This will be probably the most frequently used scheme. Here, the server processes (which are usually run from inetd) will not run at all. ProtoWrap will be installed in each individual server machine, and configured to wrap each individual server port. ProtoWrap can be run either in standalone or in inetd mode, and the server program will be called via a pipe, not via an IP connection. This way, the programs concurrently running at the server can be kept at a minimum, and network access to the protected services will be completely cut off.
For this scheme, we have:
1
/usr/local/bin/smtpwrap &
Server's /usr/local/bin/smtpwrap:
1
#!/usr/bin/perl use ProtoWrap::SMTP; use strict; my ($wrap); $wrap = ProtoWrap::SMTP->new('standalone' => 1, 'listenPort' => 10025, 'destType' => 'ip', 'destAddr' => '127.0.0.1', 'logLevel' => 3, 'maxMsgSize' => 3000000, 'relayDomainList' => ['mydomain.com'], 'maxRcpt' => 10, 'setUidTo' => 32767 ); die 'Can\'t start SMTP wrapper' if (not defined $wrap); $wrap->startServer() or warn 'Can\'t start wrapper for '.$wrap->getProp();