I am currently moving from Exchange 2010 to OS X Lion Mail server. I have a Mac Mini server running OS X Lion server. This is my first Mac server so please bare with me. I have enabled the Mail server using pretty much the defualt settings. I can send and received emails on intranet (local LAN) and externally (internet) so far so good. The only thing that I am a bit confused about is the relay options. I have done a lot of researching on this and even found this information from Apple support site:
I have currently nothing enabled (selected) under the Relay tab. In the Advanced tab, Hosting I have only "Include server's domain as local host alias" enbaled (selected) and "localhost" under "Local Host Alias". Finally, in the Advanced tab, Security, Authentication I have enabled "Kerberos" and "CRAM-MD5" for "SMTP" and for "IMAP" / "POP".
When I use an Internet open relay testing tool I get different results. As an example, mailradar fails every test and shows at the end that relays accepted by remote host:
>>> MAIL FROM: <firstname.lastname@example.org>
<<< 250 dmz.zuzanet.co.uk
>>> RCPT TO: <email@example.com>
<<< 250 2.1.0 Ok
<<< 554 5.7.1 <firstname.lastname@example.org>: Relay access denied
<<< 221 2.0.0 Bye
[TEST NOT PASSED]
All tested completed! Relays accepted by remote host.
On the other hand, MXtoolbox shows OK - Not an open relay:
MAIL FROM: <email@example.com>
250 2.1.0 Ok [764 ms]
RCPT TO: <firstname.lastname@example.org>
554 5.7.1 <email@example.com>: Relay access denied [728 ms]
However, if I telnet to the Mail server FDQN on port 25 in the local LAN and run the same test above, both result as "Relay access denied":
mail from: firstname.lastname@example.org
250 2.1.0 Ok
rcpt to: email@example.com
554 5.7.1 <firstname.lastname@example.org>: Relay access denied
mail from: email@example.com
250 2.1.0 Ok
rcpt to: firstname.lastname@example.org
554 5.7.1 <email@example.com>: Relay access denied
Based on the information above my questions are:
1-Is open relay allowed by default on OS X Lion mail server?
2-Is it expected to see different results from internet open relay test tools available on the Internet that the relay is accepted?
3-Is there any further configuration/testing that can be done to make 100% sure that the Mail server is definitely not an open relay?
Thanks in advance,