Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

Like this article? We recommend

Basic Mail Server Configuration with Server Admin

Although mail services under Mac OS X Server are a collection of Unix tools traditionally managed from the command line, Apple has made the initial setup and basic management functions conveniently accessible as part of Server Admin and Workgroup Manager. The Server Admin Mail pane makes configuring the majority of email functions very simple and creates a one-stop place to configure Postfix, Cyrus, and Mailman (the Unix service that manages mailing lists under Mac OS X Server). For new administrators, using Server Admin to set up and manage mail services can ease not only the process but also the learning curve. Even for experienced administrators, it can provide a more efficient tool for viewing and changing basic configuration options.

To get started, launch Server Admin and authenticate to the appropriate server (provided that you run Server Admin remotely instead of on the server itself). Select Mail in the Computers And Services list. As with most Server Admin panes, the Mail pane contains five panes, including Overview, Logs, Connections, Maintenance, and Settings.

Overview, which is initially displayed, gives you a snapshot of your mail server (including whether or not mail services are running, which mail transfer agents are running (outgoing SMTP, incoming SMTP, POP, and IMAP), how many users are currently connected to the server using IMAP, and the status and number of mailing lists being hosted by the server.

Logs provide an easy way to view the various mail server logs. You can view the logs for each of the component mail transfer agents as well as a series of logs for specific mailing list–related events and logs for virus scanning and junk mail filtering. The Connections pane displays the current IMAP and POP connections to the server. Maintenance, which we’ll discuss more in part 3 of this series, enables you to view the status of current email accounts, message queues, mail store databases, and to configure email migration from mail services under Mac OS X Server 10.2 and earlier.

The Settings pane, as you might guess, is the place in which you manage most of the mail server configuration. It contains seven tabs: General, Relay, Filters, Quotas, Mailing Lists, Logging, and Advanced. The first of these, General, contains the major functions needed to set up mail services.

As shown in Figure 1, the General tab contains a number of checkboxes that manage the mail services configuration. The first two checkboxes are to enable POP and IMAP access. When IMAP is enabled, you can specify a maximum number of connections. You might take advantage by limiting the number of connections to only the number of email accounts that you actually create or the number of computers in your organization. There is also an option to deliver all incoming email to the /var/mail folder in the event that POP and IMAP are both disabled.

Figure 1

Figure 1 Mail service general settings

The next option is to enable and configure SMTP. You have the option of enabling SMTP as a whole and the option of allowing or disallowing incoming mail. The capability to disallow incoming mail can be useful if you find your server is the target of a large amount of spam or a mail-based network attack. By disallowing incoming mail, your users will still be able to exchange internal email and send email outside of your organization while you work to deal with the problem.

Next are the fields in which you can enter both the Internet domain name and the host name of the mail server. These should match the domain and mail exchanger configured for your DNS records. If you are using an internal DNS configuration that is strictly internal to your network as well as external DNS managed by your ISP, use the domain name and hostname registered with your ISP because this is how other mail servers will communicate with your mail server.

The next option, Hold Outgoing Mail, enables the server to accept messages from email clients but not attempt to send them. This can be a useful feature if your Internet connection goes down because it enables your users to write and send email without error messages during the outage. After the problem is resolved, you can unselect this checkbox, and the server will attempt to deliver and hold mail.

Relay Outgoing Mail Through Host is the next option. This option enables you to route outgoing emails through another mail server instead of attempting to send email directly. In larger organizations with multiple email servers, this option can be used to have a single server that connects to the Internet, which is often placed on a demilitarized zone (DMZ) port on a firewall to provide increased security. It is also used in small organizations to allow your ISP to manage the actual transfer of email beyond your network. If selected, the appropriate server address in the associated field.

The last two options enable you to designate that copies of emails be sent to a separate email address from the recipient of the message. The first checkbox specifies this for mail that is undeliverable. This is good if someone leaves your organization but outside contacts (vendors, customers, and so on) still send email to that address because it provides an option for responding to them with a correct email address or forwarding the message to the appropriate person. It can also act as a catchall for emails incorrectly addressed to your organization.

