Apple 10.6 Server User Manual


  Open as PDF
of 134
 
Some administrators nd it easier to designate mail access using ACLs if they do
all their other conguration using ACLs. They also might have mixed network
environments that necessitate using ACLs to assign mail access.
To enable mail access using ACLs:
1 In Server Admin, select the server that has Mail service running.
2 Select Access, then click Services.
3 Select Mail from the Services list.
4 Select “For selected services below.”
5 Select “Allow only users and group below.”
6 Click the Add (+) button to reveal a Users and Groups list.
7 Drag the user or group to the access list.
8 Click Save.
Choosing Authentication for Mail Service
SMTP Authentication
You can protect your server from being an open relay (which indiscriminately relays
mail to other mail servers) by requiring SMTP authentication. Requiring authentication
ensures that only known users—people with user accounts on your server—can send
mail from your mail servers.
You can congure Mail service to require secure authentication using CRAM-MD5 or
Kerberos or less secure authentication methods using plain text or login.
Plain authentication sends mail passwords as plain text over the network. Login
authentication sends a minimally secure crypt hash of the password over the network.
You might allow these less secure authentication methods, which don’t encrypt
passwords, if some users have mail client software that doesn’t support the secure
methods.
If you congure Mail service to require CRAM-MD5, mail users’ accounts must be set to
use a password server that has CRAM-MD5 enabled.
Before enabling Kerberos authentication for incoming Mail service, you must integrate
Mac OS X with a Kerberos server. If you’re using Mac OS X Server for Kerberos
authentication, this is already done for you.
Enabling SMTP Authentication will:
Make your users authenticate with their mail client before accepting mail to send. Â
Frustrate mail server abusers who are trying to send mail through your system Â
without your consent.
64 Chapter 3 Mail Service Advanced Conguration
 previous next