You are on page 1of 17

Mac OS X Server as an Advanced Mail Server

insecure Internet SSL/VPN VPN Mail application SSL WebMail

secure local area network

André Aulich Freelance Apple Consultant aaulich@mac.com www.andre-aulich.de

andre-aulich.uk • server shouldn’t need much support after first setup • redundancy .co.Market needs user experience • secure mail transfer • virus and spam filter • auto-replies (vacation notices) • group mail accounts • shared IMAP folders • internal and external access using mail application or Webmail • ease of use © 2004 www.lastname@domain.de additional administrative demands • stable overall service • backup and disaster recovery strategy • support for email addresses like firstname.

andre-aulich.de .using internal tools - DEMO © 2004 www.Standard Mac OS X Mail Server Setup .

andre-aulich.de .Standard mail setup SMTP IN local Mac OS X Server Postfix recipient local user recipient external user Cyrus external SMTP server © 2004 www.

andre-aulich.Standard mail setup incoming SMTP mail recipient is local user sender IP address accepted message size accepted Postfix recipient is external user sender IP address not accepted sender has no local user account not SSL encrypted sender IP address not accepted message size not accepted sender IP address accepted sender has local user account SSL encrypted Cyrus stores mails for local users in users' inboxes SMTP server of external user Mail delivery using POP or IMAP SSL.de . and/or VPN tunnel any kind of delivery Mail client using mail application or Webmail interface external mail recipient © 2004 www.

de .andre-aulich.Advanced Mac OS X Mail Server Setup .using internal and external tools - DEMO © 2004 www.

de .andre-aulich.Advanced mail setup SMTP IN local Mac OS X Server Postfix recipient external user recipient local user Sanitizer Virex or Sophos Procmail Spam Assassin Razor Cyrus external SMTP server © 2004 www.

Advanced mail setup .uk powerful backup and disaster recovery strategies vacation notices controlled by users powerful mailing list management group mail accounts and shared IMAP folders © 2004 www.andre-aulich.lastname@domain.co.de .feature list • • • • • • • • secure mail transfer using SSL and/or VPN state-of-the-art virus and mail filters easy-to-use webmail interface flexible mail addresses like firstname.

Advanced mail setup .de .Alternative SMTP IN local Mac OS X Server external SMTP server recipient local user Postfix amavisd-new ClamAV Spam Assassin Razor Cyrus © 2004 www.andre-aulich.

Finetuning • • • • • add log rolling SpamAssassin can be trained add support for multiple domains server-based rules (using CLI) encrypt mails to external recipients using sender certificates © 2004 www.de .andre-aulich.

com/uk/server/macosx/tiger/ SpamAssassin will be included with Mac OS X Server Support for mail server clustering added support for virtual hosts © 2004 www.de .Tiger announcements • • • • see http://www.apple.andre-aulich.

kerio. www.4D. www.tenon.stalker. www.andre-aulich. www.com 4D Mail.de .Commercial alternatives • • • • Kerio MailServer.com CommuniGate Pro.com © 2004 www.com PostOffice.

General security advisory • • • • security on mobile client computers security on other people’s computers Limiting server access to VPN and SSL ports Secure other services using SSL © 2004 www.andre-aulich.de .

Summary • • • • • Mac OS X Server is a powerful. enterprise-level mail server many functions are available via the GUI more functions can be added using industry-standard. free-of-charge Open Source tools The complete system is easy to use for the clients Mac OS X Server offers secure and flexible mail solutions © 2004 www.andre-aulich.de .

org/ Razor: http://razor.Tools you need • • • • • • Mac OS X Server (optional) Anomy Sanitizer: http:// mailtools. etc. ClamAV.de .anomy.com).net/ Virus scanner • Virex (http://www.si/ software/amavisd/ © 2004 www.mac.apache. Sophos-Antivirus. SpamAssassin: http:// spamassassin.sourceforge.net/ (optional) amavisd-new: http://ijs.andre-aulich.

php?story=20040824063737872 'The great big Panther SSL article': http://www.com/pub/a/mac/2004/01/27/ sanitize_mail.html test of commercial mail servers: http://www.php?story=20040814204411280 'OS X Server 10.com/article.php?story=20040916181619888 'Sieve Installer': http://www.afp548.com/article.apple.squirrelmail.afp548.afp548.com/article.Resources • • • • • • • • • • • • • • Copy of this presentation and basic configuration guide for the described setup: http://www.afp548.php?story=20041104095414942 'Use Cyradm to Manage your Cyrus Mailboxes': http://www.apple.macworld.macdevcenter.html © 2004 www.afp548.de .com/2004/03/reviews/emailservers 'Spam/Virus controls with OS X Server': http://www.html 'Using Open Source Tools to Filter Email on Mac OS X Server': http://developer.php?story=2004092303182960 'Log Rolling made easy': http://www.andre-aulich.com/pub/a/mac/2003/01/20/mail.com/server/fighting_spam.php?story=20040722080720854 Squirrelmail-Plugins: http://www. ‘ How to Set Up Encrypted Mail on Mac OS X’: http://www.html 'Fighting Spam on Mac OS X Server': http://developer.com/server/virusfiltering.html 'Sanitizing Mail on Panther Server' by Jason Deraleau: http://www.3 Mail Backup': http://www.com/article.afp548.com/article.de/ mailserveren1.afp548.macdevcenter.php?story=20040721014726822 'Cyrus IMAP Mailbox Recovery': http://www.andre-aulich.com/article.com/article.

Q&A .