The final option copies all emails to a specified address. This option can be controversial because it means that any email your users send is recorded without their knowledge. Although there are any number of reasons why a business or school might choose to use this option (to monitor the use of the organization’s email server or as a result of suspicion of confidential information being released for two examples), there is a privacy issue. If you opt to use this option (or are asked to use it), it is best to include a computer use policy that says all emails may be monitored. Also, consider that this could potentially affect the storage of your mail server as large numbers of emails are copied to the specified address. In fact, the sheer number of messages could make it difficult to sort through for signs of inappropriate activity.

The next tab on the Settings pane is Relay (shown in Figure 2). It contains three listboxes, each of which has a checkbox to enable or disable its contents. The first and most important is Accept SMTP Relays Only From These Hosts And Networks. SMTP relay (sometimes referred to as outgoing SMTP) is the method by which SMTP clients transfer emails to a server, which then connects to other SMTP servers to deliver those messages. Relaying is therefore important, but if you simply allow relaying from any computer (known as open relay), any email client on the Internet could send mail through your server. Most spam operators work by finding open relays on the Internet and send spam by using them. This can lead to overloading and blacklisting of your server.

Figure 2

Figure 2 Mail service relay settings

This option enables you to specify that only relays from computers with certain IP addresses will be accepted by your server. You can either enter individual IP addresses or use cider notation to specify networks or subnets. Users from other network locations will either not be able to send email through your server or will need to authenticate in order to send email. (We’ll cover how to configure such authentication in part 3 of this series.) By default, this option is selected and includes the loopback address for the server (which should always be included) and any IP address within the same network as the server’s IP address. You should specify subnets more granularly than this. To add, remove, or edit the entries in the listbox, use the plus, minus, and pen icon buttons next to it.

The second listbox, Refuse All Messages From These Hosts And Networks, is used to specify the IP addresses of individual mail servers or whole networks known to perpetrate mail-based network attacks or spam. Again, you should specify networks using cider notation. Because you might not know in advance the addresses of server generating spam or network attacks, you will typically have to wait until such events present themselves to input the appropriate address into this listbox.

The third listbox, Use These Junk Mail Rejection Servers (Real-Time Blacklist), offers you the ability to subscribe to one or more blacklist servers. Blacklist servers contain records of networks that are either known to be used for sending spam, are open relays, or are identified as being at risk of use for spam or network attacks by some set of criteria (which can vary depending on the servers being used). Blacklists can be helpful for providing a preemptive approach to avoiding spam or attacks. However, there are times when servers will be inadvertently added to a blacklist when they are not being used maliciously or are not open relays. In these cases, using a blacklist can prevent legitimate emails from not being delivered to your network. Also, it can be difficult to get a server removed from a blacklist after it has been added. This is a good reason to ensure that your server is not an open relay and that it is not used for malicious purposes by your users. To use a blacklist server, enter the appropriate address of the server in this box.

The Filters tab enables you to configure automatic scan options for junk mail and viruses. There are also additional tools that can be added to your server from the command line. (Filters will be discussed in the third article of this series.)

The Quotas tab (shown in Figure 3) enables you to configure the way the server responds to mailbox quotas for your users (quotas themselves are configured for users when creating their accounts in Workgroup Manager). It also enables you to designate a maximum size for incoming messages. This can be very helpful because extremely large messages can reduce overall performance of your Internet connection as well as affect the transfer of other email. To set a maximum message size, check the Refuse Incoming Messages Larger Than X Megabytes and enter a size in the appropriate field.

Figure 3

Figure 3 Mail service quota settings

The other two options deal with what happens when users reach quotas and when warning messages should be sent. The first option is a checkbox to disable incoming mail for use when they reach their quota (along with an associated message that will be delivered to their mailbox). The second option is to enable warnings before the quota is reached. With this option selected, you can enter the text of the warning message as well as at what percentage of the quota the warning should be received (the default is 90%). You can also designate how often (in days) a warning message should be delivered (the default is one per day).

