Mac OS X Server as an Advanced

Mail Server

André Aulich

Freelance Apple Consultant

aaulich@mac.com

www.andre-aulich.de

insecure Internet

SSL/VPN

SSL

VPN

secure local area network

WebMail

Mail application

Market needs

© 2004 www.andre-aulich.de

user experience additional administrative demands

• secure mail transfer

• virus and spam filter

• auto-replies (vacation notices)

• group mail accounts

• shared IMAP folders

• internal and external access using mail application or Webmail

• ease of use

• stable overall service

• backup and disaster recovery strategy

• support for email addresses like firstname.lastname@domain.co.uk

• server shouldn’t need much support after first setup

• redundancy

Standard Mac OS X Mail

Server Setup

- using internal tools -

© 2004 www.andre-aulich.de

DEMO

Standard mail setup

© 2004 www.andre-aulich.de

Postfix

Cyrus

SMTP IN

external SMTP server

recipient local userrecipient external user

local Mac OS X Server

Standard mail setup

© 2004 www.andre-aulich.de

incoming SMTP mail

sender IP address accepted

sender IP address not accepted

SSL encrypted not SSL encrypted

message size accepted

message size not accepted

sender has local user account

sender has no local user account

recipient is local user

recipient is external user

sender IP address accepted

sender IP address not accepted

Cyrus stores mails for local usersin users' inboxes

Mail delivery using POP or

IMAP SSL, and/or VPN tunnel

Mail client using mail applicationor Webmail interface

SMTP server of external user

any kind of delivery

external mail recipient

Postfix

Advanced Mac OS X Mail Server

Setup

- using internal and external tools -

© 2004 www.andre-aulich.de

DEMO

Advanced mail setup

© 2004 www.andre-aulich.de

Postfix

Cyrus

SMTP IN

external SMTP server

recipient local user

recipient external user

local Mac OS X Server

Procmail

Sanitizer

Virex or Sophos

Spam Assassin

Razor

Advanced mail setup - feature list

© 2004 www.andre-aulich.de

• secure mail transfer using SSL and/or VPN

• state-of-the-art virus and mail filters

• easy-to-use webmail interface

• flexible mail addresses like firstname.lastname@domain.co.uk

• powerful backup and disaster recovery strategies

• vacation notices controlled by users

• powerful mailing list management

• group mail accounts and shared IMAP folders

Advanced mail setup - Alternative

© 2004 www.andre-aulich.de

Postfix

Cyrus

SMTP IN

external SMTP server

recipientlocal user

local Mac OS X Server

amavisd-new

Spam Assassin

Razor

ClamAV

Finetuning

© 2004 www.andre-aulich.de

• add log rolling

• SpamAssassin can be trained

• add support for multiple domains

• server-based rules (using CLI)

• encrypt mails to external recipients using sender certificates

Tiger announcements

© 2004 www.andre-aulich.de

• see http://www.apple.com/uk/server/macosx/tiger/

• SpamAssassin will be included with Mac OS X Server

• Support for mail server clustering

• added support for virtual hosts

Commercial alternatives

• Kerio MailServer, www.kerio.com

• CommuniGate Pro, www.stalker.com

• 4D Mail, www.4D.com

• PostOffice, www.tenon.com

© 2004 www.andre-aulich.de

General security advisory

• security on mobile client computers

• security on other people’s computers

• Limiting server access to VPN and SSL ports

• Secure other services using SSL

© 2004 www.andre-aulich.de

Summary

• Mac OS X Server is a powerful, enterprise-level mail server

• many functions are available via the GUI

• more functions can be added using industry-standard, free-of-charge Open Source tools

• The complete system is easy to use for the clients

• Mac OS X Server offers secure and flexible mail solutions

© 2004 www.andre-aulich.de

Tools you need

• Mac OS X Server

• (optional) Anomy Sanitizer: http://

mailtools.anomy.net/

• Virus scanner

• Virex (http://www.mac.com),

Sophos-Antivirus, ClamAV, etc.

• SpamAssassin: http://

spamassassin.apache.org/

• Razor: http://razor.sourceforge.net/

• (optional) amavisd-new: http://ijs.si/

software/amavisd/

© 2004 www.andre-aulich.de

Resources

• Copy of this presentation and basic configuration guide for the described setup: http://www.andre-aulich.de/

mailserveren1.html

• 'Sanitizing Mail on Panther Server' by Jason Deraleau: http://www.macdevcenter.com/pub/a/mac/2004/01/27/

sanitize_mail.html

• 'Fighting Spam on Mac OS X Server': http://developer.apple.com/server/fighting_spam.html

• 'Using Open Source Tools to Filter Email on Mac OS X Server': http://developer.apple.com/server/virusfiltering.html

• test of commercial mail servers: http://www.macworld.com/2004/03/reviews/emailservers

• 'Spam/Virus controls with OS X Server': http://www.afp548.com/article.php?story=20041104095414942

• 'Use Cyradm to Manage your Cyrus Mailboxes': http://www.afp548.com/article.php?story=20040814204411280

• 'OS X Server 10.3 Mail Backup': http://www.afp548.com/article.php?story=2004092303182960

• 'Log Rolling made easy': http://www.afp548.com/article.php?story=20040916181619888

• 'Sieve Installer': http://www.afp548.com/article.php?story=20040721014726822

• 'Cyrus IMAP Mailbox Recovery': http://www.afp548.com/article.php?story=20040824063737872

• 'The great big Panther SSL article': http://www.afp548.com/article.php?story=20040722080720854

• Squirrelmail-Plugins: http://www.squirrelmail.

• ‘ How to Set Up Encrypted Mail on Mac OS X’: http://www.macdevcenter.com/pub/a/mac/2003/01/20/mail.html

© 2004 www.andre-aulich.de

Q&A