Postfix Enabler for Panther
What is Postfix
Enabler?
Postfix Enabler can help Mac OS X users set up a totally functional buzzword-compliant mail server in less than a minute, the Mac Way. It sets up SMTP, POP3 and IMAP services, with or without SSL support. It even sets up SSL test certs so that you can test the SSL connection. It enables SASL Authentication so you can connect to ISPs who require the SMTP connection to be authenticated. Or, the other way around, it allows you to turn on SMTP-AUTH on the server, so you can authorise remote users who need to send mail through it.
Plus, it has a few other features, including the ability to set up a roving SMTP server for PowerBook users to send mail wherever they are, whenever they want, so long as they have an Internet connection.
Caveats: Postfix Enabler works quite well on a stock Panther installation. But it may get confused if there are other earlier modifications to config files like /etc/hostconfig. Also, it won't work if your ISP blocks port 25, the smtp port. And. some mail servers (maybe one out of ten) will reject mail coming from a dynamically assigned IP address.
Requirements. Works only on OS X 10.3. Doesn't work on OS X Server.
Latest version 1.0.10 (see release notes, below). 2 November 2004. Updated the POP3 and IMAP binaries with the latest from 2004 UW/IMAP release. Made one important oft-requested change to where IMAP stores its mailboxes, so that it'll work nicely with Mail.app.
(Note : Will try to improve this later, but for now, you can load in the latest versions of the POP3 and IMAP binaries by either doing a 'sudo rm /usr/local/libexec/ipop3d' and a 'sudo rm /usr/local/libexec/imapd' from the command line before running Postfix Enabler, or by clicking on the red cross in Postfix Enabler's top left hand corner to reactivate the "Enable" buttons.)
The One-Click Road Warrior's Guide
Start up Postfix Enabler, and hit the Enable Postfix button (that's all).
If your ISP requires you to go through their mail server, enter their server name into the Smart Host field (otherwise leave it blank).
In addition, if your ISP requires that you authenticate against its SMTP server, turn on SASL authentication and enter the ISP's mail server address and your userID:password combination, as shown above.
If you want your mail to look like it is being sent from a particular domain, enter that doman name into the Masquerade As field.
Once Postfix Enabler is done, open up OS X's Mail application, and set up your mail user account as shown below :
You are still going to use whichever mail server you were using that held your in-coming mail. So the Email Address, Incoming Mail Server, User Name, and Password should all be set to whatever is required by that mail server. In the example above, cutedgesystems.com holds my incoming mail. For your case, it could be the POP server account you were given by your ISP.
The only change you need to make is to the Outgoing Mail Server name. Set it as localhost or 127.0.0.1 (If you can't find these options in the drop-down menu, click on the "Options" button and enter it yourself). And that's it.
By setting up your mail account this way, you ensure that replies will still get back to you via your central mail server. And you can pick them up later using Mail. But the messages sent from your Mac will be despatched directly to the recipients.
Note for PowerBook users : You may like to know if a large attachment has been sent out your machine, so you can close your PowerBook lid. Look into the Log Panel and check for a mail log entry that indicates Status=Sent for that particular message.
Warning : If you're only going to send mail out and not trying to set up a full mail server (see next section), do not use the Mail Server Panel because the settings for the two situations are slightly different. Specifically, do not enter a domain name into the Mail Server Panel because it will cause Postfix to hold on to mail that are addressed to people on that domain, rather than sending them out.
Also, you may be on a network whose ISP blocks the use of port 25. In this case, you would not be able to send mail out. Also, some mail servers may be picky about receiving mail from a server with a dynamic IP address.
The One-Click Mail Administrator's Guide
Postfix Enabler can be used to set up a fully functioning mail server, complete with POP3 and IMAP services. Workstations (which include PCs) on the local network (which includes Airport) can use this server to relay mail to each other, as well as to send them out to the rest of the world. This section describes how you would set this up.
Please note. Starting with version 1.0.5, there is an Advanced tab that allows SMTP-AUTH & SSL modes to be turned on for the mail server. Starting with version 1.0.9, there's a new Log tab which allows you to look into the mail log to check what's happening behind the scenes. There's also a new Custom Postfix Settings field that will allow experienced Postfix users to add their own modifications to the Postfix configuration that have not been taken care of by the Postfix Enabler user interface.