How you use quota is up to you. Needless to say, for the sake of storage space and other resources, you should encourage users not to let their mailboxes get out of hand. However, many people today rely on saved email; if you are using IMAP, those saved emails need to reside on the server. If you opt to turn off email access after a quota is reached, you should most definitely use warnings. I would set them to be sent at around 75% of the quota so that users have some time to either clean out their mailboxes or request an increase in their quota some time before email access is disabled.

The Mailing Lists tab (shown in Figure 4) enables you to create mailing lists. Like the other mail services in Mac OS X Server, mailing lists are handled by a Unix tool called Mailman. However, the mailing list functions are significantly less integrated with Open Directory compared with the other mail components. Although the Mailing List tab includes a button to display the users and groups available to the server through Open Directory, it is merely a reference for easily including mail-enabled user accounts. As a result, when you create mailing lists you must specify mailing list permissions explicitly for the Mailman when adding users to the list. You must also specify an administration password for all mailing list management. Also, unlike mail services in Mac OS X 10.2 and earlier, AppleShare IP, or Microsoft Exchange, you cannot directly specify groups as being used for email distribution.

Figure 4

Figure 4 Mailing Lists Settings Tab

The first step in working with mailing lists is to enable Mailman. The simplest way to do this is by checking the Enable Mailing Lists checkbox on the Mailing Lists tab. The first time you enable mailing lists, you will be asked to specify a mailing list master password and one or more email addresses for users who will act as mailing list administrators. These users will be made members of a Mailman mailing list and will receive an email containing the administration password.

You can create additional mailing lists by clicking the plus sign below the Lists listbox (you can also use the minus sign button and the pencil button to delete or modify a selected list). When you create a new list or edit an existing list, you see a dialog sheet that includes fields for the listname and admin user. The name of the list will be used as the first half of the list’s email address (the second half after the @ symbol will be whatever domain name is assigned to the server). The dialog sheet also includes an option to allow users to self-subscribe to the list (if you don’t select this option, you will need to manage the list membership manually); a pop-up menu to select the default language for the list, and a series of checkboxes to identify which languages or character sets will be supported for emails sent to the list; and you can also choose to enter a maximum size for messages in kilobytes.

You can subscribe users to a list in two methods of user Server Admin. The first is to press the Users & Groups button to display a drawer containing the available user accounts from Open Directory. You can then drag one or more users into the Members listbox while the appropriate mailing list is selected in the Lists listbox. The downside to this approach is that each user will automatically receive the same mailing list permissions (subscribe and post). If you want to alter them, you will need to deselect the appropriate checkboxes next to each address. Remember that when you do this, all that is really happening is the email address specified in the user’s account is being copied to Mailman.

The second method is to click the add (plus sign) button underneath the Members listbox while the appropriate list is selected. This brings up a dialog sheet in which you can enter a complete email address or user account identifiers (which basically means user shortname from Open Directory), or you can drag users from the Users and Groups drawer if it is displayed. You can also select which mailing list permissions to apply to all the users you specify.

The Logging tab enables you to configure which mail-related events are recorded into the various mail server logs and to set archiving options for the logs—pretty much as you would do with any other services using Server Admin. You can set the logging details independently for SMTP, IMAP/POP, and Junk Mail/Virus scanning. The available options for each include Critical, Error, Warning, Notice, Information, and Debug (Critical is the least informative—only logs serious—whereas Debug includes information about any server event). The exact events logged at each level vary slightly for each of the three options, and selecting each level will show the details of what is logged.

The Advanced tab, which will be discussed in greater detail in part 3 of this series, contains three tabs: Security, Hosting, and Database. The Security tab enables you to define which encryption techniques are allowed to be used by email clients when transmitting usernames and passwords when sending or receiving email. This is also where you can determine whether or not the server will use SSL to ensure that emails are securely transmitted between the server and email clients and the security certificates used for SSL. The Hosting tab enables you to configure virtual hosting and local host aliases for the server. The Database tab enables you to change the location(s) where mail is stored as well as the location of the mail server database.

Peachpit Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Peachpit and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Peachpit products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email ask@peachpit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.peachpit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020