Restricted SMTP Relay feature to prevent unsolicited email
If you are running the Mail Server feature of a Mac OS X Server that is connected to the Internet, it is essential that you use SMTP restrictions to keep the server from becoming an open relay. An "open relay" is a mail server that allows third parties to send mail to other third parties without authentication. Third parties can find an open relay and use it to send unsolicited email (sometimes called "spam"), and then a variety of spam prevention services will blacklist the open relay. Mac OS X Server 10.1.3 or later includes the Restricted SMTP Relay feature to prevent this. Points to remember:
- Restricted SMTP Relay utilizes a list of hosts (computers) that you trust, such as those on your local area network (LAN). An entry on this list may be a DNS name, an IP address, or a range of IP addresses.
- After this list is created and the feature enabled, the Mail Server loads the host list into a local cache for verification against all incoming SMTP connections. It checks all connections against this list for remote mail delivery regardless of the originating "mail from:" value. Any user who attempts to relay mail from a host not in the approved host list must authenticate via Authenticated SMTP, or it will have its mail rejected by the server.
Note: Unless you want your local email clients to have to authenticate via Authenticated SMTP, then you do not need to take any additional steps to set up Authenticated SMTP. Enabling Restricted SMTP Relay automatically enables Authenticated SMTP for hosts not in the host list. - Whenever Authenticated SMTP is enabled, your email server is effectively a "send only" server, because mail servers from other domains are most likely not configured to authenticate with your server. This means your local email clients can only receive email from other local clients. Authenticated SMTP also requires each user's email client software to authenticate before it sends mail through your server.
- If Restricted SMTP Relay is enabled and Authenticated SMTP is disabled, then you are protected from being an open relay, while still allowing local delivery of mail from any host. In other words, SMTP hosts that are not in the Restricted SMTP Relay host list cannot relay through your server, but your local clients can still receive email from them.
Note: This is the most common configuration.