7 Replies Latest reply: Apr 21, 2012 2:00 PM by Gnarlodious
Gnarlodious Level 4 Level 4 (3,215 points)

Let's say I want to receive emails from my website gnarlodious.com, which runs on Server 10.6. How do I set that up? All I want is simple POP and SMTP service for one domain. Seems like it should be easy to get going.

 

Sorry I searched Google for hours but found no clear instructions. I think I figured out that Postman is for mailing lists only, not email accounts. There is also a squirrelmail, but it looks like it is only for viewing webmail. Also found Postfix, which might be what I am looking for. Please explain this abundance of mail software.

  • MrHoffman Level 6 Level 6 (13,305 points)

    At its simplest, you configure and start the mail server, set up the forward and reverse DNS correctly (the reverse DNS for the specified site is incorrect; the IP address to domain name), open ports through the firewall(s), and establish an MX record for the domain.  This for running a full-on mail server. 

     

    Here is the OS X Server 10.6 Mail Administration from Apple, with considerably more detail.

     

    You'll need to fix the reverse DNS for the domain because receiving mail servers are increasingly configured to reject incoming mail from a domain with mismatched DNS.  Web sites (other than those running https) care rather less about reverse DNS settings.

     

    As an alternative, you can also have the web site connect to a remote mail server, which avoids configurating and administering a mail server; if you're just looking to send mail from a web application.  That'll allow you to receive mail on another domain.  (And you can also have mail sent to gnarlodious.com routed to your current "other" mail server by setting up an MX record for the gnarlodious.com domain to reference your existing current "other" mail server.)

  • Gnarlodious Level 4 Level 4 (3,215 points)

    Thanks for that info. Two things:

    I want to receive mail at an address like webmaster  @ gnarlodious.com, one of the many sites I am running from that server. This must be like Virtual Domains in Apache. I have my DNS pointing that domain to an MX record containing the IP address of my server, is that not enough?

     

    Also, reading the PDF you sent me to I see:

    To enable POP access:

     

    In Server Admin, select a computer in the Servers list, then select Mail.

     

    My problem is I am not running Server Admin because it doesn't play nice with mod_wsgi. I should be able to bypass the serveradmin front end and configure the mail server from Terminal, but how to?

  • MrHoffman Level 6 Level 6 (13,305 points)

    Setting the MX record in the public-facing DNS is not enough.  It'll sort-of work, and you'll likely get some mail.  Other mail will be silently dropped, and the numbers of other mail servers that will silently drop mail intended for or received from your mail server is likely to increase over time.

     

    And you have a vastly larger issue here, if you can't use Server Admin, and (based on this thread) it appears that you've reinstalled your own version of Apache on this server.

     

    Proper DNS is fundamental to the operation of servers.  DNS is also fundamental to the operation of network security.

     

    Again, your forward DNS (name to address), reverse DNS (address to name) and the MX all have to match for the primary name of the server, or mail to and from the server will be dropped by other mail servers.  This is because the SMTP protocol requires the mail server to have a DNS A record - also called a DNS machine record, or DNS host record - as its primary name, and yours does not.  Yours has an alias record, also called a CNAME.

     

    Hosts with CNAMEs, as well as hosts with reverse DNS names based on DSL or other dynamic names, and also hosts with dynamic addresses where the ISP has added those to various of the filtering databases, are considered spam engines.

     

    If your DNS is not configured, you'll need to use an SMTP relay.  Or you'll have mail dropped.

     

    Here is an introduction to setting up DNS on OS X Server, and there's a link from there to an article on setting up your external DNS.  That uses Server Admin, though.

     

    Given you're avoiding the Server Admin tool, you may well end up need to manage your DNS files manually as well.  (Once you start "off-roading" with an OS X Server configuration, you're almost better off migrating to a Unix or Linux server.  To manage these components without either the Server Admin GUI or the serveradmin tool at the command line, you'll need to edit the various configuration files for the services directly.)

     

    Once your internal and external DNS are configured and confirmed, you'll want to use IMAP and not POP.  POP is a more limited protocol.

     

    To use aliases for recipients, the OS X Server documentation (previously linked) provides two means of configuring users across different virtual hosts within the postfix configuration; aliases and related.  One is more flexable, but is manually managed, while the other uses Server Admin.

     

    In general with this configuration, I'd suggest routing your mail through another mail server as a way to avoid the overhead of managing the mail server, avoiding the DNS set-up, and given you're avoiding Server Admin.  The web sites I manage get attacked multiple times a day, as do the mail servers, and many of those folks are looking to use vulnerabilities in the web sites and the mail servers to send out spam, and the attacks are continuously evolving and improving.  And you're working with a substantially more complex configuration than the documentation covers.