The quickest way to set up a mail server is to give it a domain name and enter this into the domain name field. In the example above, my domain name is cutedgesystems.com. Then, Enable Postfix, using the first panel, if you have not already done so. This will allow all users on your network to send mail out the Internet via this mail server machine.
Please note : When you're setting up a mail server that is accessible by the rest of the world, you must have a valid domain name. Check out this tutorial if you want to try this out using a free domain name.
Another note: You need to check that the domain name works. The simplest way to do this is to turn on the web server on the same machine you are using to run your mail server (using OS X's Sharing Preferences). Then, fire up a web browser, like Safari, and see if you can hit the web pages that you know you have on this machine.
Next, you will need to enable either the POP3 or the IMAP server (or both) so that all the machines and users on your network can retrieve their incoming mail.
Leave all the other settings alone, for the moment, on the second (Mail Server) panel, and click on the Enable POP3 button or the Enable IMAP button, depending on which mode of mail service you prefer to run.
Add other parameters (explained below), and hit the Restart Postfix button.
Check that it works
Try to send mail out using OS X Mail running on the same mail server machine. Set up Mail, as shown below. Substitute cutedgesystems.com with yourDomain.com. The User Name and Password fields will correspond with your name and password on this OS X machine or the name and password of a user you had created using the Accounts Pane in this machine's Systems Preferences. (If you've enabled the IMAP server, you can now also use Account Type: IMAP).
When you are ready, use Mail to send mail out to anybody you know and see if you can get a reply. The replies will come back to the same server. You can pick them up using Mail because Postfix Enabler has equipped your server with POP3 services.
The next step is to share the mail server with all the other machines on your network.
Share the Mail Server
Via an Airport Base Station
Mac users typically share an Internet connection in three ways. One way is to use an Airport Base Station to connect to the Internet and then share its connection. There's a tutorial (OS X, Broadband, and the Airport Base Station - but pay special attention to the section covering DNS) which will show you how to get a server running behind an Airport Base Station. In this case, if you've set up Mail for the other machines in the way shown above, you've really got nothing else to do. So long as you've got your DNS settings right (so that your other machines know where your mail server is), the other machines can now use your mail server to relay mail.
Via Internet Sharing
The second way to share an Internet connection is to turn on Internet Sharing on the mail server machine. If your mail server is equipped with an Airport card, this is really easy. The Airport card allows the server to create a secondary internal IP network which the rest of your machines can get up on, provided they're also equipped with Airport.
In this case, besides setting Mail in the way shown above, you've also got one more thing to do on your server. By default, the Airport network created by the mail server will use a network in the range 10.0.2.x (please confirm that this is true before proceeding).
Use Postfix Enabler, look for the Access field, and enter the following into a new line in the Access field :
10.0.2 RELAY
This tells the mail server to allow all machines on the internal 10.0.2.x network to relay mail through the server.
Via a Router
The third way to share an Internet connection is via a router. The things you have to do here are a combination of steps from the first two methods described above. You have to enable port mapping on your router to make sure that ports 25 and 110 are mapped to the specific internal IP address you have reserved for your server (say, 192.168.2.18).
Then, you have to ask Postfix to relay mail for your internal network. So, you've got this thing to do on your server. Use Postfix Enabler, look for the Access field, and enter the following into a new line in the Access field:
192.168.2 RELAY
This tells the mail server to allow all machines on the internal 192.168.2.x network to relay mail through the server.
Please note : between the three ways, described above, for sharing an Internet connection, the ones with the router or Airport Base Station are the safer options. This is because you're situating the server on a private network behind the router or Base Station. Postfix is programmed, by default, to reject all attempts to relay mail through it by machines sitting outside its local network. In an Airport network, this network spans the private 10.0.1.x range. The mail server will relay mail only from its own 10.0.1.x network, rejecting all other attempts. The other way of sharing an Internet connection, through OS X Internet Sharing, though cheaper and more convenient, exposes your server to attempts to relay mail through it by other machines sitting on your ISP's network (because it is sitting directly on your ISP's network).
Other uses for the Access field
The Access field can be used to blacklist individual mail senders from sending mail to your site, or even entire domains. It can also be used to block an internal user from receiving mail.
spammer@yahoo.com REJECT
spamUnlimited.com REJECT
isolated@cutedgesystems.com REJECT
The Aliases Field
Some required entries for Aliases are already created for you. Each site needs to have a Postmaster and a Root user so that other ISPs and you own system processes can contact a responsible person when they find problems with your system. MAILER-DAEMON is the conventional name attached to bounced messages. When senders find that their messages have bounced, they may need to contact someone for clarification. Their replies to their bounced messages will go to MAILER-DAEMON, so you need someone to pick these up.
