Mac OS X Server
Mail Service
Administration
For Version 10.3 or Later
KApple Computer, Inc.
© 2003 Apple Computer, Inc. All rights reserved.
The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such
software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid for support services.
The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws.
Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of Apple Computer, Inc.
Adobe and PostScript are trademarks of Adobe Systems Incorporated.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
Netscape Navigator is a trademark of Netscape Communications Corporation.
RealAudio is a trademark of Progressive Networks, Inc.
1995–2001 The Apache Group. All rights reserved.
UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
034-2349/8/22/03
Preface |
7 |
How to Use This Guide |
|
7 |
What’s Included in This Guide |
|
7 |
Using This Guide |
|
7 |
Setting Up Mac OS X Server for the First Time |
|
8 |
Getting Help for Everyday Management Tasks |
|
8 |
Getting Additional Information |
Chapter 1 |
9 |
Mail Service Setup |
|
10 |
Mail Service Protocols |
|
10 |
Outgoing Mail |
|
10 |
Incoming Mail |
|
11 |
User Interaction With Mail Service |
|
12 |
Where Mail Is Stored |
|
12 |
Outgoing Mail Location |
|
12 |
Incoming Mail Location |
|
12 |
Maximum Number of Mail Messages per Volume |
|
13 |
What Mail Service Doesn’t Do |
|
13 |
Using Network Services With Mail Service |
|
14 |
Configuring DNS for Mail Service |
|
14 |
How Mail Service Uses SSL |
|
15 |
Enabling Secure Mail Transport With SSL |
|
15 |
Before You Begin |
|
15 |
How User Account Settings Affect Mail Service |
|
16 |
Moving Mail Messages From Apple Mail Server to Mac OS X Server Version 10.3 |
|
16 |
Overview of Mail Service Tools |
|
16 |
Setup Overview |
|
19 |
Configuring Incoming Mail Service |
|
19 |
Enabling Secure POP Authentication |
|
19 |
Enabling Less Secure Authentication for POP |
|
20 |
Configuring SSL Transport for POP Connections |
|
20 |
Enabling Secure IMAP Authentication |
|
21 |
Enabling Less Secure IMAP Authentication |
|
21 |
Controlling the Number of IMAP Connections |
3
21Configuring SSL Transport for IMAP Connections
22Configuring Outgoing Mail Service
22Enabling Secure SMTP Authentication
23Enabling Less Secure SMTP Authentication
23Configuring SSL Transport for SMTP Connections
24Relaying SMTP Mail Through Another Server
24 Supporting Mail Users
24Configuring Mail Settings for User Accounts
25Configuring Email Client Software
26Creating an Administration Account
26Creating Additional Email Addresses for a User
27Setting Up Forwarding Email Addresses for a User
28Adding or Removing Virtual Domains
29Limiting Junk Mail
29Requiring SMTP Authentication
30Restricting SMTP Relay
31Rejecting SMTP Connections From Specific Servers
31Rejecting Mail From Blacklisted Senders
32Filtering SMTP Connections
Chapter 2 |
33 |
Mail Service Maintenance |
|
33 |
Starting and Stopping Mail Service |
|
34 |
Reloading Mail Service |
|
34 |
Changing Protocol Settings for Incoming Mail Service |
|
34 |
Improving Performance |
|
35 |
Working With the Mail Store and Database |
|
35 |
Repairing the Mail Store Database |
|
36 |
Converting the Mail Store and Database From an Earlier Version |
|
36 |
Using Amsmailtool |
|
37 |
Specifying the Location for the Mail Database and Mail Store |
|
37 |
Backing Up and Restoring Mail Messages |
|
38 |
Monitoring Mail Messages and Folders |
|
38 |
Allowing Administrator Access to the Mail Folders |
|
39 |
Saving Mail Messages for Monitoring and Archival Purposes |
|
39 |
Monitoring Mail Service |
|
40 |
Viewing Overall Mail Service Activity |
|
40 |
Viewing the Mail Connections List |
|
40 |
Viewing Mail Accounts |
|
40 |
Viewing Mail Service Logs |
|
41 |
Setting Mail Service Log Detail Level |
|
41 |
Archiving Mail Service Logs by Schedule |
|
41 |
Reclaiming Disk Space Used by Mail Service Log archives |
|
42 |
Dealing With a Full Disk |
4 |
Contents |
|
|
|
42 |
Working With Undeliverable Mail |
|
42 |
