Mac OS X Server Mail Service Boot Camp, Part 1: The Basics
How to configure the Mac OS X Server mail services is a topic that is not often discussed when talking about server management. In fact, mail services have been removed from the Apple Mac OS X Server Essentials course curriculum and exam. This series discusses the basics of how to configure Mac OS X Server as an email server. It focuses on configuration basics using Server Admin and some of the advanced configuration that can be done from the command line.
Mail services under Mac OS X Server have actually gone through an interesting series of changes over the past few years. The original mail service was developed by Apple based on the email server included with AppleShare IP (Apple’s classic Mac OS server platform). However, in Mac OS X Server 10.3, Apple dropped this earlier email platform in favor of a series of open source Unix mail daemons. Apple has integrated these tools into the Server Admin graphical interface and has also included some interaction between these tools and Open Directory to allow you to manage email accounts as part of general Mac OS X user account management. They can also be managed from the command line as they would be under any other Unix or Linux operating system.
Mail Protocols and Service Overview
Properly configuring a mail server requires a basic understanding of how email as a whole functions. Sending and receiving email through the Internet requires not only a server but also the proper DNS configuration. Regardless of whether you are using private IP addressing and/or NAT to manage Internet connectivity for your organization, your mail server must have an IP address that is accessible to the Internet at large. You can connect it to a DMZ or other external port on your firewall or router, or you can configure a port forwarding rule that forwards any communication from the Internet over the standard mail protocol TCP ports (25, 110, and 143) to your public IP address to the internal address of the server.
The DNS records for your domain name also need to include an address and mail exchanger (MX) record for your server. The address record includes the server’s fully qualified domain name (that is, mail.mydomain.com) and its public IP address so that other mail servers (and email clients) can reach it. The mail exchanger record tells other mail servers which server handles email for the domain. A mail exchange record can actually specify multiple mail servers if you have a large organization and want to implement a backup mail server along with a value to identify the order in which each server should be used in the event that the first server cannot be contacted. Some ISPs will offer to allow you to use their mail servers as a backup server temporarily. Configuration of the DNS records for a domain should be accomplished with your ISP or domain name registrar.
The SMTP protocol manages the process of send email. Under Mac OS X Server, SMTP service is handled by the Postfix daemon. When an email is sent by an email application, it gets transmitted to the mail server by SMTP over port 25. The SMTP server (Postfix in this case) examines the recipient headers of the email. If need be, it queries a DNS server to determine the appropriate destination server and that server’s IP address. It then establishes a connection to that server and transmits the messages (again using the SMTP protocol). The message is then routed to the appropriate mail storage location, where it waits for the recipient to receive it.
Receipt of email is managed by one of two other email protocols: POP and IMAP. POP is the older and simpler of the two. Email clients connect to a mail server using POP over TCP port 110, supply user credentials, and then transfer the message to the computer on which they are being run. Typically, the message is then deleted from the server. POP servers deal only with the download of received messages and do not keep track of whether the message has been read (a job left to the email clients).
IMAP manages email in a more hands-on approach. When an email client connects and authenticates to an IMAP server, mail can be read, but it remains stored on the server. The server also identifies messages that have been read. This enables email clients on multiple computers (as well as web-based email clients) to be able to access the same mailbox and see the same series of messages and note which ones have been read. IMAP also supports caching a copy of received messages on email clients for faster and offline access. IMAP supports a wider range of authentication methods, making it a more secure protocol. However, the storage of all messages on the server also means that IMAP servers require more resources than POP servers.
Virtually all email clients today support both POP and IMAP. Both protocols are also managed by the same mail server component, Cyrus, under Mac OS X Server. You can choose to encourage users to use one of the two protocols in your organization and you can even choose which of the two will be available on your mail server.