The first line in the example, below, shows that you can create e-mail groups quickly by entering a group name on the left-hand side of an Alias entry, and entering a series of user names, separated by commas, on the right-hand side, which can include users from other domains.
nightrunner: haihwee,beekhim
postmaster: bernard
root: bernard
MAILER-DAEMON: bernard
mailist: :include:/full/path/name/to/mailinglist.txt
The last line in the example, above, shows another way of creating e-mail groups - by pointiing the mail server to a file that contains a list of e-mail addresses, with one address on each line.
Unclaimed mail
You can choose who, among your users, gets to be swamped by unclaimed mail. If you elect not to nominate anyone, all messages for which there is no known recipient will be bounced back to the sender. Actually, this is the suggested option, if you don't want to be swamped by junk mail.
The Additional Domain Names Field
If your server hosts more than one domain, you can list the additional domains in this field (separated by commas) so that Postfix knows that it has to accept messages sent to these domains.
The Relay-Domains field
The system is set to Restricted SMTP Relay, by default, and there should be no need to change this.
Relay-Domains (separated by commas) are the domains and networks from which you will accept mail for relaying through your network. For example, you may have a team of people working at a customer site. You may want to enter the domain name of the customer site into the Relay-Domains field so that your people can continue to send mail out the home server. However, this means that everyone on that site will be allowed to send mail out. You may not want this to happen but it's hard to work this down to specific IP addresses.
The Custom Postfix Settings field
This is meant to allow experienced Postfix users to add their own modifications to the Postfix configuration that have not been taken care of by the Postfix Enabler user interface.
Addtional Note for Outbound Mail
If you're running a mail server and your ISP requires you to go through their mail server for outbound mail, enter their server name into the Smart Host field (otherwise leave it blank) on the Send Mail panel.
In addition, if your ISP requires that you authenticate against its SMTP server, turn on SASL authentication and enter the ISP's mail server address and your userID:password combination into the relevant fields on the Send Mail panel.
The Postfix Enabler Advanced Tab
It allows the administrator to turn on SMTP-AUTH for the mail server. This allows the mail server to be accessed remotely by authorised users, whose name:password combinations have been registered with the server. The Advanced tab also allows the mail administrator to quickly create self-signed SSL certs for testing secured connections to and from the mail server.
If you turn on SMTP Authentication, you have two choices - use the built-in OS X user accounts or SASLDB.
The first method is so simple to use. It authenticates against the Mac's built-in user account management - so you maintain just one set of passwords, using System Preferences. Turn it on and you're done. (But the downside is that passwords are sent in the clear, unless you turn on SSL encryption).
In Mail.app, under Outgoing Mail Server, click on Server Settings, and set up the SMTP Server Options, as shown below. You need to make sure you enter the same User Name and Password combination that you gave to this user, using the server's OS X System Preferences panel :
SASLDB is considered to be more secure because passwords are never sent down the wire, only tokens. If you choose to turn on SMTP Authentication via SASLDB, you will need to provide the server with a list of username:password combinations, for each user who will be needing to send mail remotely through the server.
Then, in Mail.app, under Outgoing Mail Server, click on Server Settings, and set up the SMTP Server Options, as shown below. That is, set Authentication to "MD5 Challenge-Response".Then enter the username:password combination that was registered for this user on the server, using Postfix Enabler's Advanced Pane.
SSL (Secure Sockets Layer)
You can use the Advanced Panel to turn on or off SSL mode to encrypt the communications between client and server, over SMTP, POP, and IMAP. However, you will need to have the appropriate SSL certs in /System/Library/OpenSSL/certs before you can enable SSL.
You can use this panel to create test (self-signed) certs to test the SSL connection to and from the mail server. You can always replace them with "real" certs, of the same name, in the future.
If you're testing the SSL connection, make sure you quit Mail.app and come back in again, when you switch the server from non-SSL to SSL mode. This is important, and had been the source of quite a few support calls. Mail.app seems to cache the information it keeps about a connection. If you switch modes, in mid-stream, it may get confused and you will see a connection error until you quit Mail.app and come back in.