Forwarding Undeliverable Incoming Mail |
|
43 |
Where to Find More Information |
|
43 |
Books |
|
43 |
Internet |
Chapter 3 |
45 |
Mailing Lists |
|
45 |
Setting Up a List |
|
45 |
Enabling Mailing Lists |
|
46 |
Defining a List Name |
|
46 |
Adding a Subscriber |
|
47 |
Changing a List |
|
47 |
Adding a Subscriber to an Existing List |
|
47 |
Removing a List Subscriber |
|
48 |
Changing Subscriber Posting Privileges |
|
48 |
Suspending a Subscriber |
|
49 |
Administering Lists |
|
49 |
Designating a List Administrator |
|
49 |
Where to Find More Information |
Glossary |
51 |
|
Index |
55 |
|
Contents |
5 |
|
|
Preface
This guide explains how to administer Mac OS X Server mail services.
The first chapter provides an overview of how the mail service works, what it can do for you, strategies for using it, how to set it up for the first time, and how to administer it over time.
Also take a look at any chapter that describes a service with which you’re unfamiliar. You may find that some of the services you haven’t used before can help you run your network more efficiently and improve performance for your users.
Most chapters end with a section called “Where to Find More Information.”This section points you to web sites and other reference material containing more information about the service.
Setting Up Mac OS X Server for the First Time
If you haven’t installed and set up Mac OS X Server, do so now.
•Refer to Mac OS X Server Getting Started For Version 10.3 or Later, the document that came with your software, for instructions on server installation and setup. For many environments, this document provides all the information you need to get your server up, running, and available for initial use.
•Read specific sections to learn how to continue setting up individual features of mail service. Pay particular attention to the information in these sections: “Setup Overview,”“Before You Begin,” and “Setting Up for the First Time.”
7
If you want to change settings, monitor services, view service logs, or do any other day- to-day administration task, you can find step-by-step procedures by using the onscreen help available with server administration programs. While all the administration tasks are also documented in the second chapter of this guide, sometimes it’s more convenient to retrieve information in on-screen help form while using your server.
In addition to this document, you’ll find information about Mac OS X Server in:
•Mac OS X Server Getting Started For Version 10.3 or Later, which tells you how to install and set up your server initially
•Mac OS X Server Migration to Version 10.3 or Later, which provides instructions for migrating data to Mac OS X Server from existing Macintosh computers
•on-screen help on your server
•Read Me files on your server CD
•and at www.apple.com/server
8 |
Preface How to Use This Guide |
|
|
Mail Service Setup |
1 |
|
|
|
|
Mail service in Mac OS X Server allows network users to send and receive email over your network or across the Internet. Mail service sends and receives email using the standard Internet mail protocols: Internet Message Access Protocol (IMAP), Post Office Protocol (POP), and Simple Mail Transfer Protocol (SMTP). Mail service also uses a Domain Name System (DNS) service to determine the destination IP address of outgoing mail.
This chapter begins with a look at the standard protocols used for sending and receiving email. Then it explains how mail service works, summarizes the aspects of mail service setup, and tells you how to:
•Set up mail service for incoming and outgoing mail
•Support mail users
•Limit junk mail
kate@school.edu |
The Internet |
ron@example.com |
|
|
Out |
Out |
|
In |
In |
|
Mail server for school.edu Mail server for example.com
9
A standard mail client setup uses SMTP to send outgoing email and POP and IMAP to receive incoming email. Mac OS X Server includes an SMTP service and a combined POP and IMAP service. You may find it helpful to take a closer look at the three email protocols.
