Receiving mail from the Internet has a few requirements. First, your server needs to be configured to accept mail by running the SMTP service and opening port 25 in your firewall. Next, everyone else on the Internet needs to know which server receives email for your domain through the DNS mail exchange (MX) record. Your domain can (and should) have more than one MX record, each pointing to a different server. Each MX record is assigned a priority. When mail is sent to your domain, the server with the lowest priority number is tried first. If the message can't be delivered to that server, each of the servers referenced in your other MX records will be tried, starting with the lowest priority number. Ideally, each of your MX servers will be located on different networks and in different locations so your organization continues to receive mail during any outage. Mail relies very heavily on DNS, since half of everyone's email address is the domain name of that user. Since email is such a critical service for most organizations, it's important that you have both a static IP address and redundancy in your DNS service. To verify your MX record 1. | Launch Network Utility.
See Chapter 2, "Server Tools," for instructions.
| 2. | Select the Lookup tab (Figure 8.1).
Figure 8.1. Network Utility contains a host of network test tools, including a DNS Lookup tool.
| 3. | Type your domain name in the Internet address box.
| 4. | From the "Select the information to lookup" pop-up menu, select Mailbox Exchange (Figure 8.2).
Figure 8.2. Network Utility's DNS Lookup tool can be set to only show Mailbox Exchange (MX) information.
| | | 5. | Click Lookup.
If you don't have an MX record configured for your domain yet, there will be no ANSWER SECTION in the output (Figure 8.3).
Figure 8.3. The results from an MX record query where no MX record is set. If your MX record is configured, you'll see an ANSWER SECTION that contains a line with an IN MX record (Figure 8.4).
Figure 8.4. The results from an MX record query where the MX record exists.
| Tip Setting MX records You may or may not have control over the DNS records for your organization. If you do not, generally you would send any DNS requests to hostmaster@yourdomain.xyz. If you are running Mac OS X Server, the following steps illustrate how to set up your MX record. 1. | Launch Server Admin and select DNS from the Computers & Services column (Figure 8.5).
Figure 8.5. Select the DNS service in Server Admin.
| 2. | Select the Settings tab at the bottom of the screen.
| 3. | Select the Zones tab at the top of the screen.
| 4. | Double-click your zone to edit it (Figure 8.6).
Figure 8.6. Select your DNS zone in Server Admin.
| 5. | Select the Machines tab at the top of the screen.
| 6. | If you already have a record present for the server that will act as your mail server, double-click that record.
Or
Click the plus sign button to add a record.
| | | 7. | Make sure that the IP address and name are correct and then create an alias named "mail" by selecting the "This machine is a mail server for the zone" option (Figure 8.7).
Figure 8.7. Add an alias for your mail server and indicate that this host is a mail server with a precedence of 10. This allows you to change your mail server without reconfiguring all of your mail clients.
| 8. | Enter a Mail Server Precedence setting.
A setting of 10 allows you to add other machines later with either a higher or lower priority if desired. You need not start at 0.
| 9. | Click OK and then click Save.
| 10. | Verify the MX record using the procedure described in the previous exercise.
You may have to wait for the time to live (TTL) to count down to zero on your zone before the changes you make become visible to your computer (Figure 8.8).
Figure 8.8. Use Network Utility to check the DNS results. No MX record is shown because the TTL has not expired yet.
| Setting up mail for user accounts Before your server can accept mail, you have to tell the system that your users are allowed to receive mail. To set up your account 1. | Launch Workgroup Manager, and in the lefthand column of the window that appears, select the user for whom you want to enable mail (Figure 8.9).
Figure 8.9. Select the user you wish to modify in Workgroup Manager.
| 2. | Select the Mail tab and click the Enabled radio button near the top of the frame (Figure 8.10).
Figure 8.10. In the Mail tab of Workgroup Manager, enable mail for this user. Your fully qualified domain name will likely show up instead of the mail exchange name. This is not an issue but can be changed to reflect the MX record name if you wish.
| 3. | Leave the rest of the options at their defaults for now and click Save.
| 4. | Repeat the previous steps for any other accounts on your system that should be allowed to receive mail.
| Tip To configure SMTP service 1. | Launch Server Admin.
You will use the Server Admin tool for the majority of the exercises in this chapter, so you may want to leave it open.
| 2. | From the Computers & Services column, select Mail (Figure 8.11).
Figure 8.11. Select the Mail service in the Server Admin Tool.
| 3. | Select the Settings tab and click the Enable SMTP check box (Figure 8.12).
