beautypg.com

Rejected smtp servers, Mismatched dns name and ip address, Blacklisted servers – Apple Mac OS X Server (Administrator’s Guide) User Manual

Page 375

background image

Mail Service

375

SMTP Authentication and Restricted SMTP Relay Combinations

The following table describes the results of using SMTP authentication and restricted SMTP
relay in various combinations.

Rejected SMTP Servers

You can have your mail service reject all SMTP connections from mail servers that you add to
a list of disapproved servers. Your mail service does not allow anyone to authenticate from a
disapproved server. No one can send your users mail or relay mail through your server from
a disapproved server.

Mismatched DNS Name and IP Address

Your mail service can log and optionally reject connections from a mail server whose DNS
name doesn’t match the name that your DNS service gets when it looks up the mail server’s
IP address. This method intercepts junk mail from senders who pretend to be someone else,
but may also block mail sent from a misconfigured SMTP server.

You should be aware that because reverse-lookups of IP addresses involve contacting DNS,
they could slow down the performance of your mail service.

Blacklisted Servers

Your mail service can reject mail from SMTP servers that are blacklisted as open relays by an
Open Relay Behavior-modification System (ORBS) server. Your mail service uses an ORBS
server that you specify. ORBS servers are also known as black-hole servers.

SMTP
authentication

Restricted
SMTP relay

Result

On

Off

All mail servers must authenticate before your mail service
will accept any mail for relay. Authentication is not
required for delivery to local mail users. Your local mail
users must also authenticate to send mail.

On

On

Approved mail servers can relay without authentication.
Servers that you have not approved can relay after
authenticating with your mail service.

Off

On

Your mail service can’t be used for open relay. Approved
mail servers can relay (without authenticating). Servers
that you have not approved can’t relay unless they
authenticate, but they can deliver to your local mail users.
Your local mail users do not have to authenticate to send
mail.

This is the most common configuration.

This manual is related to the following products:
See also other documents in the category Apple Software: