GNU Mailutils
	General-Purpose Mail Package	Official GNU Software

• Main
• Downloads
• Documentation
• Wiki

3.2.12 The tcp-wrappers Statement

Syntax

tcp-wrappers {
  # Enable TCP wrapper access control.
  enable bool;
  
  # Set daemon name for TCP wrapper lookups.
  daemon name;
  
  # Use file for positive client address access control.
  allow-table file;
  
  # Use file for negative client address access control.
  deny-table file;
}

Description

The tcp-wrappers statements provides an alternative way to control accesses to the resources served by GNU Mailutils. This statement is enabled if Mailutils is compiled with TCP wrappers library libwrap.

Access control using TCP wrappers is based on two files, called tables, containing access rules. There are two tables: the allow table, usually stored in file /etc/hosts.allow, and the deny table, kept in file /etc/hosts.deny. The rules in each table begin with an identifier called daemon name. A utility that wishes to verify a connection, selects the entries having its daemon name from the allow table. A connection is allowed if it matches any of these entries. Otherwise, the utility retrieves all entries with its daemon name from the deny table. If any of these matches the connection, then it is refused. Otherwise, if neither table contains matching entries, the connection is allowed.

The description of a TCP wrapper table format lies outside the scope of this document. Please, see ACCESS CONTROL FILES in hosts_access(5) man page, for details.

Configuration: enable bool

Enable access control using TCP wrappers. It is on by default.

Configuration: daemon name

Set daemon name for TCP wrapper lookups. By default, the name of the utility is used. E.g. imap4d uses ‘imap4d’ as the daemon name.

Configuration: allow-table file

Use file as allow table. By default, /etc/hosts.allow is used.

Configuration: deny-table file

Use file as negative table. By default, /etc/hosts.deny is used.