How To Keep Your Mac OS X Mail Server From Being Used By Spammers

Many spammers are able to spread their filth widely due to the fact that some server administrators leave their SMTP servers open, allowing anyone to use them to send mail. This article lists step-by-step how to keep your OS X Server system from being used in this manner. From Apple:

Follow these steps to prevent open SMTP relay:

  1. Connect to the server via Server Settings.
  2. Click the Internet tab.
  3. Choose Configure Host Settings from the Mail Service menu (Mail service must be running).
  4. Click the radio button to Allow SMTP relay for only hosts in this list.
  5. Enter the IP address of the server and the range(s) of IP addresses for your network.
  6. Click Save.

Results

  • Any computer that is in the IP range for your network will be able to relay without authenticating.
  • Any computer that is not in the IP range will have to authenticate in order to relay. They can authenticate using CRAM-MD5, PLAIN, or LOGIN, regardless of what you have selected in SMTP options. Users should be encouraged to use CRAM-MD5, as it is much more secure.

Notes

  • CRAM-MD5 authentication requires the use of the password server. CRAM-MD5, PLAIN, and LOGIN must be specifically enabled on the server for clients to be able to use them for authentication. PLAIN and LOGIN may only be enabled at the server when CRAM-MD5 is also enabled.
  • Versions 10.2 to 10.2.3: If you select “Require authenticated SMTP using CRAM-MD5” option in SMTP Options, all users must authenticate before they can relay mail through your server, even if they connect from a computer in the approved hosts list. This also applies to other SMTP servers on the Internet that may attempt to deliver mail to your server.
  • Instructions for setting up restricted SMTP relay in Mac OS X Server 10.1 may be found in technical document 106762, “Mac OS X Server 10.1: How to Set up Restricted SMTP Relay for Apple Mail Server“.

You can read the full Knowledge Base article at Appleis Web site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.