16.4. The Mac OS X Firewall

16.3. Email

Apple has given up on the aging and clunky sendmail , and is instead using Postfix , which is easy to configure. (However, Postfix includes a sendmail-compatibility wrapper in /usr/sbin/sendmail.) The following sections describe how to configure Postfix.

16.3.1. Configuring Postfix to Send Email

By default, Mac OS X runs a program called master, which monitors the outgoing mail queue, and runs Postfix on the queue as needed. This daemon is controlled by the launchd script /System/Library/LaunchDaemons/orgpostfix.master.plist.

If you want to use Postfix on a standalone server, you must configure two settings in /etc/postfix/main.cf. The first is the hostname (myhostname). This should be a real hostname, something that can be found in a reverse DNS lookup against your IP address . The second is your origin (myorigin), which is the domain name from which email appears to originate. This can be the same as your hostname (this is probably the case for small sites). However, if it is not, be sure to specify the correct hostname. For example, here are the settings for a computer named ip192-168-0-1.ri.ri.cox.net with all email originating from that machine appearing to come from username@cox.net:

     myhostname = ip192-168-0-1.ri.ri.cox.net     myorigin = cox.net 

If your ISP's network is configured to block outgoing SMTP to all but their SMTP server, using your ISP's SMTP server as a relay host may be the only way you can configure postfix to deliver mail.

If you don't have a permanent domain name for your Mac OS X server, we suggest configuring Postfix to use a relay host (most likely your ISP's SMTP server). To configure Postfix to use a relay, add an entry for relayhost in /etc/postfix/main.cf. For example, we use the following setting:

     relayhost = smtp-server.oreilly.com 

Along the same lines, you should configure Postfix to masquerade as the appropriate host using the myorigin setting in /etc/postfix/main.cf. In the case of the previous example, the origin is oreilly.com (as in bjepson@oreilly.com):

     myorigin = oreilly.com 

16.3.2. Configuring Postfix to Receive Email

To enable Postfix to act as a legitimate email destination (that is, mail for username@yourhost will go directly to your Macintosh), you must create a startup script that runs the command postfix start upon startup, and postfix stop upon shutdown. For more details, see "Startup Items" in Chapter 4.

To receive email at your host, you need a Mail Exchange (MX) record pointing to your machine. The MX record is an entry in DNS that identifies the mail server for a particular domain. If your ISP provides you with a static IP address and supports the use of hostnames (this is a given if your Mac is co-located), contact them about setting up the appropriate MX record. If you have residential (or low-end business) broadband, it's very likely that your ISP does not support this, and what's more, they probably block access to port 25 within their network as a security precaution.

If your system can support the use of port 25, you must change the setting for inet_interfaces in /etc/postfix/main.cf. By default, it listens only on 127.0.0.1 (localhost), so you must add the IP address you want it to listen on. For example, we've set up a server behind a firewall , but configured the firewall to forward port 25 to the server (see the "Serving from Behind a Firewall" section earlier in this chapter). The private network address of the server is 192.168.254.104, and because traffic on port 25 is going from the outside world to the private network, we must configure inet_interfaces to listen on the 192.168.254.104 interface as well as localhost:

     inet_interfaces = localhost 192.168.254.104 

After you make this change, stop and restart Postfix with postfix stop and postfix start (it may not be enough to use the command postfix reload).