Choosing Authentication for Mail Service | Apple 10.6 guide

Some administrators find it easier to designate mail access using ACLs if they do all their other configuration using ACLs. They also might have mixed network environments that necessitate using ACLs to assign mail access.

To enable mail access using ACLs:

1In Server Admin, select the server that has Mail service running.

2Select Access, then click Services.

3Select Mail from the Services list.

4Select “For selected services below.”

5Select “Allow only users and group below.”

6Click the Add (+) button to reveal a Users and Groups list.

7Drag the user or group to the access list.

8Click Save.

Choosing Authentication for Mail Service

SMTP Authentication

You can protect your server from being an open relay (which indiscriminately relays mail to other mail servers) by requiring SMTP authentication. Requiring authentication ensures that only known users—people with user accounts on your server—can send mail from your mail servers.

You can configure Mail service to require secure authentication using CRAM-MD5 or Kerberos or less secure authentication methods using plain text or login.

Plain authentication sends mail passwords as plain text over the network. Login authentication sends a minimally secure crypt hash of the password over the network. You might allow these less secure authentication methods, which don’t encrypt passwords, if some users have mail client software that doesn’t support the secure methods.

If you configure Mail service to require CRAM-MD5, mail users’ accounts must be set to use a password server that has CRAM-MD5 enabled.

Before enabling Kerberos authentication for incoming Mail service, you must integrate Mac OS X with a Kerberos server. If you’re using Mac OS X Server for Kerberos authentication, this is already done for you.

Enabling SMTP Authentication will:

ÂÂ Make your users authenticate with their mail client before accepting mail to send.

ÂÂ Frustrate mail server abusers who are trying to send mail through your system without your consent.

64

Chapter 3    Mail Service Advanced Configuration

Image 64

Apple 10.6 manual Choosing Authentication for Mail Service, Smtp Authentication, To enable mail access using ACLs

