[Dovecot] dovecot - mac firewall problem
Patrick Fay
pfay at nd.edu
Sat Aug 28 15:15:00 EEST 2010
>> Hi,
>> I am running dovecot 1.2.11 on mac osx 1.5.8. Everything works
>> perfectly with the application-level firewall off, but enabling the
>> application firewall prevents dovecot connections. I have tried
>> explicitly authorizing dovecot in the firewall, but it does not work. I
>> have searched everywhere I can think of to look, and haven't found a
>> solution, but have seen a couple other reports of what seems to be the
>> same problem. The firewall logs the activity with what looks like a
>> corrupt process name: a typical appfirewall.log entry looks like:
>>
>> Aug 26 20:43:45 hostname Firewall[55]: Deny ^L connecting from
>> XX.XX.XX.XX:37310 uid = 0 proto=6
>> Aug 26 20:43:53 hostname Firewall[55]: Deny ^H?^U???^Z connecting from
>> XX.XX.XX.XX:37310 uid = 0 proto=6
>> Aug 26 20:44:09 hostname Firewall[55]: Deny ^L connecting from
>> XX.XX.XX.XX:37310 uid = 0 proto=6
>> Aug 26 20:44:34 hostname Firewall[55]: Deny ^L connecting from
>> XX.XX.XX.XX:37312 uid = 0 proto=6
>> Aug 26 20:44:45: --- last message repeated 6 times ---
>>
>> where "hostname" is my server name and the XX's are my client's IP
>> address. For all of the other services I've used, the process name
>> (e.g. dovecot) should appear after "Deny" when blocking traffic, instead
>> of the funny characters. Any advice on how I could resolve this issue
>> would be greatly appreciated. Thanks!
>
> The application level firewall in OSX is aimed at _client_ use, not
> server use. It's similar to Novell's AppArmor, etc. Leave it turned off.
>
> Simply because a piece of software (in this case an OS) offers any given
> option does not mean every system needs it. Can you offer a compelling
> reason why you _need_ the OSX application level firewall enabled?
> Please point us to documentation that advises using it for any of your
> services/daemons.
>
> --
> Stan
>
Hi was hoping to use the application firewall because this machine gets used both as a server as well as a client machine for more general use. I haven't been able to find any specific documentation for it, but I have found that the firewall works fine with postfix and several file services I use (enabling/disabling works as expected, process names get logged as expected, etc). Thanks!
Patrick
More information about the dovecot
mailing list