Outgoing mail service is the means by which your users can send mail out to the Internet. Subject to restrictions that you control, the SMTP service also transfers mail to and from mail service on other servers. If your mail users send messages to another Internet domain, your SMTP service delivers the outgoing messages to the other domain’s mail service.
Simple Mail Transfer Protocol (SMTP)
SMTP is a protocol used to send and transfer mail. SMTP queues outgoing mail messages from the user These messages are transferred along the Internet to their destinations, to be picked up by the incoming mail protocols.
Mac OS X Server uses Postfix (www.postfix.org) as its mail transfer agent (MTA). Postfix fully supports the Internet standard SMTP protocol. Your email users will set their email applications’s outgoing mail server to your Mac OS X Server running Postfix, and access their own incoming mail from a Mac OS X Server running incoming mail service.
If you choose to use another MTA (such as Sendmail), you won’t be able to configure your mail service with Mac OS X Server administration tools.
If you want to use the Sendmail program instead of Postfix, you must disable current SMTP service through Postfix, and then install and configure Sendmail. For more information about Sendmail, see the web site www.sendmail.org.
Mail is transferred from incoming mail storage to the email recipient’s inbox by a local delivery agent (LDA). The LDA is responsible for handling local delivery, making mail accessible by the user’s email application. There are two different protocols available from Mac OS X Server’s mail access agent: POP and IMAP.
Mac OS X Server uses Cyrus (asg.web.cmu.edu/cyrus) to provide POP and IMAP service.
Post Office Protocol (POP)
POP is used only for receiving mail, not for sending mail. The mail service of Mac OS X Server stores incoming POP mail until users have their computers connect to the mail service and download their waiting mail. After a user’s computer downloads POP mail, the mail is stored only on the user’s computer. The user’s computer disconnects from the mail service, and the user can read, organize, and reply to the received POP mail. The POP service is like a post office, storing mail and delivering it to a specific address.
10 |
Chapter 1 Mail Service Setup |
|
|
An advantage of using POP is that your server doesn’t need to store mail that users have downloaded. Therefore, your server doesn’t need as much storage space as it would using the IMAP protocol. However, because the mail is removed from the server, if any client computers sustain hard disk damage and lose their mail files, there is no way to recover these files without using data backups.
Another advantage of POP is that POP connections are transitory. Once the mail is transferred, the connection is dropped and the load on both the network and the mail server is removed.
POP is not the best choice for users who access mail from more than one computer, such as a home computer, an office computer, and a laptop while on the road. When a user fetches mail via POP, the mail is downloaded to the user’s computer and is usually completely removed from the server. If the user logs in later from a different computer, he or she won’t be able to see previously downloaded mail.
Internet Message Access Protocol (IMAP)
IMAP is the solution for people who need to use more than one computer to receive mail. IMAP is a client-server mail protocol that allows users to access their mail from anywhere on the Internet. Users can send and read mail with a number of IMAPcompliant email clients.
With IMAP, a user’s mail is delivered to the server and stored in a remote mailbox on the server; to users, mail appears as if it were on the local computer. A key difference between IMAP and POP is that with IMAP the mail is not removed from the server until the user deletes it.
The IMAP user’s computer can ask the server for message headers, ask for the bodies of specified messages, or search for messages that meet certain criteria. These messages are downloaded as the user opens them. IMAP connections are persistent and remain open, maintaining load on the server and possibly the network as well.
Mail is delivered to its final recipient using a mail user agent (MUA). MUAs are usually referred to as “email clients” or “email applications.”These email clients often run on each user’s local computer. Each user’s email application must be configured to send messages to the correct outgoing server and receive messages from the incoming server. These configurations can affect your server’s processing load and available storage space.
Chapter 1 Mail Service Setup |
11 |
|
|
Mail is stored in either an outgoing queue awaiting transfer to a remote server or in a local mail store accessible by local mail users.