     

    I'd suggest looking around for a way to add just the mod_wsgi module without rebuilding and reloading Apache; there are some postings around with some details; here's a very high level overview of the sequence.  (Here's an older Leopard discussion of this module.  There are probably better descriptions around; it's been a while since I've needed to side-build an Apache module, given that the php versions and libgd/gd are mostly-sorted out on Snow Leopard an Lion.)

     

    And in all seriousness, a migration to Linux or a BSD is probably a better fit here, particularly if you're planning to rebuild hunks of the platform, and thus end up needing to avoiding using the integrated management tools.  The way you're managing this server is certainly a fine and viable approach, and it's the exact target market for managing Linux and BSD platforms; full customization.  It's just not where OS X Server is aimed.

  • Gnarlodious Level 4 Level 4 (3,215 points)

    Aargh! I appreciate your time on that exhaustive response but don't hardly understand any of it. Yes, I am running a custom build of Apache, so I always assumed the Server Admin interface would be useless to me. My assumption would be that there is a way to use and administer a mailserver just like Apache, that is what I need to learn how to do. I really don't want to go back to OpenBSD, and I would need a new box for it.

     

    I have the DNS from my registrar set to ignore the machine's DNS name. If this is wrong please tell me and I will do it right. My server farm has a dedicated DNS server and they are very agreeable. All websites have always worked well under my current setup.

     

    Let's say I give up on running email from my server, even so I'd like to get the DNS issue resolved right now. I can post screenshots of the DNS registry if you want.

     

    For now I want to ignore any security threats and enable POP in order to view whatever comes in using Terminal. I did find something at /etc/postfix that looks promising.

  • MrHoffman Level 6 Level 6 (13,305 points)

    Screen shots are not necessary.  Your reverse DNS is wrong, or (if it's been changed) the changes haven't propagaged through (yet).  You need to fix that setting with your ISP; with whomever is providing your IP address.

     

    In simplest terms, here are the Terminal.app commands:

     

    dig +short gnarlodious.com

    dig +short -x your.server.ip.address.here

    dig +short MX gnarlodious.com

     

    do not match.

     

    Here is what I see from here:

     

    $ dig +short gnarlodious.com

    65.183.81.82

    $ dig +short 65.183.81.82

    $ dig +short -x 65.183.81.82

    82.nedernet.81.183.65.in-addr.arpa.

    gnarlodious.nedernet.net.

    $ dig +short MX gnarlodious.com

    $

     

    Your forward DNS is 65.183.81.82.  Your reverse DNS is 82.nedernet.81.183.65.in-addr.arpa (a PTR or pointer record; that's the reverse DNS) and spurious alias (CNAME) gnarlodious.nedernet.net.  This does not match.  This misconfiguration means that many other SMTP mail servers will interpret this as a spam engine, and won't play. 

     

    You have no control over "ignoring this" as this is derived from your external DNS by other servers; any attempts to set this to be ignored won't have any effects on the other mail servers that might interact with your mail server.  (Yes, you can get a few messages through, though inbound and outbound messages can and variously will be dropped due to the DNS errors here.)

     

    (I also haven't checked to see if the ISP has erected any blocks against mail servers.  If you're on a static IP, that usually should not be the case.  But it's worth confirming the address regardless, as mistakes can happen, and rogue malware that breaches your server can get your server listed.)

     

    As for ignoring security, a successful breach can get your server listed in the spam engine listings, and that takes more time and effort to clean up, on top of cleaning up the breach.  And it's not like the folks won't attack the servers; my most recent batch of servers connected to the net were attacked within minutes of the initial connections, and that was before any notice or any external DNS had been set up.

     

    Running a server operating system means knowing a little bit about IP networking, about DNS services, server and network security, and some other low-level pieces, or to have access to a support organization that can assist you with these tasks.  Server configurations - even as simple as OS X Server is - still require an investment in acquiring some related knowledge; more than does running a client system.

     

    I am a customer of one of the various hosting services that's available around the Internet, and I spend about US$50 for the hosting per year, plus some for various DNS registrations.  Which means I can re-allocate the time and effort I would have spent on that task, on other tasks.  Put another way, how do you want to spend your time?  Learning about and running a server?  Or getting (other) work done?

  • Gnarlodious Level 4 Level 4 (3,215 points)

    Thanks, I marked that post as the answer and will work on the learning more. And yes, I would surely rather be writing Python rather than fighting a losing battle with spammers.

  • Gnarlodious Level 4 Level 4 (3,215 points)

    Thanks for that advice again. I set up a free email account with Google Apps based on my domain name. For anyone who reads this, you have to accept the terms of service and once you have the account find where to enable "Standard Edition". Seems to work pretty good so far, and has all the features of a gmail account.