Also, if you're using the self-signed test certs, you will see the following dialog box thrown up by Mail.app, when you first send mail over SSL :
This is OK. It shows that the SSL mode is working. The cert used is a self-signed cert that hasn't been verified by any of the known certification services, e.g., Verisign. The cert can still be used to enable SSL encryption between client/server communications. If you click on "Show Certificate", it will show you the data you have set for this certificate (if you've updated the Country/State/Locality fields before clicking on the "Create SSL Test Certs" button. You can always replace the test certs with "real" certs of the same name. They are stored in /System//Library/OpenSSL/certs.
The Postfix Enabler Log Panel
You can use this panel to monitor the mail log. The Get button retrieves the last 30 (or so) records from the tail-end of the mail log, in reverse order. Because the table does not have enough width to show all the details of the connection, you can click on any line and the information will be re-displayed in the detail-fields below the table.
The mail log can be used to check if a large attachment has been sent out the mail server, as in the case of a PowerBook user. Look into the mail log for a Status=Sent indicator for the specific message and destination.
Although the message is now en-route to its destination, it may still have a few more hops to go, any of which could hold on to the message, but there's nothing you can do, now the message has left the system, so you might as well close your PowerBook.
However, in the example, above, the mail log shows that the message has bounced off Mac.com because the attachment is greater than mx.mac.com's allowable size. So, it's always good to check the mail log.
There is also a Postfix Config Summary button at the bottom of the panel. When clicked it will show a summary of the active Postfix Configuration Parameters. If you know enough Postfix, this is useful for checking if the system is set up the way the GUI says it has been set up.
Note that you can print out both the mail log and the Postfix configuration summary. (Actually, you can print any piece of information by just clicking on it, to give it the focus, before doing a Print from the File menu.)
The Mail Server and the OS X Firewall
You should check your mail server machine to see if you have OS X's built-in firewall turned on. If so, you should learn how to set it so that information could still pass through to your mail server. Look here to see how this is done.
In summary, you should open, at least, ports 25 (smtp), 110 (pop3) and 143 (imap) in the firewall. If you've turned on SSL, you should also make sure ports 995 (pop3 over SSL) and 993 (imap over SSL) are opened.
Release Log
1.0. 27th October 2003. Postfix Enabler 1.0 released without POP server.
1.0.1 2nd November 2003. Released with a POP server.
1.0.2 4th November 2003. Added ability to re-enable the Enabler, in case new system updates overwrites the current configuration.
1.0.3 6th November 2003. Made sending mail and administering a mail server into two distinct pieces, so it's clearer you can use just the first part without using the other. Also, the configuration for a mail server is slightly different from one that would only support outgoing mail.Made the changes to reflect that. Finally, the system should now work for Macs that have been upgraded to Panther, rather than via a clean install.
1.0.4 16th November 2003. Includes both an IMAP and a POP3 server from the UW-IMAP project, with permission. Both modes of operation support SSL. Added the UW-IMAP license agreement into the user interface, so that the user has to agree with the disclaimers before installing the POP3 and IMAP binaries.
1.0.5 30th December 2003. An Admin Password is requested only once, on startup. Added ability to enable SASL Authentication for the Postfix SMTP client and server. Users can now create SSL test certs from within Postifx Enabler with just 1 click. Added ability to set Message Size Limit.
1.0.6 1st January 2004. There is one bug fix. The "auxprop_plugin" line in /usr/lib/sasl2/smtpd.conf should read "auxprop_plugin: sasldb" instead of sasldb2. This prevented SASL Authentication for the server from working properly.
1.0.7 6th January 2004. Added the ability to authenticate the in-coming SMTP connection against the built-in OS X user accounts which, unlike SASLDB, does not require the user to maintain a separate password database. This solution was contributed by Andy Black. Also, thanks to Eric Kuo, we now also have a Traditional Chinese interface.
1.0.8 9th January 2004. Added the ability to turn on or off SSL mode.
1.0.9 15th January 2004. Added the ability to look into the mail log, get a summary of the active Postfix configuration, and append custom Postfix parameters to that provided by the user interface
Version 1.0.10 Release Notes
1.0.10 2nd November 2004. Updated the POP3 and IMAP binaries with the latest from 2004 UW/IMAP release. Made one important oft-requested change to where IMAP stores its mailboxes, so that it will work nicely with Mail.app.