Outgoing mail messages are stored, by default, in the following spool directory on the startup disk:
/var/spool/postfix
This location is temporary, and the mail is stored until it’s successfully transferred out to the Internet. These locations can be moved to any accessible volume (either local or NFS mounted) and symlinked to by the mail administrator.
The mail service keeps track of incoming email messages with a small database (BerekeleyDB.4.1), but the database doesn’t contain the messages themselves. The mail service stores each message as a separate file in a mail folder for each user. Incoming mail is stored on the startup disk in the following directory:
/var/spool/imap/[user name]
Cyrus puts a database index file in the folder of user messages. You can change the location of any or all of the mail folders and database indexes to another folder, disk, or disk partition. You can even specify a shared volume on another server as the location of the mail folder and database, although using a shared volume incurs performance penalties. The incoming mail remains on the server until deleted by an MUA.
Because the mail service stores each email message in a separate file, the number of messages that can be stored on a volume is determined by the total number of files that can be stored on the volume.
The total number of files that can be stored on a volume that uses Mac OS Extended format (sometimes referred to as HFS Plus format) depends on the following factors:
•The size of the volume
•The sizes of the files
•The minimum size of a file, which by default is one 4K block
For example, a 4 GB HFS Plus volume with the default block size of 4KB has one million available blocks. This volume could hold up to a million 4KB files, which means a million email messages that were 4KB or less apiece. If some email messages were larger than 4KB, this volume could hold fewer of them. A larger volume with the same default block size could hold proportionately more files.
12 |
Chapter 1 Mail Service Setup |
|
|
Mac OS X Server’s mail service does not provide the following mail add-ons:
•Virus filtering
•Unsolicited commercial email (spam) identification
•Email content filtering
Each one of these add-on services can be configured to work with Mac OS X Server’s mail service and can be obtained from various developers.
Mail service makes use of network services to ensure delivery of email. Before sending an email, your mail service will probably have a Domain Name System (DNS) service determine the Internet Protocol (IP) address of the destination. The DNS service is necessary because people typically address their outgoing mail by using a domain name, such as example.com, rather than an IP address, such as 198.162.12.12. To send an outgoing message, your mail service must know the IP address of the destination. The mail service relies on a DNS service to look up domain names and determine the corresponding IP addresses. The DNS service may be provided by your Internet Service Provider (ISP) or by Mac OS X Server, as explained in the network services administration guide.
Additionally, an mail exchanger (MX) record can provide redundancy by listing an alternate mail host for a domain. If the primary mail host is not available, the mail can be sent to the alternate mail host. In fact, an MX record can list several mail hosts, each with a priority number. If the lowest priority host is busy, mail can be sent to the host with the next lowest priority, and so on.
Mail services use DNS like this:
1The sending server looks at the email recipient’s domain name (it’s what comes after after the @ in the To address).
2The sending server looks up the MX record for that domain name to find the receiving server.
3 If found, the message is sent to the receiving server.
4If the lookup fails to find an MX record for the domain name, the sending server often assumes that the receiving server has the exact same name as the domain name. In this case, the sending server does an Address (A) lookup on that domain name, and attempts to send the file there.
Without a properly configured MX record in the DNS, mail may not reach your intended server.
Chapter 1 Mail Service Setup |
13 |
|
|
Configuring DNS for mail service is enabling MX records with your own DNS server. If you have an ISP that provides you with DNS service, you will need to contact the ISP so that they can enable your MX records. Only follow these steps if you provide your own DNS Service using Mac OS X Server.
To enable MX records:
1 In Server Admin, select DNS in the Computers & Services pane.
2 Click Settings.
3 Select the Zones tab.
4 Select the Zone you want to use.
5 Click the Add button under the Records pane.
6 Choose MX from the Type pop-up menu.
7 Enter the domain name (like ‘example.com’) in the From field.
8 Enter the name of the mail server (like ‘mail.example.com’) in the To field.
9If you will have more than one mail server, enter a precedence number for that server.
A lower number indicates that mil server will be chosen first, if available, to receive mail.
