Nigel Metheringham edited this page Nov 29, 2012 · 2 revisions

Q0705

Question

How can I use tcpwrappers in conjunction with Exim?

Answer

Exim's own control facilities can do all that tcpwrappers can do. However, if you are already using tcpwrappers for other things it might be convenient to include Exim controls in the same place. First of all, ensure that Exim is built to call the tcpwrappers library, by including USE_TCPWRAPPERS=yes in Local/Makefile. You also need to ensure that the header file tcpd.h is available at compile time, and the libwrap.a library is available at link time, typically by including it in EXTRALIBS. You may need to copy these two files from the tcpwrappers build directory to, for example, /usr/local/include and /usr/local/lib, respectively. Then you could reference them by

CFLAGS=-I/usr/local/include
EXTRALIBS=-L/usr/local/lib -lwrap

in Local/Makefile. There are two ways to make use of the functionality, depending on how you have tcpwrappers set up. If you have it set up to use only one file, you ought to have something like:

/etc/hosts.allow:

exim : <client_list>  : <allow_or_deny>

For example:

exim : LOCAL  192.168.0.  .friendly.domain  special.host : ALLOW
exim : ALL                                               : DENY

This allows connections from local hosts (chiefly localhost), from the subnet 192.168.0.0/24, from all hosts in *.friendly.domain, and from a specific host called*special.host*. All other connections are denied. If you have tcpwrappers set up to use two files, use the following:

/etc/hosts.allow:

exim    : <client_list>

/etc/hosts.deny:

exim    : <client_list>

Read the hosts_access man page for more ways of specifying clients, including ports, etc., and on logging connections.


Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.