Postfix Enabler can help Mac OS X users set up a totally functional buzzword-compliant mail server in less than a minute, the Mac Way. It sets up SMTP, POP3 and IMAP services, with or without SSL support. It even sets up SSL test certs so that you can test the SSL connection. It enables SASL Authentication so you can connect to ISPs who require the SMTP connection to be authenticated. Or, the other way around, it allows you to turn on SMTP-AUTH on the server, so you can authorise remote users who need to send mail through it.
Plus, it has a few other features, including the ability to set up a roving SMTP server for PowerBook users to send mail wherever they are, whenever they want, so long as they have an Internet connection.
Caveats: Postfix Enabler works quite well on a stock Panther installation. But it may get confused if there are other earlier modifications to config files like /etc/hostconfig. Also, it won't work if your ISP blocks port 25, the smtp port. And. some mail servers (maybe one out of ten) will reject mail coming from a dynamically assigned IP address.
Requirements. Works only on OS X 10.3. Doesn't work on OS X Server.
Latest version 1.0.10 (see release notes, below). 2 November 2004. Updated the POP3 and IMAP binaries with the latest from 2004 UW/IMAP release. Made one important oft-requested change to where IMAP stores its mailboxes, so that it'll work nicely with Mail.app.
(Note : Will try to improve this later, but for now, you can load in the latest versions of the POP3 and IMAP binaries by either doing a 'sudo rm /usr/local/libexec/ipop3d' and a 'sudo rm /usr/local/libexec/imapd' from the command line before running Postfix Enabler, or by clicking on the red cross in Postfix Enabler's top left hand corner to reactivate the "Enable" buttons.)
The One-Click Road Warrior's Guide
Start up Postfix Enabler, and hit the Enable Postfix button (that's all).
If your ISP requires you to go through their mail server, enter their server name into the Smart Host field (otherwise leave it blank).
In addition, if your ISP requires that you authenticate against its SMTP server, turn on SASL authentication and enter the ISP's mail server address and your userID:password combination, as shown above.
If you want your mail to look like it is being sent from a particular domain, enter that doman name into the Masquerade As field.
Once Postfix Enabler is done, open up OS X's Mail application, and set up your mail user account as shown below :
You are still going to use whichever mail server you were using that held your in-coming mail. So the Email Address, Incoming Mail Server, User Name, and Password should all be set to whatever is required by that mail server. In the example above, cutedgesystems.com holds my incoming mail. For your case, it could be the POP server account you were given by your ISP.
The only change you need to make is to the Outgoing Mail Server name. Set it as localhost or 127.0.0.1 (If you can't find these options in the drop-down menu, click on the "Options" button and enter it yourself). And that's it.
By setting up your mail account this way, you ensure that replies will still get back to you via your central mail server. And you can pick them up later using Mail. But the messages sent from your Mac will be despatched directly to the recipients.
Note for PowerBook users : You may like to know if a large attachment has been sent out your machine, so you can close your PowerBook lid. Look into the Log Panel and check for a mail log entry that indicates Status=Sent for that particular message.
Warning : If you're only going to send mail out and not trying to set up a full mail server (see next section), do not use the Mail Server Panel because the settings for the two situations are slightly different. Specifically, do not enter a domain name into the Mail Server Panel because it will cause Postfix to hold on to mail that are addressed to people on that domain, rather than sending them out.
Also, you may be on a network whose ISP blocks the use of port 25. In this case, you would not be able to send mail out. Also, some mail servers may be picky about receiving mail from a server with a dynamic IP address.
The One-Click Mail Administrator's Guide
Postfix Enabler can be used to set up a fully functioning mail server, complete with POP3 and IMAP services. Workstations (which include PCs) on the local network (which includes Airport) can use this server to relay mail to each other, as well as to send them out to the rest of the world. This section describes how you would set this up.
Please note. Starting with version 1.0.5, there is an Advanced tab that allows SMTP-AUTH & SSL modes to be turned on for the mail server. Starting with version 1.0.9, there's a new Log tab which allows you to look into the mail log to check what's happening behind the scenes. There's also a new Custom Postfix Settings field that will allow experienced Postfix users to add their own modifications to the Postfix configuration that have not been taken care of by the Postfix Enabler user interface.
The quickest way to set up a mail server is to give it a domain name and enter this into the domain name field. In the example above, my domain name is cutedgesystems.com. Then, Enable Postfix, using the first panel, if you have not already done so. This will allow all users on your network to send mail out the Internet via this mail server machine.
