[Macpartners] Leopard firewall

[Allan Doyle]

On Nov 28, 2007, at 12:21 , Patrick McNeal wrote:

>
> On Nov 28, 2007, at 11:33 AM, Allan Doyle wrote:
>
>> I want to allow incoming SMTP traffic on port 25 on a Leopard machine
>> (not Leopard Server). Googling and searching the Apple Discussions
>> doesn't offer much help.
>>
>> One perhaps drastic solution is to shut off the firewall entirely and
>> use ipfw. I'm happy to do that, but there must be a "Leopard" way...
>
> From what I understand, to use Leopard's GUI firewall, you have to  
> specify which application has permission to open ports.  If you know  
> what applications need to open port 25, you might try adding them to  
> the "allow list."
>
> As you suggested, reverting to ipfw should work.  I wasn't able to  
> find any Apple documentation on it, but at least one blog claims  
> that "ipfw supercede any rules defined by the new application  
> firewall."[1]
>
> Let the group know if you get it to work - I'm sure there are others  
> that would be interested.

Stephen's pointer to the Apple documentation implies that /usr/libexec/ 
postfix/smtpd should be digitally signed by Apple and thus should be  
allowed to accept incoming connections.

However, when I try to get into port 25, the client side indicates  
that the port is blocked.

I tried manually adding /usr/libexec/postfix/smtpd to the list of  
allowed apps in the System Prefs but that does not seem to help.

I may be forgetting something on the postfix side, so I need to poke  
around some more.

	Allan

>
>
> --Patrick
>
> [1] http://tinyurl.com/2txmfy
> ------------------------------------------------------------------------------
> Patrick McNeal
> Macintosh Platform Coordinator - Software Release Team
> Client Support Services, Information Services and Technology
> Massachusetts Institute of Technology
> N42-250E
> Cambridge, MA 02139
> +1 617 253-0196
> mcneal at mit.edu
>

-- 
Allan Doyle
Director of Technology
MIT Museum
+1.617.452.2111