Mac OS X Server comes with SquirrelMail, an open source Web-based interface for users to access their mail. This interface resembles that offered by many of the free Web email services, and is a convenient option to offer your users who may wish to check their email from locations that offer Web kiosks but no way for them to make a direct email connection using IMAP or POP. It's important to realize that WebMail acts just like an IMAP and SMTP client to your existing mail server. It is not a mail server itself. It does not support POP. Also, it currently does not support making an SSL connection to your mail server. Therefore, you should offer the WebMail service on the same machine as your mail server so that clear-text passwords aren't being passed over the network. You can (and should) use SSL for the Web server itself, though, so that the users' passwords and email content are encrypted between the Web kiosk and your Web server. To enable WebMail 1. | From the Computers & Services column, select Web. | 2. | Select the Settings tab at the bottom of the screen and then select the Sites tab. | 3. | Double-click the site that will host your WebMail service (Figure 8.60). Figure 8.60. Use Server Admin to select your HTTPS Web site. Since your users will be typing their passwords, this should be an SSL-protected site. See Chapter 9, "Web Technologies" for information on configuring your Web site to use SSL. | | | 4. | Select the Options tab at the top of the screen. | 5. | Select the Enable WebMail check box and click Save (Figure 8.61). Figure 8.61. Check the box on the Options tab to enable WebMail through this Web site. | 6. | To get a command-line session on your mail server, either launch the Terminal utility from the local console or use ssh to connect to your server. | 7. | Type the following command (Figure 8.62): sudo /etc/squirrelmail/config/conf.pl Figure 8.62. Configure WebMail through an easy-to-use text configuration tool. | 8. | Select option 2 (Server Settings). | 9. | Select option 1 (Domain) and type the domain (the part after the @ sign in email addresses) that should be used for outbound email (Figure 8.63). Figure 8.63. Set the domain name of your server in the WebMail configuration. This setting is used primarily for sending messages through the WebMail interface. | | | 10. | Select option A (Update IMAP Settings). | 11. | Select option 6 (Authentication type). | 12. | Type n since you don't want to detect supported mechanisms. | 13. | Type cram-md5 (Figure 8.64). Figure 8.64. Since you disabled weak authentication methods, you must use the text configuration tool to change the WebMail authentication to CRAM-MD5. | 14. | Type q to quit and y to save when prompted. You should now be able to access your mail from this URL (Figure 8.65): https://www.yourserver.xyz/WebMail Figure 8.65. WebMail provides an easy-to-use interface to access your inbox from any Web browser. | Tip In the SquirrelMail configuration, don't be tempted to turn on Secure IMAP (TLS). Although SquirrelMail supports TLS (a variant of SSL), it is not currently supported by the PHP build that comes preinstalled on Mac OS X Server. Creating user aliases Some users may wish to receive mail addressed to alternate usernames or aliases. This is simple to achieve using Mac OS X Server through Workgroup Manager. To create user aliases 1. | Launch Workgroup Manager, and in the lefthand column, select the user for whom you want to create an alias (Figure 8.66). Figure 8.66. Aliases are stored in the Short Names field of a user record in Workgroup Manager. | 2. | In the Short Names field, double-click to add a new entry containing the desired alias (Figure 8.67). Figure 8.67. Type the new alias this user should receive mail as. | 3. | Click Save. | Creating user aliases with Unix You can also create aliases using the traditional Unix method, which is useful if you want to use an alias to forward mail to multiple people. This effectively creates a group email address, but without the overhead (or features) associated with mailing lists. To create user aliases with Unix 1. | Use your favorite text editor to open /private/etc/aliases. You'll have to do this as root using sudo. | 2. | Add a new line to the end of the file of this format: desiredAlias: username,username,… Examples might be: magic.triangle: joel,josh company-leaders: steve@apple.com,schoun teacher: schoun | 3. | Save the file. | 4. | Type sudo postalias /etc/aliases. | 5. | Type sudo newliases. | Tip The last two commands update the mail server's alias database. You'll notice in the examples that the recipient list for an alias can consist of just usernames for people on the local server, or it can contain full email addresses to forward the mail to someone outside of your network. Multiple recipients should be separated with a comma. Hosting multiple domains You may wish to use one mail server to host many domain names. It's common for a company to have many variations of the domain name and to want to accept messages from all of them. You can choose from two types of multiple domain hosting: one where all of your users accept mail for a number of domains, and another where some users are in some domains and other users are in other domains. To set up a host to accept mail