Please note : When you're setting up a mail server that is accessible by the rest of the world, you must have a valid domain name. Check out this tutorial if you want to try this out using a free domain name.
Another note: You need to check that the domain name works. The simplest way to do this is to turn on the web server on the same machine you are using to run your mail server (using OS X's Sharing Preferences). Then, fire up a web browser, like Safari, and see if you can hit the web pages that you know you have on this machine.
Next, you will need to enable either the POP3 or the IMAP server (or both) so that all the machines and users on your network can retrieve their incoming mail.
Leave all the other settings alone, for the moment, on the second (Mail Server) panel, and click on the Enable POP3 button or the Enable IMAP button, depending on which mode of mail service you prefer to run.
Add other parameters (explained below), and hit the Restart Postfix button.
Check that it works
Try to send mail out using OS X Mail running on the same mail server machine. Set up Mail, as shown below. Substitute cutedgesystems.com with yourDomain.com. The User Name and Password fields will correspond with your name and password on this OS X machine or the name and password of a user you had created using the Accounts Pane in this machine's Systems Preferences. (If you've enabled the IMAP server, you can now also use Account Type: IMAP).
When you are ready, use Mail to send mail out to anybody you know and see if you can get a reply. The replies will come back to the same server. You can pick them up using Mail because Postfix Enabler has equipped your server with POP3 services.
The next step is to share the mail server with all the other machines on your network.
Share the Mail Server
Via an Airport Base Station
Mac users typically share an Internet connection in three ways. One way is to use an Airport Base Station to connect to the Internet and then share its connection. There's a tutorial (OS X, Broadband, and the Airport Base Station - but pay special attention to the section covering DNS) which will show you how to get a server running behind an Airport Base Station. In this case, if you've set up Mail for the other machines in the way shown above, you've really got nothing else to do. So long as you've got your DNS settings right (so that your other machines know where your mail server is), the other machines can now use your mail server to relay mail.
Via Internet Sharing
The second way to share an Internet connection is to turn on Internet Sharing on the mail server machine. If your mail server is equipped with an Airport card, this is really easy. The Airport card allows the server to create a secondary internal IP network which the rest of your machines can get up on, provided they're also equipped with Airport.
In this case, besides setting Mail in the way shown above, you've also got one more thing to do on your server. By default, the Airport network created by the mail server will use a network in the range 10.0.2.x (please confirm that this is true before proceeding).
Use Postfix Enabler, look for the Access field, and enter the following into a new line in the Access field :
10.0.2 RELAY
This tells the mail server to allow all machines on the internal 10.0.2.x network to relay mail through the server.
Via a Router
The third way to share an Internet connection is via a router. The things you have to do here are a combination of steps from the first two methods described above. You have to enable port mapping on your router to make sure that ports 25 and 110 are mapped to the specific internal IP address you have reserved for your server (say, 192.168.2.18).
Then, you have to ask Postfix to relay mail for your internal network. So, you've got this thing to do on your server. Use Postfix Enabler, look for the Access field, and enter the following into a new line in the Access field:
192.168.2 RELAY
This tells the mail server to allow all machines on the internal 192.168.2.x network to relay mail through the server.
Please note : between the three ways, described above, for sharing an Internet connection, the ones with the router or Airport Base Station are the safer options. This is because you're situating the server on a private network behind the router or Base Station. Postfix is programmed, by default, to reject all attempts to relay mail through it by machines sitting outside its local network. In an Airport network, this network spans the private 10.0.1.x range. The mail server will relay mail only from its own 10.0.1.x network, rejecting all other attempts. The other way of sharing an Internet connection, through OS X Internet Sharing, though cheaper and more convenient, exposes your server to attempts to relay mail through it by other machines sitting on your ISP's network (because it is sitting directly on your ISP's network).
Other uses for the Access field
The Access field can be used to blacklist individual mail senders from sending mail to your site, or even entire domains. It can also be used to block an internal user from receiving mail.
spammer@yahoo.com REJECT
spamUnlimited.com REJECT
isolated@cutedgesystems.com REJECT
The Aliases Field
Some required entries for Aliases are already created for you. Each site needs to have a Postmaster and a Root user so that other ISPs and you own system processes can contact a responsible person when they find problems with your system. MAILER-DAEMON is the conventional name attached to bounced messages. When senders find that their messages have bounced, they may need to contact someone for clarification. Their replies to their bounced messages will go to MAILER-DAEMON, so you need someone to pick these up.
