Re: POP3 client behavior re. hosts.deny
From: Bruce Lewis (brlspam_at_yahoo.com)
Date: 02 Sep 2004 14:04:12 -0400
Tim Haynes <firstname.lastname@example.org> writes:
> I would've thought any attempt to send application-level data like that
> would be a pretty naff violation of TCP, being as the application should
> have received a TCP RST from the hosts.deny-induced connection-rejection.
Except the connection is not rejected. It's accepted (presumably by
inetd), then closed (presumably by tcpd). I don't think tcpd has any
way to cause the connection to be rejected.
> tcpdump -s 1500 -n -w somefile.log.net port 110
> <do things>
> tcpdump -v -r somefile.log.net | less
Ah, cool. Now I can at least check Thunderbird.
> How about using a firewall so there can be *no* connection established at
> all, not even as far as tcpwrappers?
This is a virtual server (User-Mode Linux) on linode.com. I'm pretty
sure the firewall option is unvailable to me.
> You could also try to bind teapop
> to localhost only, as well, that would be rather effective too.
Hmm...that really looks like the cleanest solution. Maybe it's time to
switch to xinetd. I don't see any option for inetd to bind to a
specified address, nor in the teapop docs for its standalone mode.