefined reference to `message_parser_init_from_parts' collect2: error: ld returned 1 exit status Some idea about how to solve it? . I would be grateful to know because I cannot find more information in internet. thanks!
I have leaved this issue because it seems buggy, and I'm tied to look how to solve it. Anyway I leave in here in case other person can be successful. Dovecot sources for compilation with Debian 10 were obtained with "$apt-get source dovecot-core" and failed to be compiled. Although it was successful using the dovecot_2.3.4.1.orig.tar.gz from https://packages.debian.org/buster/dovecot-core However, later I have realized there is no necessity to do it because it seems Dovecot is compiled for tcpwrappers by default. Just when the script failed without apparent reason I believed the cause was the libwrap was not really compiled. To know if this was compiled for tcpwrappers the libwrap0-dev, the libraries libwrap0-dev should appear: Code: $ apt-cache showsrc dovecot-core | grep libwrap Build-Depends: debhelper (>= 11~), default-libmysqlclient-dev, dh-exec, dpkg-dev (>= 1.16.1), krb5-multidev, libapparmor-dev, libbz2-dev, libclucene-dev (>= 2.3), libdb-dev, libicu-dev, libexpat-dev, libexttextcat-dev, libldap2-dev, liblz4-dev, liblzma-dev, liblua5.3-dev, libpam0g-dev, libpq-dev, libsasl2-dev, libsodium-dev, libsqlite3-dev, libssl-dev, libstemmer-dev, libwrap0-dev, lsb-release, pkg-config, zlib1g-dev Build-Depends: debhelper (>= 11~), default-libmysqlclient-dev, dh-exec, dpkg-dev (>= 1.16.1), krb5-multidev, libapparmor-dev, libbz2-dev, libclucene-dev (>= 2.3), libdb-dev, libicu-dev, libexpat-dev, libexttextcat-dev, libldap2-dev, liblz4-dev, liblzma-dev, liblua5.3-dev, libpam0g-dev, libpq-dev, libsasl2-dev, libsodium-dev, libsqlite3-dev, libssl-dev, libstemmer-dev, libwrap0-dev, lsb-release, pkg-config, zlib1g-dev To install GeoIP support for Dovecot, this segment is added in the config file: Code: $ nano /etc/dovecot.conf login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } and then we should know the active dovecot services: Code: $ netstat -lapte | grep dovecot tcp 0 0 0.0.0.0:imaps 0.0.0.0:* LISTEN root 16095 561/dovecot tcp 0 0 0.0.0.0:pop3s 0.0.0.0:* LISTEN root 16061 561/dovecot tcp 0 0 0.0.0.0:pop3 0.0.0.0:* LISTEN root 16060 561/dovecot tcp 0 0 0.0.0.0:imap2 0.0.0.0:* LISTEN root 16094 561/dovecot and we include these services in these two lines inside /etc/hosts.allow Code: pop3 : aclexec /usr/local/bin/dovecot_geoip.sh %a pop3 : ALL : deny pop3s... impap.... ...etcetera the file /etc/hosts.allow has preeminence over /etc/hosts.deny. Then one can include the line "pop3 : ALL : deny" in the next line inside the same hosts.allow file. Then we create one script named: dovecot_geoip.sh Code: $ nano /usr/local/bin/dovecot_geoip.sh #!/bin/bash # check ip address tcpwrappers for dovecot # GEODB='/usr/share/GeoIP/GeoIP.dat' # allow these countries ALLOW=('CC' 'NO') if [ -z $1 ] then exit 1 fi if ! [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] then exit 1 fi RES=$(geoiplookup -f $GEODB $1) COUNTRY=$(echo $RES | awk -F ',' '{print $1}' | awk -F ': ' '{print $2}') for i in "${ALLOW[@]}" do if [ "$i" == "$COUNTRY" ] then logger -t 'GeoIP dovecot' "allow $1 ($COUNTRY) to authenticate." exit 0 fi done exit 1 change chmod to execute: Code: $ chmod 0755 /usr/local/bin/dovecot_geoip.sh restart dovecot and that's all Code: $ service dovecot restart The theory is the script will receive the IP by means %a, and it will exit with the value 1 or 0. This exit value will determine the allow/deny status. This tutorial is one of the best I have found in internet: https://developer.ibm.com/articles/au-tcpwrapper/ Also this tutorial is Dovecot related although to check against one RBLs: https://spielwiese.la-evento.com/xe...eren-mit-hosts.deny-und-xbl.spamhaus.org.html The log /var/log/syslog should be checked to find response messages. Also tools like $ tcpwatch -v are useful to check how is working However, it doesn't work at least to me. I've tried in thousand ways, with script modifications and etc... It doesn't work. It seems the exit of the script 1/0 is never catched. I have read some people talking about this. Maybe this can be a bug although it seems there is no real interest in solving many Dovecot bugs awaiting from long time ago. This is the only scarce help offered in the Dovecot wiki: https://doc.dovecot.org/admin_manual/login_processes/ There is no many information in internet about including Dovecot with tcpwrappers besides some scripts created by people. So no much more help. I leave here the attempt. If somebody wants to try with Debian and read this, please leave feedback.