The first line in the example, below, shows that you can create e-mail groups quickly by entering a group name on the left-hand side of an Alias entry, and entering a series of user names, separated by commas, on the right-hand side, which can include users from other domains.
nightrunner: haihwee,beekhim
postmaster: bernard
root: bernard
MAILER-DAEMON: bernard
mailist: :include:/full/path/name/to/mailinglist.txt
The last line in the example, above, shows another way of creating e-mail groups - by pointiing the mail server to a file that contains a list of e-mail addresses, with one address on each line.
Unclaimed mail
You can choose who, among your users, gets to be swamped by unclaimed mail. If you elect not to nominate anyone, all messages for which there is no known recipient will be bounced back to the sender. Actually, this is the suggested option, if you don't want to be swamped by junk mail.
The Additional Domain Names Field
If your server hosts more than one domain, you can list the additional domains in this field (separated by commas) so that Postfix knows that it has to accept messages sent to these domains.
The Relay-Domains field
The system is set to Restricted SMTP Relay, by default, and there should be no need to change this.
Relay-Domains (separated by commas) are the domains and networks from which you will accept mail for relaying through your network. For example, you may have a team of people working at a customer site. You may want to enter the domain name of the customer site into the Relay-Domains field so that your people can continue to send mail out the home server. However, this means that everyone on that site will be allowed to send mail out. You may not want this to happen but it's hard to work this down to specific IP addresses.
The Custom Postfix Settings field
This is meant to allow experienced Postfix users to add their own modifications to the Postfix configuration that have not been taken care of by the Postfix Enabler user interface.
Addtional Note for Outbound Mail
If you're running a mail server and your ISP requires you to go through their mail server for outbound mail, enter their server name into the Smart Host field (otherwise leave it blank) on the Send Mail panel.
In addition, if your ISP requires that you authenticate against its SMTP server, turn on SASL authentication and enter the ISP's mail server address and your userID:password combination into the relevant fields on the Send Mail panel.
The Postfix Enabler Advanced Tab
It allows the administrator to turn on SMTP-AUTH for the mail server. This allows the mail server to be accessed remotely by authorised users, whose name:password combinations have been registered with the server. The Advanced tab also allows the mail administrator to quickly create self-signed SSL certs for testing secured connections to and from the mail server.
If you turn on SMTP Authentication, you have two choices - use the built-in OS X user accounts or SASLDB.
The first method is so simple to use. It authenticates against the Mac's built-in user account management - so you maintain just one set of passwords, using System Preferences. Turn it on and you're done. (But the downside is that passwords are sent in the clear, unless you turn on SSL encryption).
In Mail.app, under Outgoing Mail Server, click on Server Settings, and set up the SMTP Server Options, as shown below. You need to make sure you enter the same User Name and Password combination that you gave to this user, using the server's OS X System Preferences panel :
SASLDB is considered to be more secure because passwords are never sent down the wire, only tokens. If you choose to turn on SMTP Authentication via SASLDB, you will need to provide the server with a list of username:password combinations, for each user who will be needing to send mail remotely through the server.
Then, in Mail.app, under Outgoing Mail Server, click on Server Settings, and set up the SMTP Server Options, as shown below. That is, set Authentication to "MD5 Challenge-Response".Then enter the username:password combination that was registered for this user on the server, using Postfix Enabler's Advanced Pane.
SSL (Secure Sockets Layer)
You can use the Advanced Panel to turn on or off SSL mode to encrypt the communications between client and server, over SMTP, POP, and IMAP. However, you will need to have the appropriate SSL certs in /System/Library/OpenSSL/certs before you can enable SSL.
You can use this panel to create test (self-signed) certs to test the SSL connection to and from the mail server. You can always replace them with "real" certs, of the same name, in the future.
If you're testing the SSL connection, make sure you quit Mail.app and come back in again, when you switch the server from non-SSL to SSL mode. This is important, and had been the source of quite a few support calls. Mail.app seems to cache the information it keeps about a connection. If you switch modes, in mid-stream, it may get confused and you will see a connection error until you quit Mail.app and come back in.