Figure 8.12. Configure and enable incoming SMTP service using the Server Admin tool.
| 4. | Make sure the "Allow incoming mail" option is selected.
| 5. | Type your domain name in the Domain name field.
This is the portion of your hostname that follows the @ sign in an email address.
| 6. | Type the hostname of your mail server in the Host name field.
This should be the fully qualified version of your hostname, which also includes the domain name. Generally this is the same as the results of a hostname lookup on your IP address (also known as your reverse DNS), although for this exercise, you are seeing the MX record name, which is also acceptable.
| 7. | If your ISP requires you to use its mail relay server, rather than sending email from your server directly to the Internet, select the "Relay outgoing mail through host" check box, type the name of your ISP's SMTP server, and click Save.
| 8. | Select the Advanced tab and then select the Hosting tab.
| 9. | Click the plus sign button to add a local host alias.
| | | 10. | Add your domain name to the Local Host Aliases list.
Local Host Aliases are other names your server may accept mail for. For example, your mail server may accept mail addressed to someuser@osxit.com, someuser@mini.osxit.com, someuser@mail.osxit.com, or someuser@mailserver52.osxit.com. Each possible server alias (the portion after the @ sign) should be listed as a local host alias. Note that each one will usually require an entry in DNS as well.
| 11. | Repeat steps 9 and 10 to add the name of your server, along with any host aliases, to the list so that it contains every possible way mail might address your server (Figure 8.13).
Figure 8.13. In the Hosting tab of the Server Admin tool, list any name that this server might receive mail for.
| 12. | Click Save and then click the Start Service icon.
| Tip If you get your Internet service via DSL or cable modem, you may have a hostname that is not trusted by other mail servers on the Internet. In this case, you should always relay your mail through your ISP's SMTP server. Opening mail ports Now that you're running an SMTP service, you need to allow other servers to connect to your server. You should already be running a firewall on your server, so you just need to open the mail ports. To open the firewall for SMTP 1. | From the Computers & Services column, select Firewall (Figure 8.14).
Figure 8.14. Select the firewall service in the Server Admin tool.
| 2. | Select the Settings tab and then select the Services tab.
| 3. | From the Edit Services for pull-down menu, choose any (Figure 8.15).
Figure 8.15. Select the any network group in the firewall settings.
| 4. | Select the "Allow traffic for 'any' of these ports" check box and then select Mail: SMTP (port 25) in the list below (Figure 8.16).
Figure 8.16. Select the check boxes to allow network traffic on the SMTP port.
| 5. | Click Save.
At this point, you should be able to send email to your server. You can verify this by sending email to one of the users you enabled in Workgroup Manager. If, after a few minutes, you don't get an error message back, the mail was probably delivered without any problems.
| Configuring the receiving mail service Your server can now accept incoming mail, but as of yet, the server may not be configured for users to connect to their inboxes. To configure your IMAP/POP service 1. | From the Computers & Services column, select Mail.
| 2. | Select the Settings tab at the bottom of the screen.
| 3. | Select the Enable POP and Enable IMAP check boxes, if they aren't already selected (Figure 8.17).
Figure 8.17. Enable both IMAP and POP for your mail server.
| 4. | Click Save.
| Free Testing A number of companies, such as Yahoo and Google, offer free Web-based email. These services are great tools for testing your email system as they are independent email clients that are sending mail to your server from outside of your network. This checks your DNS, firewall, and mail server configurations all with one easy tool. It is also a good idea to visit a site that will verify your server is not configured as an open relay. There are a number of open relay testing sites on the Internet that will check your mail server for a secure configuration. A quick Internet search will yield numerous options. |
Opening the firewall to permit receiving mail Now that you're running an IMAP and POP service, you need to allow computers to connect to your server. You should already running a firewall on your server, so you just need to open the IMAP and POP ports. To open the firewall for IMAP and POP 1. | From the Computers & Services column, select Firewall.
| 2. | Select the Settings tab and then select the Services tab.
| 3. | From the "Edit Services for" pop-up menu, choose any.
| 4. | Select the "Allow traffic for 'any' on these ports" check box, and then select Mail: POP3 (port 110) and IMAP (port 143) from the list (Figure 8.18).
Figure 8.18. In the firewall settings, select the check boxes to allow network traffic on the POP and IMAP ports.
| 5. | Click Save.
You should now be able to configure Apple's Mail application to connect to your server using either POP or IMAP to retrieve your mail.
| Tip |