for different domains 1. | Launch Server Admin and select Mail from the Computers & Services column. | 2. | Select the Settings tab at the bottom of the screen and then select the Advanced tab. | 3. | Select the Hosting tab, then click the plus button next to the Local Host Aliases field. | 4. | In the window that appears, enter the name of the domain of the host alias and click Save (Figure 8.68). Figure 8.68. Click the plus button in the Hosting tab of Server Admin to receive mail for other domains. Once you configure your MX records for the other domains, your mail server will start accepting mail for the other domain using the same usernames that are available for your primary domain. One problem, however, is that messages coming to your alternate domain may not be scanned for viruses and spam. There's an easy solution for that too. | 5. | Using your favorite text editor, such as emacs, pico, or vi, edit /private/etc/amavisd.conf. | | | 6. | Find this line: @local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains and add any other alternate domains you may receive mail for: @local_domains_acl = ( ".$mydomain", "myotherdomain.com,"domain3.net"); # $mydomain and its subdomains | 7. | Save the file. | Hosting specific domains The second method of hosting multiple domains is a little different. You still have one host accepting mail for multiple domains, but in this case, a given user on your system won't accept mail for all the domains, but only for domains explicitly set for that user. To set up a host to accept mail for specific domains 1. | Follow steps 12 in the previous exercise. | 2. | Click the Hosting tab and select the "Enable virtual hosting" check box. | 3. | Click the plus button next to the Locally Hosted Virtual Domains field. | 4. | In the window that appears, enter the name of the domain of the virtual host and click Save (Figure 8.69). Figure 8.69. Click the add button in the Hosting tab of Server Admin to enable virtual domains on your server. Now you need to tell the system which users will accept mail for this domain. | 5. | In the left column of Workgroup Manager, select the user you want to add to this domain. | 6. | In the Short Names field, double-click to add a new entry containing the full email address that user will get mail for, and then click Save (Figure 8.70). Figure 8.70. Enter the full email address for users receiving mail from virtual domains. | Configuring files The configuration options available through the Server Admin tool only scratch the surface of what you can do with Mac OS X Server's mail service. Hundreds of other advanced options are available to you if you edit the configuration files directly. If you choose to do so, however, you should be sure to make backup copies of the files you change. Certain configuration files may be overwritten completely if you (or another administrator) uses the Server Admin tool to make a change later. One option to lessen this impact is to use include files where they're supported. Keep all of your local configurations in separate files, and use an include directive in the main configuration file to read your changes. Unfortunately, not all of the configuration files support file inclusion. Consult the documentation for the specific service to learn more about the options in its configuration file, or simply read through the comments included within the file. Some of the configuration files include: Using Sieve scripts Sieve is a very powerful scripting language for mail servers. The primary use of Sieve is for doing server-side filtering and mailbox sorting. One example use is to automatically move spam messages into a user's spam folder. Users wishing to utilize Sieve must upload their scripts to your mail server using a process called timsieved, which must first be enabled by you, the administrator. Once enabled, there are Perl scripts, WebMail plug-ins, and other ways users can interact with Sieve. Consult the Mail Service Administration manual, or use the Internet archive (www.archive.org) to view the contents of the now-nonexistent www.cyrusoft.com/sieve/ Web site from November 2004. Using cyradm cyradm is also included with Mac OS X Server. It can be used to interact directly with your IMAP server to create and delete mailboxes, and much more. One common use of it is to modify the permissions on a mailbox for granting other users access to someone's mail. For more information on cyradm, consult the man page: man cyradm Clearing the queue After you've run your mail service for quite some time, you may need to empty your mail queue. The queue holds messages waiting to be delivered. Over time, forged messages from spam may clog your mail server while bounce messages are being redirected to nowhere. You may wish to occasionally check your mail queue for such messages and clear them manually if needed. To clear your queue 1. | From the Computers & Services column, select Mail. | 2. | Select the Maintenance tab at the bottom of the screen and then select the Mail Queue tab. | 3. | Select the desired message and click Retry or Delete, depending on whether you want to attempt to re-send it or just delete it from the queue (Figure 8.71). Figure 8.71. Server Admin can be used to view the mail queue on your server. | Tip |