On a protocol level, Simple Mail Transfer Protocol (SMTP; the protocol for sending email from one server to another) is not secure and provides no user authentication. Any user can connect to an SMTP server and send mail to any other user. Because of this, email servers usually implement their own form of user authentication and protection against unauthorized users. In addition to this, network administrators often design network firewalls to prevent abuse of the company mail server.
AppleShare 6 provides some features to help administrators prevent unauthorized users sending email through the AppleShare mail server.
Prohibit SMTP Relay
If your mail server is on the Internet, an unknown user could potentially use your server to relay a large batch of emails to other users anywhere on the Internet. You can prevent this by editing the default host profile and enabling the "Deliver mail from this host to local addresses only (no SMTP relay)" option. When this is turned on, the mail server will look at the "MAIL FROM" and RCPT TO" commands of the SMTP session. If the mail is coming from another server, then it must be sent to a user on this server. The mail server will reject email if a remote server connects to the AppleShare mail server to send mail to a third server.
By modifying the default host profile, you are ensuring that any new host that connects to the mail server will have SMTP relay disabled. If you do this when you first set the server up (before an extensive host list is created), that will ensure that all hosts will be unable to use the mail server as an SMTP relay.
Check For Local Users
This is an added protection to the step above. Rather than just looking at the host part of the email address listed in the "from:" field, the mail server verifies that the user from whom the mail is coming is a valid user in the User & Group list, and that the user has mail enabled.
This option is located in the Mail Server Settings window, under the "Mail In" tab.
Reject Mail For A Specific Host
The AppleShare IP mail server also gives you the ability to reject mail on a host-by-host basis. If you notice that you are receiving unwanted email from a particular host, you can edit that host in the host list to reject all incoming mail from that server.
TCP Filtering (Requires Mac OS 8.5 & AppleShare 6.1 And Later)
SMTP works over TCP/IP port 25. TCP Filtering (available with AppleShare 6.1 and later) will block this port, effectively blocking all incoming and outgoing email with a specified IP address (or range of IP addresses).
TCP filtering works on a lower level of network protocols than the mail server. If you are blocking a mail server with TCP filtering, your AppleShare IP mail server will not even know that the remote user is trying to connect. From the remote server's perspective, the AppleShare mail server is not on the network. Also TCP Filtering works on IP addresses, rather than Host names as the mail server does.
RealTime Black Hole List (AppleShare 6.2 and later)
The AppleShare IP mail server allows you to prevent unwanted mail by checking and blocking a connection. When you enable this option, the mail server compares the incoming connection's originating address against an active list on a server maintained by a private company. If the originator is on this list, the connection is refused and the originator's mail will not be delivered to the users on your AppleShare IP mail server.
This option is located in the Advanced Server Settings under the Anti-Spam tab. The checkbox titled "check Incoming SMTP Connections" allows you to enable/disable the option. The default server is the Realtime Blackhole List.
Reject Connection If Name Does Not Match Address (AppleShare 6.2 and later)
Mail servers identify themselves when they start a connection (with the HELO command). The mail server verifies the self-reported name against a reverse DNS lookup of the IP address. If the two do not match, the connection is terminated. While this command can prevent unsolicited email, it can also keep you from receiving legitimate email from servers that are misconfigured.
This option is located in the Advanced Mail Server Settings under the Anti-Spam tab. You must first enable "Log connections if SMTP name does not match address" to enable this option.