OS X Lion Mail Server Relay
Hi All,
I am currently moving from Exchange 2010 to OS X Lion Mail server. I have a Mac Mini server running OS X Lion server. This is my first Mac server so please bare with me. I have enabled the Mail server using pretty much the defualt settings. I can send and received emails on intranet (local LAN) and externally (internet) so far so good. The only thing that I am a bit confused about is the relay options. I have done a lot of researching on this and even found this information from Apple support site:
https://help.apple.com/advancedserveradmin/mac/10.8/#apdB3F8B86B-1839-4692-85FD- 007FC7222B78
I have currently nothing enabled (selected) under the Relay tab. In the Advanced tab, Hosting I have only "Include server's domain as local host alias" enbaled (selected) and "localhost" under "Local Host Alias". Finally, in the Advanced tab, Security, Authentication I have enabled "Kerberos" and "CRAM-MD5" for "SMTP" and for "IMAP" / "POP".
When I use an Internet open relay testing tool I get different results. As an example, mailradar fails every test and shows at the end that relays accepted by remote host:
>>> MAIL FROM: <antispam@mailradar.com>
<<< 250 dmz.zuzanet.co.uk
>>> RCPT TO: <relaytest@mailradar.com>
<<< 250 2.1.0 Ok
>>> QUIT
<<< 554 5.7.1 <relaytest@mailradar.com>: Relay access denied
<<< 221 2.0.0 Bye
[TEST NOT PASSED]
All tested completed! Relays accepted by remote host.
On the other hand, MXtoolbox shows OK - Not an open relay:
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [764 ms]
RCPT TO: <test@example.com>
554 5.7.1 <test@example.com>: Relay access denied [728 ms]
QUIT
However, if I telnet to the Mail server FDQN on port 25 in the local LAN and run the same test above, both result as "Relay access denied":
mail from: antispam@mailradar.com
250 2.1.0 Ok
rcpt to: relaytest@mailradar.com
554 5.7.1 <relaytest@mailradar.com>: Relay access denied
mail from: supertool@mxtoolbox.com
250 2.1.0 Ok
rcpt to: test@example.com
554 5.7.1 <test@example.com>: Relay access denied
Based on the information above my questions are:
1-Is open relay allowed by default on OS X Lion mail server?
2-Is it expected to see different results from internet open relay test tools available on the Internet that the relay is accepted?
3-Is there any further configuration/testing that can be done to make 100% sure that the Mail server is definitely not an open relay?
Thanks in advance,
Reading1995.
Mac mini Server (Mid 2011), Mac OS X (10.7.5)