[Dovecot] dovecot - mac firewall problem

Patrick Fay pfay at nd.edu
Sat Aug 28 15:15:00 EEST 2010


>> Hi,
>>    I am running dovecot 1.2.11 on mac osx 1.5.8.  Everything works
>> perfectly with the application-level firewall off, but enabling the
>> application firewall prevents dovecot connections.  I have tried
>> explicitly authorizing dovecot in the firewall, but it does not work.  I
>> have searched everywhere I can think of to look, and haven't found a
>> solution, but have seen a couple other reports of what seems to be the
>> same problem.  The firewall logs the activity with what looks like a
>> corrupt process name: a typical appfirewall.log entry looks like:
>> 
>> Aug 26 20:43:45 hostname Firewall[55]: Deny ^L connecting from
>> XX.XX.XX.XX:37310 uid = 0 proto=6
>> Aug 26 20:43:53 hostname Firewall[55]: Deny ^H?^U???^Z connecting from
>> XX.XX.XX.XX:37310 uid = 0 proto=6
>> Aug 26 20:44:09 hostname Firewall[55]: Deny ^L connecting from
>> XX.XX.XX.XX:37310 uid = 0 proto=6
>> Aug 26 20:44:34 hostname Firewall[55]: Deny ^L connecting from
>> XX.XX.XX.XX:37312 uid = 0 proto=6
>> Aug 26 20:44:45: --- last message repeated 6 times ---
>> 
>> where "hostname" is my server name and the XX's are my client's IP
>> address.  For all of the other services I've used, the process name
>> (e.g. dovecot) should appear after "Deny" when blocking traffic, instead
>> of the funny characters.  Any advice on how I could resolve this issue
>> would be greatly appreciated.  Thanks!
> 
> The application level firewall in OSX is aimed at _client_ use, not
> server use.  It's similar to Novell's AppArmor, etc.  Leave it turned off.
> 
> Simply because a piece of software (in this case an OS) offers any given
> option does not mean every system needs it.  Can you offer a compelling
> reason why you _need_ the OSX application level firewall enabled?
> Please point us to documentation that advises using it for any of your
> services/daemons.
> 
> -- 
> Stan
> 

Hi was hoping to use the application firewall because this machine gets used both as a server as well as a client machine for more general use.  I haven't been able to find any specific documentation for it, but I have found that the firewall works fine with postfix and several file services I use (enabling/disabling works as expected, process names get logged as expected, etc).   Thanks!

Patrick



More information about the dovecot mailing list