7 Replies Latest reply: Feb 12, 2013 4:02 AM by bmyatt
bmyatt Level 1 Level 1

Following the guide here https://help.apple.com/advancedserveradmin/mac/10.8/#apdB3F8B86B-1839-4692-85FD- 007FC7222B78 is not helpful as it refers to server admin tool (which I believe no longer exists for 10.8.2)?

What do I need to manually edit to tighten my security?


Macbook Pro, Mac OS X (10.7.1), Lion Server
Solved by Michael Lake on Feb 5, 2013 3:48 PM Solved

As Linc noted above, you don't need to do anything special to prevent your system from being an open relay.

 

If you're a belt-and-suspenders guy, you can double-check your installation with this nifty tool from MXToolbox: http://www.mxtoolbox.com/diagnostic.aspx. Just type your server's address into the box and hit "Test Email Server". It'll run for a few moments and check a few settings on your machine. OS X Server should pass all tests with a default installation.

 

This tool is also handy for periodically checking to make sure your IP address isn't on a realtime blacklist (RBL).

Reply by Linc Davis on Feb 5, 2013 9:56 AM Helpful

They've removed that setting from the GUI. By default, Postfix is configured to accept mail only from the local subnet. If that's what you want it to do, you don't have to change anything. Otherwise, you'll have to edit the directives in the section "TRUST AND RELAY CONTROL" in the file

 

/Library/Server/Mail/Config/postfix/main.cf

All replies

  • Linc Davis Level 10 Level 10
    expertise.applications
    Applications

    "Server Admin" is an error. The article refers to the Server application.

  • bmyatt Level 1 Level 1

    OK, so if the Advanced Administration guide doesn't document how I can do this with 10.8.2/server 2.2 how can I do it?

  • Linc Davis Level 10 Level 10
    expertise.applications
    Applications

    Just read "Server" for "Server Admin."

  • bmyatt Level 1 Level 1

    So in the advanced admin guide at this page http://help.apple.com/advancedserveradmin/mac/10.8/#apdB3F8B86B-1839-4692-85FD-0 07FC7222B78

     

    I can't do what it directs with the server app (replace server admin with server)?

     

    1. In Server Admin, select a server in the Servers list, and then select Mail.
    2. Click Settings, and then click Relay.

     

    There is no Settings -> Relay?

    1. Select “Accept SMTP relays only from these hosts and networks.”
    2. Edit the list of hosts by choosing one of the following:
      • Click the Add button to add a host to the list.
      • Click the Remove button (–) to delete the selected host on the list.
      • Click the Edit button (/) to change a host on the list.
      When adding to the list, Server Admin accepts a variety of notations. You can:
      • Enter a single IP address or the network/netmask pattern, such as 192.168.40.0/21.
      • Enter a host name, such as mail.example.com.
      • Enter an Internet domain name, such as example.com.
  • Linc Davis Level 10 Level 10
    expertise.applications
    Applications

    They've removed that setting from the GUI. By default, Postfix is configured to accept mail only from the local subnet. If that's what you want it to do, you don't have to change anything. Otherwise, you'll have to edit the directives in the section "TRUST AND RELAY CONTROL" in the file

     

    /Library/Server/Mail/Config/postfix/main.cf

  • Michael Lake Level 2 Level 2

    As Linc noted above, you don't need to do anything special to prevent your system from being an open relay.

     

    If you're a belt-and-suspenders guy, you can double-check your installation with this nifty tool from MXToolbox: http://www.mxtoolbox.com/diagnostic.aspx. Just type your server's address into the box and hit "Test Email Server". It'll run for a few moments and check a few settings on your machine. OS X Server should pass all tests with a default installation.

     

    This tool is also handy for periodically checking to make sure your IP address isn't on a realtime blacklist (RBL).

  • bmyatt Level 1 Level 1

    MXToolbox was a really helpful confirmation step - thanks.