10Click OK.
If you need to set up multiple servers for redundancy, you will need to add additional MX records. See the network services administration guide for more information.
Secure Sockets Layer (SSL) connections ensure that the data sent between your mail server and your users’ mail clients is encrypted. This allows secure and confidential transport of mail messages across a local network. SSL transport does not provide secure authentication, just secure transfer from your mail server to your clients. See the Open Directory administration guide for secure authentication information.
For incoming mail, the mail service supports secure mail connections with mail client software that requests them. If a mail client requests an SSL connection, the mail service can automatically comply, if that option has been enabled. The mail service still provides non-SSL (unencrypted) connections to clients that don’t request SSL. The configuration of each mail client determines whether it connects with SSL or not.
For outgoing mail, the mail service supports secure mail connections between SMTP servers. If an SMTP server requests an SSL connection, the mail service can automatically comply, if that option has been enabled. The mail service still can allow non-SSL (unencrypted) connections to mail servers that don’t request SSL.
14 |
Chapter 1 Mail Service Setup |
|
|
The mail service requires some configuration to provide SSL connections automatically. The basic steps are as follows:
•Generate a Certificate Signing Request (CSR) and create a keychain.
•Use the CSR to obtain an SSL certificate from an issuing authority.
For more information on enabling SSL from the web technologies administration guide and the Open Directory administration guide.
If you already have generated a certificate in a previous version of Mac OS X Server, it won’t be compatible with the current mail service.
For detailed instructions for allowing or requiring SSL transport, see the following sections:
•“Configuring SSL Transport for POP Connections” on page 20
•“Configuring SSL Transport for IMAP Connections” on page 21
•“Configuring SSL Transport for SMTP Connections” on page 23
Before setting up mail service for the first time:
•Decide whether to use POP, IMAP, or both for incoming mail.
•If your server will provide mail service over the Internet, you need a registered domain name. You also need to determine whether your ISP will create your MX records or you will create them in your own DNS service.
•Identify the people who will use your mail service but don’t already have user accounts in a directory domain accessible to your mail service. You must create user accounts for these mail users.
•Determine mail storage requirements, and ensure you have enough disk space for your anticipated mail volume.
•Determine your authentication and transport security needs.
In addition to setting up mail service as described in this chapter, you can also configure some mail settings individually for everyone who has a user account on your server. Each user account has settings that do the following:
•Enable or disable mail service for the user account, or forward incoming mail for the account to another email address.
•Specify the server that provides mail service for the user account.
•Set a quota on the amount of disk space for storing the user account’s mail on the server.
•Specify the protocol for the user account’s incoming mail: POP, IMAP, or both.
Chapter 1 Mail Service Setup |
15 |
|
|
Moving Mail Messages From Apple Mail Server to Mac OS X Server Version 10.3
If you have upgraded your server from a version previous to Mac OS X Server v.10.3, and you have an existing Apple Mail Server database, you must migrate your mail database to Mac OS X Server v.10.3 mail service.
For more detailed instructions and tool descriptions, see “Converting the Mail Store and Database From an Earlier Version” on page 36, and “Using Amsmailtool” on page 36
The following applications help you set up and manage mail service:
•Server Admin: Use to start, stop, configure, and monitor mail service when you install Mac OS X Server.
•Workgroup Manager: Use to create user accounts for email users and configure each user’s mail options.
•Terminal: Use for tasks that involve UNIX command-line tools, such as migrating and restoring the mail database.
You can have mail service set up and started automatically as part of the Mac OS X Server installation process. An option for setting up mail service appears in the Setup Assistant application, which runs automatically at the conclusion of the installation process. If you select this option, mail service is set up as follows:
•SMTP, POP, and IMAP are all active and using standard ports.
•Standard authentication methods are used (not Kerberos), with POP and IMAP set for clear-text passwords (APOP and CRAM MD-5 turned off) and SMTP authentication turned off.
•Mail is only delivered locally (no mail sent to the Internet).
•Mail relay is restricted.
