Restricted SMTP Relay and SMTP Authentication Interaction

The following table describes the results of using restricted SMTP relay and SMTP authentication (see “SMTP Authentication” on page 64) in various combinations.

SMTP requires authentication

Restricted SMTP relay

Result

On

Off

All mail servers must

 

 

authenticate before Mail

 

 

service accepts mail for relay.

 

 

Your local mail users must also

 

 

authenticate to send mail out.

 

 

 

On

On

Approved mail servers can

 

 

relay without authentication.

 

 

Servers you haven’t approved

 

 

can relay after authenticating

 

 

with Mail service.

 

 

 

Off

On

Mail service can’t be used for

 

 

open relay. Approved mail

 

 

servers can relay (without

 

 

authenticating).

 

 

Servers that you haven’t

 

 

approved can’t relay unless

 

 

they authenticate, but they can

 

 

deliver to your local mail users.

 

 

Your local mail users don’t need

 

 

to authenticate to send mail.

 

 

This is the most common

 

 

configuration.

 

 

 

Rejecting SMTP Connections from Specific Servers

Mail service can reject unauthorized SMTP connections from hosts on a disapproved- hosts list that you create. Mail traffic from hosts on this list is denied and the SMTP connections are closed after posting a 554 SMTP connection refused error.

To reject unauthorized SMTP connections from specific servers:

1In Server Admin, select a computer in the Servers list, then select Mail.

2Click Settings.

3Select the Relay tab.

4Click the “Refuse all messages from these hosts and networks” checkbox.

5Edit the list of servers by choosing one of the following: ÂÂ Click the Add (+) button to add a host to the list.

ÂÂ Click the Remove (-) button to delete the selected host from the list. ÂÂ Click the Edit (/) button to change the selected host from the list.

32

Chapter 2    Mail Service Setup

Page 32
Image 32
Apple 10.6 Restricted Smtp Relay and Smtp Authentication Interaction, Rejecting Smtp Connections from Specific Servers