- It should be private - and run on servers I own.
- It should run on a Mac.
- It should require little administration once setup.
- It can send mails to external domains.
- It works with Frontier home internet server (dynamic IPs, blocking of SMTP ports)
So I purchased OS X Server 4.0 for OS X 10.10.1 (Yosemite). I was impressed with the functions that are thrown into this 19.99 dollar package. Anyway - setting up the mail server.
Setting up email to work locally in your network.
- Start up OS X server
- Enable the Mail service.
- Create a domain in the mail service (i.e. my domain.com)
- Create email addresses in this mail domain. (Each email address appears to map to a local user. I'm not sure how to setup mailboxes without creating users.)
- At this point - you should be able to setup email clients that can use IMAP, POP to send and receive emails to each other (within the domain). However you cannot send or receive external email.
- Use the log (Mail / SMTP Log) to get familiar with how you can observe the behavior of mail services. This will come handy later.
Internet - receiving mail from the net
- I wanted a SMTP backup server - so email can arrive even when my server is down. I used dyn.com mail backup service. The other advantage is that their servers are more secure and can filter out a lot of the spam before it reaches your server and restrict the user names also. The downside is that to some extent your mail is stored on their servers. If I had a reliable & secure 24x7 server in EU countries, I may not need them - but that needs some more searching.
- Go to Dyn.com - and create a dynamic host.
- Download the DynDNS utility to automatically update the dynamic host with your public Internet IP.
- Open the firewall ports - Use Firewall port forwarding to send the port 25 traffic to your Mac OS X server.
- In Dyn mail backup setup, enter the dynamic host - this is what Dyn will contact if it gets an email for you.
- Go to your domain's DNS - and setup the MX records to point to the dyn.com backup SMTP servers. If you want, add your own server as an MX record.
- Test it out. Send yourself an email from yahoo/outlook/gmail...
- Check the Mail logs in the Server App - to see whether Dyn contacted your server.
Internet - sending email out.
- Edit your DNS to add a text record for SPF (I used - "v=spf1 mx ~all", which allows mail exchangers to send text for this domain).
- If you are behind an ISP which restricts SMTP for home users (e.g. Frontier), you must use their SMTP relay host (smtp.frontier.com). (Setup your Frontier email address; check it works with your Mail app; use the email address and password in the Mail Services setup for relay host).
- However, in case of Frontier, the authentication was plain text. There was no way to figure this out from the GUI. So drop down to Terminal and edit main.cf
- Go back to the Mac Server App and stop / start the mail service. Check your mail logs - to see if you get an error that postfix is not started (in that case go back and check you type things correctly in main.cf above)
- Use your Mail app to see that you can send out mail.
DKIM signing on Mac OSX
- DKIM - domain key identified mail - is a secure way to ensure that the sender is a valid sender.
- This Q&A on Apple discussion forum talks you through setting up DKIM.
- Some changes are necessary for these to work on Yosemite (OS X 10.10.1).
- The configuration files are located in /Library/Server/Mail/Config/amavisd instead of /etc/amavisd.conf
- There is no /var/amavisd - so I used the above directory to store the dkim_key file.
- To run the amavisd command use "amavisd -c /Library/Server/Mail/Config/amavisd/amavisd.conf showkeys".
- To flush the cache on Yosemite - use
sudo discoveryutil mdnsflushcache;sudo discoveryutil udnsflushcaches - Alternatively shutdown your DNS server and restart it from Server App.
- Send a new email from your Mail App.
- (Tip - in the Mac Mail App for yosemite, use View>Message>All Headers - to see if a DKIM-Signature was generated.
No comments:
Post a Comment