16 |
Chapter 1 Mail Service Setup |
|
|
If you want to change this basic configuration, or if you have not set up your mail service, these are the major tasks you perform to set up mail service:
Step 1: Before you begin, make a plan
See “Before You Begin” on page 15 for a list of items to think about before you start fullscale mail service.
Step 2: Set up MX records
If you want users to be able to send and receive mail over the Internet, you should make sure DNS service is set up with the appropriate MX records for your mail service.
•If you have an ISP that provides DNS service to your network, contact the ISP and have the ISP set up MX records for you. Your ISP will need to know your mail server’s DNS name (such as mail.example.com) and your server’s IP address.
•If you use Mac OS X Server to provide DNS service, create your own MX records as described in “Configuring DNS for Mail Service” on page 14.
•If you do not set up an MX record for your mail server, your server may still be able to exchange mail with some other mail servers. Some mail servers will find your mail server by looking in DNS for your server’s A record. (You probably have an A record if you have a web server set up.)
Note: Your mail users can send mail to each other even if you do not set up MX records. Local mail service doesn’t require MX records.
Step 3: Configure incoming mail service
Your mail service has many settings that determine how it handles incoming mail. for instructions, see “Configuring Incoming Mail Service” on page 19.
Step 4: Configure outgoing mail service
Your mail service also has many settings that determine how it handles outgoing mail. For instructions, see “Configuring Outgoing Mail Service” on page 22.
Step 5: Secure your server
If your server exchanges mail with the rest of the Internet, make sure you’re not operating an open relay. An open relay is a security risk and enables junk-mail senders (spammers) to use your computer resources for sending unsolicited commercial email. For instructions see “Limiting Junk Mail” on page 29, and “Restricting SMTP Relay” on page 30.
Step 6: Configure additional settings for mail service
Additional settings that you can change affect how mail service stores mail, interacts with DNS service, limits junk-mail (spam), and handles undeliverable mail. See the following sections for detailed instructions:
•“Working With the Mail Store and Database” on page 35
•“Limiting Junk Mail” on page 29
•“Working With Undeliverable Mail” on page 42
Chapter 1 Mail Service Setup |
17 |
|
|
Step 7: Set up accounts for mail users
Each person who wants mail service must have a user account in a directory domain accessible by your mail service. The short name of the user account is the mail account name and is used to form the user’s mail address. In addition, each user account has settings that determine how your mail service handles mail for the user account. You can configure a user’s mail settings when you create the user’s account, and you can change an existing user’s mail settings at any time. For instructions, see “Supporting Mail Users” on page 24, and “Configuring Email Client Software” on page 25
Step 8: Create a postmaster account (optional, but advised)
You need to create a user account named “postmaster.”The mail service may send reports to the postmaster account. When you create the postmaster account, make sure mail service is enabled for it. For convenience, you can set up forwarding of the postmaster’s mail to another mail account that you check regularly. Other common postmaster accounts are named “abuse” (used to report abuses of your mail service) and “spam” (used to report unsolicited commercial email abuses by your users). The user management guide tells you how to create user accounts.
Step 9: Start mail service
Before starting mail service, make sure the server computer shows the correct day, time, time zone, and daylight-saving settings in the Date & Time pane of System Preferences. Mail service uses this information to timestamp each message. An incorrect timestamp may cause other mail servers to handle a message incorrectly.
Also, make sure you’ve enabled one or more of the mail service protocols (SMTP, POP, or IMAP) in the Settings pane.
Once you’ve verified this information, you can start mail service. If you selected the Server Assistant option to have mail service started automatically, stop mail service now, and then start it again for your changes to take effect. For detailed instructions, see “Starting and Stopping Mail Service” on page 33.
Step 10: Set up each user’s mail client software
After you set up mail service on your server, mail users must configure their mail client software for your mail service. For details about the facts that users need when configuring their mail client software, see “Supporting Mail Users” on page 24.
18 |
Chapter 1 Mail Service Setup |
|
|