[Dovecot] dovecot - mac firewall problem
Hi, I am running dovecot 1.2.11 on mac osx 1.5.8. Everything works perfectly with the application-level firewall off, but enabling the application firewall prevents dovecot connections. I have tried explicitly authorizing dovecot in the firewall, but it does not work. I have searched everywhere I can think of to look, and haven't found a solution, but have seen a couple other reports of what seems to be the same problem. The firewall logs the activity with what looks like a corrupt process name: a typical appfirewall.log entry looks like:
Aug 26 20:43:45 hostname Firewall[55]: Deny ^L connecting from XX.XX.XX.XX:37310 uid = 0 proto=6 Aug 26 20:43:53 hostname Firewall[55]: Deny ^H?^U???^Z connecting from XX.XX.XX.XX:37310 uid = 0 proto=6 Aug 26 20:44:09 hostname Firewall[55]: Deny ^L connecting from XX.XX.XX.XX:37310 uid = 0 proto=6 Aug 26 20:44:34 hostname Firewall[55]: Deny ^L connecting from XX.XX.XX.XX:37312 uid = 0 proto=6 Aug 26 20:44:45: --- last message repeated 6 times ---
where "hostname" is my server name and the XX's are my client's IP address. For all of the other services I've used, the process name (e.g. dovecot) should appear after "Deny" when blocking traffic, instead of the funny characters. Any advice on how I could resolve this issue would be greatly appreciated. Thanks!
I was hoping to use the application firewall because this machine gets used both as a server as well as a client machine for more general use. I haven't been able to find any specific documentation for it, but I have found that the firewall works fine with postfix and several file services I use (enabling/disabling works as expected, process names get logged as expected, etc). Thanks!
Patrick
So, you're running Dovecot and Postfix on a laptop? WTF?
-- Stan
Hi, Sorry for the confusion--no laptop involved. Postfix, dovecot, etc, all running on intel-based desktop mac (a mac pro).
Patrick
Patrick Fay put forth on 8/28/2010 7:57 PM:
I was hoping to use the application firewall because this machine gets used both as a server as well as a client machine for more general use. I haven't been able to find any specific documentation for it, but I have found that the firewall works fine with postfix and several file services I use (enabling/disabling works as expected, process names get logged as expected, etc). Thanks!
Patrick
So, you're running Dovecot and Postfix on a laptop? WTF?
Sorry for the confusion--no laptop involved. Postfix, dovecot, etc, all running on intel-based desktop mac (a mac pro).
Same difference. You're running a full blown MTA and an IMAP server on a "client" machine. Why? Is this a production level setup? Or do you have these server daemons installed merely for testing purposes before putting a dedicated server box into production?
Running a production setup of an MTA and IMAP server on one's workstation, with an MX record etc pointed at the box, is very, very... odd, rare.
-- Stan
On 8/28/2010 9:22 PM, Stan Hoeppner wrote:
Running a production setup of an MTA and IMAP server on one's workstation, with an MX record etc pointed at the box, is very, very... odd, rare.
Not really... no reason you can't run your own personal setup for your own personal email, use getmail to retrieve all of your other mail, and have it all in one place served up by dovecot...
--
Best regards,
Charles
On Sat, 28 Aug 2010 20:22:41 -0500 Stan Hoeppner stan@hardwarefreak.com articulated:
Patrick Fay put forth on 8/28/2010 7:57 PM:
I was hoping to use the application firewall because this machine gets used both as a server as well as a client machine for more general use. I haven't been able to find any specific documentation for it, but I have found that the firewall works fine with postfix and several file services I use (enabling/disabling works as expected, process names get logged as expected, etc). Thanks!
So, you're running Dovecot and Postfix on a laptop? WTF?
Sorry for the confusion--no laptop involved. Postfix, dovecot,etc, all running on intel-based desktop mac (a mac pro).
Same difference. You're running a full blown MTA and an IMAP server on a "client" machine. Why? Is this a production level setup? Or do you have these server daemons installed merely for testing purposes before putting a dedicated server box into production?
Running a production setup of an MTA and IMAP server on one's workstation, with an MX record etc pointed at the box, is very, very... odd, rare.
Maybe I missed it; however, I did not see where the OP asked for a general assessment of his work station/network, but rather assistance with a problem he was experiencing. Unless his environment precludes him from operating his system the way he desires, the resulting babel regarding his machines are outside the scope of his posting.
-- Jerry ✌ Dovecot.user@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
Jerry put forth on 8/29/2010 5:22 AM:
On Sat, 28 Aug 2010 20:22:41 -0500 Stan Hoeppner stan@hardwarefreak.com articulated:
Patrick Fay put forth on 8/28/2010 7:57 PM:
I was hoping to use the application firewall because this machine gets used both as a server as well as a client machine for more general use. I haven't been able to find any specific documentation for it, but I have found that the firewall works fine with postfix and several file services I use (enabling/disabling works as expected, process names get logged as expected, etc). Thanks!
So, you're running Dovecot and Postfix on a laptop? WTF?
Sorry for the confusion--no laptop involved. Postfix, dovecot,etc, all running on intel-based desktop mac (a mac pro).
Same difference. You're running a full blown MTA and an IMAP server on a "client" machine. Why? Is this a production level setup? Or do you have these server daemons installed merely for testing purposes before putting a dedicated server box into production?
Running a production setup of an MTA and IMAP server on one's workstation, with an MX record etc pointed at the box, is very, very... odd, rare.
Maybe I missed it; however, I did not see where the OP asked for a general assessment of his work station/network, but rather assistance with a problem he was experiencing. Unless his environment precludes him from operating his system the way he desires, the resulting babel regarding his machines are outside the scope of his posting.
Apparently you did miss something. The reason the platform question came up is because the Mac OSX application firewall was causing him problems. My research showed that Apple recommends this software be enabled _only_ for workstation applications (GUI, interactive), not for server daemons.
Thus, the OP is running a system "out of the norm" according to Apple, which in English is equivalent to "odd" and "rare".
You mistook my post for being animus, which it was not.
-- Stan
On 2010/08/28 at 16:57, pfay@nd.edu (Patrick Fay) wrote:
Hi, I am running dovecot 1.2.11 on mac osx 1.5.8. Everything works perfectly with the application-level firewall off, but enabling the application firewall prevents dovecot connections.
My suggestion would be to turn the application-level firewall in "System Preferences" off and if you feel the need for a firewall, use something like ipfw instead: http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPag...
It comes setup with the following configuration:
# ipfw show 65535 0 0 allow ip from any to any
So, you would have to configure it as you see fit. Not as convient as "System Preferences", but it should allow you to write a firewall configuration that works with Dovecot.
participants (5)
-
Charles Marcus
-
Jerry
-
Patrick Fay
-
Peter A. Giessel
-
Stan Hoeppner