Rejected smtp servers, Mismatched dns name and ip address, Blacklisted servers – Apple Mac OS X Server (version 10.2.3 or later) User Manual
Page 397
Mail Service
397
SMTP Authentication and Restricted SMTP Relay Combinations
The following table describes the results of using SMTP authentication and restricted SMTP
relay in various combinations.
Rejected SMTP Servers
You can have your mail service reject SMTP connections from mail servers that you add to a
list of disapproved servers. Your mail service rejects non-authenticated SMTP connections
from disapproved servers. Only someone who has an account with a CRAM-MD5 or Kerberos
password on your server can send your users mail or relay mail through your server from a
disapproved server.
Mismatched DNS Name and IP Address
Your mail service can log and optionally reject connections from a mail server whose DNS
name doesn’t match the name that your DNS service gets when it looks up the mail server’s
IP address. This method intercepts junk mail from senders who pretend to be someone else,
but may also block mail sent from a misconfigured SMTP server.
You should be aware that because reverse-lookups of IP addresses involve contacting DNS,
they could slow down the performance of your mail service.
Blacklisted Servers
Your mail service can reject mail from SMTP servers that are blacklisted as open relays by an
Open Relay Behavior-modification System (ORBS) server. Your mail service uses an ORBS
server that you specify. ORBS servers are also known as black-hole servers.
SMTP
authentication
Restricted
SMTP relay
Result
On
Off
All mail servers must authenticate before your mail service
will accept any mail for relay or delivery.Your local mail
users must also authenticate to send mail.
On
On
Approved mail servers can relay without authentication.
Servers that you have not approved can relay after
authenticating with your mail service.
Off
On
Your mail service can’t be used for open relay. Approved
mail servers can relay (without authenticating). Servers
that you have not approved can’t relay unless they
authenticate, but they can deliver to your local mail users.
Your local mail users do not have to authenticate to send
mail.
This is the most common configuration.
LL0395.Book Page 397 Wednesday, November 20, 2002 11:44 AM