Also, if you're using the self-signed test certs, you will see the following dialog box thrown up by Mail.app, when you first send mail over SSL :
This is OK. It shows that the SSL mode is working. The cert used is a self-signed cert that hasn't been verified by any of the known certification services, e.g., Verisign. The cert can still be used to enable SSL encryption between client/server communications. If you click on "Show Certificate", it will show you the data you have set for this certificate (if you've updated the Country/State/Locality fields before clicking on the "Create SSL Test Certs" button. You can always replace the test certs with "real" certs of the same name. They are stored in /System//Library/OpenSSL/certs.
The Postfix Enabler Log Panel
You can use this panel to monitor the mail log. The Get button retrieves the last 30 (or so) records from the tail-end of the mail log, in reverse order. Because the table does not have enough width to show all the details of the connection, you can click on any line and the information will be re-displayed in the detail-fields below the table.
The mail log can be used to check if a large attachment has been sent out the mail server, as in the case of a PowerBook user. Look into the mail log for a Status=Sent indicator for the specific message and destination.
Although the message is now en-route to its destination, it may still have a few more hops to go, any of which could hold on to the message, but there's nothing you can do, now the message has left the system, so you might as well close your PowerBook.
However, in the example, above, the mail log shows that the message has bounced off Mac.com because the attachment is greater than mx.mac.com's allowable size. So, it's always good to check the mail log.
There is also a Postfix Config Summary button at the bottom of the panel. When clicked it will show a summary of the active Postfix Configuration Parameters. If you know enough Postfix, this is useful for checking if the system is set up the way the GUI says it has been set up.
Note that you can print out both the mail log and the Postfix configuration summary. (Actually, you can print any piece of information by just clicking on it, to give it the focus, before doing a Print from the File menu.)
The Mail Server and the OS X Firewall
You should check your mail server machine to see if you have OS X's built-in firewall turned on. If so, you should learn how to set it so that information could still pass through to your mail server. Look here to see how this is done.
In summary, you should open, at least, ports 25 (smtp), 110 (pop3) and 143 (imap) in the firewall. If you've turned on SSL, you should also make sure ports 995 (pop3 over SSL) and 993 (imap over SSL) are opened.
Release Log
1.0. 27th October 2003. Postfix Enabler 1.0 released without POP server.
1.0.1 2nd November 2003. Released with a POP server.
1.0.2 4th November 2003. Added ability to re-enable the Enabler, in case new system updates overwrites the current configuration.
1.0.3 6th November 2003. Made sending mail and administering a mail server into two distinct pieces, so it's clearer you can use just the first part without using the other. Also, the configuration for a mail server is slightly different from one that would only support outgoing mail.Made the changes to reflect that. Finally, the system should now work for Macs that have been upgraded to Panther, rather than via a clean install.
1.0.4 16th November 2003. Includes both an IMAP and a POP3 server from the UW-IMAP project, with permission. Both modes of operation support SSL. Added the UW-IMAP license agreement into the user interface, so that the user has to agree with the disclaimers before installing the POP3 and IMAP binaries.
1.0.5 30th December 2003. An Admin Password is requested only once, on startup. Added ability to enable SASL Authentication for the Postfix SMTP client and server. Users can now create SSL test certs from within Postifx Enabler with just 1 click. Added ability to set Message Size Limit.
1.0.6 1st January 2004. There is one bug fix. The "auxprop_plugin" line in /usr/lib/sasl2/smtpd.conf should read "auxprop_plugin: sasldb" instead of sasldb2. This prevented SASL Authentication for the server from working properly.
1.0.7 6th January 2004. Added the ability to authenticate the in-coming SMTP connection against the built-in OS X user accounts which, unlike SASLDB, does not require the user to maintain a separate password database. This solution was contributed by Andy Black. Also, thanks to Eric Kuo, we now also have a Traditional Chinese interface.
1.0.8 9th January 2004. Added the ability to turn on or off SSL mode.
1.0.9 15th January 2004. Added the ability to look into the mail log, get a summary of the active Postfix configuration, and append custom Postfix parameters to that provided by the user interface
Version 1.0.10 Release Notes
1.0.10 2nd November 2004. Updated the POP3 and IMAP binaries with the latest from 2004 UW/IMAP release. Made one important oft-requested change to where IMAP stores its mailboxes, so that it will work nicely with Mail.app.
Posted: Thu - March 24, 2005 at 11:18 AM
Quick Links
Calendar
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
Categories
Archives
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Apr 11, 2005 09:20 PM
Total entries in this category:
Published On: Apr 11, 2005 09:20 PM