limiting pop access to gmail servers ?
freebsd-lists at albury.net.au
freebsd-lists at albury.net.au
Mon May 2 07:51:04 UTC 2011
> We have enabled POP so that certain people can pop their mail from us, and use
> gmail as their mail client.
>
> However, we have no other POP users ... and I don't want POP open to the whole
> world ...
>
> BUT, I suspect there are a LOT of possible IPs that google will use to pop mail
> from us ...
While not a "strong" solution, out-of-the box, I'd suggest in
/etc/hosts.allow (probably after the "paranoid" line to make inetd check
fwd/reverse match)
ALL : PARANOID : RFC931 20 : deny
assuming you use qpopper (change as required)
qpopper : .google.com : allow
qpopper : x.x.x.0/255.255.255.0 : allow (your directly-connected users)
qpopper : all : deny
RossW
More information about the freebsd-security
mailing list