Contents

Mac OS X Server Apple Contents Mail Service Advanced Configuration Monitoring and Maintaining Mail Service Troubleshooting Mail Service Contents What’s in This Guide Preface To get the most recent onscreen help for Mac OS X Server Using Onscreen HelpTo see the most recent server help topics Document Road Map Getting Started Preface About This Guide Getting Documentation Updates Getting Additional Information Understanding Mail Service Mail Service Architecture Mail Transfer Agent Mac OS X Server Mail Screening Outgoing Mail Location Where Mail Is StoredIncoming Mail Location Local Delivery Agent Internet Message Access Protocol ImapDovecot User Interaction with Mail Service Post Office Protocol POP Mailman-Based Mailing Lists Using Mailing Lists with Mail ServiceWiki-Based Mailing Lists Using Network Services with Mail Service Mail service uses DNS like this Managing Mail Service Before You Begin Configuring DNS for Mail Service Using Mail Service ToolsTo enable MX records Setup Overview How User Account Settings Affect Mail Service To start the mail configuration assistant Configure outgoing Mail service Configure additional settings for Mail service Administering Mail Service Changing Mail Service SettingsTo enable Mail Service for administration To change Mail service settings from the command line General Setup Viewing Mail Service Settings from the Command LineConfiguring Outgoing Mail Service Understanding Smtp Authentication To enable Smtp access Enabling Smtp AccessRequiring Smtp Authentication Relaying Smtp Mail Through Another Server To relay Smtp mail through another serverCopying Undeliverable Incoming Mail To keep a copy of undeliverable incoming mail Configuring Incoming Mail Service Enabling Imap AccessSaving Mail Messages for Monitoring and Archival Purposes To save all messages To enable Imap access Enabling POP AccessTo enable POP access Choosing No Incoming Mail Retrieval To change the local delivery directory Restricting Smtp RelayTo restrict Smtp relay Restricted Smtp Relay and Smtp Authentication Interaction Rejecting Smtp Connections from Specific Servers Rejecting Mail from Blacklisted Senders Filtering Smtp ConnectionsTo reject mail from blacklisted senders To filter Smtp connections Limiting Junk Mail and Viruses Connection Control To enable junk mail screening Mail Service FilteringEnabling Junk Mail Screening Bayesian Filters Training the Junk Mail Filter Training the junk mail filter with users’ help Filtering Mail by Language and Locale Training the junk mail filter without user interactionTo allow mail by language and locale To enable virus screening Enabling Virus Screening From the command line To enable Sieve supportServer-Side Mail Rules To enable a user’s mail quota Managing Mail QuotasLimiting Incoming Message Size Enabling Mail Quotas for Users Configuring Quota Warnings Configure Quota Violation ResponsesTo configure quota warnings To configure quota violation responses To enable wiki-based mailing lists Setting Up a Wiki-Based Mailing ListMailing Lists About Mailman To enable mailing lists Setting Up a Mailman Mailing ListEnabling Mailing Lists Creating a Mailing List To create a list Setting a List’s Maximum Message Length To set a list’s maximum message lengthCreating a Mailing List Description To create a list description Customizing the Mailing List Welcome Message To customize a welcome messageCustomizing the Mailing List Unsubscribe Message To customize the subscriber welcome message To enable list moderation Setting Mailing List Message Bounce OptionsEnabling a Mailing List Moderator To set bounce options Designating a Mailing List as Private To set privacy optionsAdding Subscribers To add subscribers Administering Mailing Lists Viewing a Server’s Mailing ListsTo see the lists Viewing a Mailing List’s Information Designating a List Administrator To designate a list administratorAccessing Web-Based Administrator Options To access a list’s web-based options Designating a List Moderator To designate a list moderatorArchiving a List’s Mail To archive a list’s mail Working with Mailing List Subscribers Viewing Mailing List ArchivesAdding a Subscriber to a List Removing a List Subscriber Changing Subscriber Posting Privileges To add or remove a subscriber’s posting privilegesSuspending a Subscriber To suspend a user’s subscription to a list List Subscriber Options Subscribing to a Mailing List Via MailTo subscribe via mail Subscribing to a Mailing List Via Web Unsubscribing from a Mailing List Via Mail Setting and Changing Your Mailing List PasswordUnsubscribing from a Mailing List Via Web To disable list delivery Changing Digest ModeDisabling List Mail Delivery To toggle digest mode Where to Find More Information Setting Additional Subscriber OptionsTo access additional options Choosing Mime or Plain Text Digests Setting Mail Service Logging Options Setting the Mail Service Log DetailArchiving Mail Service Logs by Schedule To set the Mail service log detail Client-Specific Configuration for Mail Service Configuring Mail Client Applications Using Webmail Vacation NoticesTo use WebMail How a user modifies their vacation notices Securing User Access to Mail Service Use this chapter to tune Mail service beyond a basic setupDesignating Authorized Mail Service Users Using Access Control Lists for Mail Service Access Using Workgroup Manager for Mail Service AccessTo enable a user’s mail access using Workgroup Manager Smtp Authentication Choosing Authentication for Mail ServiceTo enable mail access using ACLs To allow secure Smtp authentication Imap and POP AuthenticationTo allow less secure authentication To set secure Imap and POP authentication To set less secure Imap and POP authentication Securing Mail Service with SSL Configuring SSL for mail transport Configuring SSL Transport for Smtp Connections Configuring SSL Transport for Imap and POP ConnectionsTo configure SSL transport for Smtp connections To configure SSL transport for Imap and POP connections Generate a Certificate Signing Request CSR Enter a key size, and then press Return Enter s, and then press Return Following output appears Accessing Server Certificates from the Command Line Creating a Password File from the Command Line Creating the Password File in the Keychain To enable virtual hosting Mail Service Virtual HostEnabling Virtual Hosting Associating Users to the Virtual Host Adding or Removing Virtual HostsTo add or remove virtual hosts Postmaster@server.com At the prompt, enter the following command Creating Additional Mail Addresses for Users To create a Mac OS X Server-style alias To create a Postfix-style alias Setting Up Forwarding Mail Addresses for a UserTo forward a user’s mail Working with Mail Service Data Storage To specify where mail is stored on the serverViewing the Location of the Mail Store Specifying the Location of the Mail Store Creating Additional Mail Store Locations To split the mail store Maximum Number of Mail Messages Per Volume Backing Up and Restoring Mail Messages Setting Up Mail Server Clustering with Xsan Configuring Additional Mail Service Support for 8-Bit MimeConfiguring Mail Clustering To disable the default conversion Starting or Stopping Mail Service Use this chapter to monitor and maintain Mail serviceTo start or stop the service Reloading Mail Service To reload Mail service from the command lineHolding Outbound Mail To hold outbound mail Allowing Administrator Access to Mail Folders Creating an Administration AccountTo create a mail administrator account Blocking Inbound Mail Connections Monitoring Mail Service Activity Viewing an Overview of Mail Service ActivityViewing Mail Service Logs To see an overview of Mail service activity To view a Mail service log Reclaiming Disk Space Used by Mail Service Log ArchivesViewing the Mail Connections List To view a list of connected mail users Viewing Mail Accounts Monitoring the Outgoing Mail QueueChecking the Outgoing Mail Queue Clearing Messages from the Outgoing Mail Queue Retrying Undelivered Outgoing Messages Viewing Mail Service StatisticsTo try to resend an outgoing message Computer responds with the following output Troubleshooting Mail Service Improving Performance When a Disk Is Full When Mail Is UndeliverableWhere to Find More Information Forwarding Undeliverable Incoming Mail Books Internet Service Settings Appendix D87.cert.pem Mailimapsieveproxyservers Emptyarray D87.key.pem Default ALL+RC4@STRENGTH 100 101 Mailpostfixsendercanonicalmaps 102 Strength 103 ALL!EXPORT+RC4@STRENGTH 104 105 Mailpostfixdisablemimeinput Processing 106 Begin Certificate 107 108 109 110 111 Options 112 Connect GET Post 113 114 115 116 117 118 119 120 TZ Mailconfig Lang 121 122 Begin RSA Private KEY 123 MAILER-DAEMON 124 Ratedelay Mailpostfixsmtprandomize Yes Addresses 125 126 127 Vacation Notification Script 128 Basic Sort and Antijunk Mail Filter Self-Defined Forwarding129 130 Disks Index131 132 See also Mailman, subscribers Mailman 133 134