Version 4

Mac OS X Server Mail

Information about the pros and cons of Apple's Mail server built in to OS X Server

Created by: spiderr, Last modification: 24 Sep 2007 (19:25 UTC) by spiderr


With Mac OS X Server 10.4, Apple introduced new suite of mail server tools. Similar to Apple's use of Apache, these tools are all based on open-source tools that are workhorses for UNIX servers. Apple has also added a very nice GUI on top of these tools to make adminstering them very simple for the non-unix inclined. This GUI can be found in the "Server Admin" application, and click on "Mail". Even for shell geeks, the integration of the GUI to text config files is extremely useful for people with more important servers to run.

The Apple mail server uses postfix as it's primary smtp gateway. For virus protection, it uses amavisd which launches spamassassin for spam cleanup. This all comes preconfigured and ready to go out of the box.

Remote Administration

Everything can be done via the command line, however the OS X Server gui makes life painless. To run this remotely and free, do the following:

  1. Run OSXvnc on your serve
  2. On your local machine, enter the following code into ~/.ssh/config
    Host mail
            User johndoe
            Compression yes
            LocalForward 5901 localhost
    and the "ssh".
  3. Once logged in, run your local VNC client, Chicken of the VNC is a great Mac VNC client. Open a connection to "localhost" and display "1"

You should get a window to the server. If not, first make sure you have a connection to port 5901 open on your local port. For example, try "telnet localhost 5901". If that does not connect, try a direct ssh port forwarding with"ssh -C -L 5901:localhost:5901"

Webmail support

While Apple does not include any webmail support, is a fabulous web 2.0 webmail application that works with IMAP and is comparable to yahoo/gmail. It can be setup up on an OS X Server machine in about 10 minutes.

Installing Pitfalls

Out of the Box, the mail suite is ready to go. However, there are few dangers.

CPAN upgrade trouble

  • CPAN can upgrade the Net:Server module which can cause trouble, as described in this forum post - OS X Server 10.4.x ships with Net:Server 0.87, however the latest is 0.96 - you can downgrade Net:Server with
    cpan> install R/RH/RHANDOM/Net-Server-0.90.tar.gz

Darwin Ports / Fink danger

  • If you use Darwin Ports or Fink, the shell PATH might be modified to use the ports version of perl and hence the ports version of the spamassassin modules.
  • Make sure your updates are installed and working. Per the Wiki link below, make sure you have updated all your perl modules and turned on DNSRBL, etc. For example,
    root$  sudo cpan -i HTML::Parser Net::DNS  Mail::SPF::Query IP::Country Razor2 Net::Ident IO::Socket::INET6 IO::Socket::SSL DBI LWP::UserAgent HTTP::Date Archive::Tar IO::Zlib

Virus Filtering with Amavis-d

Amavis-d is the virus scanning tool invoked by postfix.

See detailed explanation of amavisd.conf.

DNS Spam Prevention

There are two main options DomainKeys, and SenderID.
DomainKeys were invented by Yahoo, SenderID was invented by Microsoft. These are arguably competing techniques, however, implementing both seems to have no ill-effect. Given SenderID was invented by Microsoft, you can be assured Outlook Server SMTP gateways employ SenderID, and are unlikely to support DomainKeys any time soon. In early 2005 when these proposals came out simultaneously, they were seen as competing techniques. As time has passed, they are now seen as more complementary, and typically both are implemented.


To use DomainKeys, typically a filter or "plugin" is needed for your SMTP gateway. There is a postfix filter that is fairly easy to install and configure. Several perl modules need to be installed:

cpan -i Crypt::OpenSSL::RSA Mail::Address MIME::Base64 Net::DNS Net::Server Test::More

SenderID (and SPF)

SenderID merged with a smaller group called Sender Policy Framework (SPF). SPF is a very simple mechanism for specifying which servers are valid for sending your email and is much simpler to implement than DomainKeys. Microsoft holds several patents in relation to the SenderID framework, however it released those patents in the "public domain" this past october. Beyond the typical cynicism of Microsoft's ulterior motives, SPF has a significant amount of technical criticism. Regardless, many major ISP's are using SPF to filter mail, including AOL (and RoadRunner) which has in some reports exclusively implemented SPF to some degree. (Spamassassin reports SOFT_FAIL reports from bogus emails.) Spamassassin easily supports SPF with a few simple cpan installs.

The quickest way to get the DNS entries up and running is to follow the wizard.

Spam Filtering with SpamAssassin

SpamAssassin (SA) is launched with Amavis-d. There are several SA settings in /etc/amavisd.conf

More Options

  • ASSP Anti-Spam SMTP Proxy


Page History
25 Sep 2007 (15:47 UTC)
Current • Source
View • Compare • Difference • Source
View • Compare • Difference • Source
View • Compare • Difference • Source