Email has become the electronic life’s blood of a company, the primary means used to communicate with co-workers and customers alike. This makes the stability and dependability of your email system the foremost responsibility of any IT team. In this four-part series, we’ll take a look at the best ways to configure new mail service for businesses on OS X Server, and why you might consider other options.

The Argument Against Hosting Your Own Email:

Since even before the popularity of the World Wide Web, running an internet email server has been synonymous with being an systems administrator. Windows-based organizations are most often built around Exchange systems, and few companies want to pay extra for outsourced services when they’re already paying someone good money to handle their IT needs.

There’s one good reason, though, to consider having your organization’s email handled by a dedicated hosting company: They’ll probably do a better job than you. More accurately, their environment is likely more robust, with multiple servers dedicated to mail, internet connections from several providers, and redundant power from two or more grids. Hosting services also include spam filtering, meaning that full-time spammers can fight full-time filtering systems instead of eating up your time and energy in an escalating arms race. With external hosting costs at $3-5 per user monthly, it’s worth adding up what hosting your own email might actually cost you.

Outsourcing email doesn’t make sense for every business (such as those with data centers, full-time IT staff, and/or regulatory requirements like HIPAA or Sarbanes-Oxley). For smaller companies, though, or those with limited resources, it’s an option to consider before implementing mail service on your own servers.

Configuring Basic Mail Service:

If your company decides to host email for its new domain in-house, the first step is to set up the Mail service on the machine you’ve chosen as your MX (or Mail Exchange) server. Open Server Admin and select the first server, choosing “Settings” from the toolbar and enabling “Mail” from the checkboxes below. Then select Mail from the left column, choose “Settings” from the toolbar once again, and start with the “General” configuration pane. Fill in the name of your domain (such as makemacwork.com) and of the machine you’re configuring (like mx1.makemacwork.com) in the “Domain name” and “Host name” fields.

Next, uncheck “Enable POP”, the more common of the two Unix email-retrieval protocols, which deletes messages from the server as they’re collected. While POP (designed in the days of dial-up connections) utilizes low bandwidth, it significantly increases the chances of messages being misplaced or deleted by users and isn’t really designed for enterprise use. Instead, enable IMAP (which can synchronize mail on the server with multiple devices such as laptops, iPhones, or a webmail interface), with no limit on the number of connections.

To allow incoming mail to be accepted by the server, check “Enable SMTP”, and below it “Allow incoming mail”. If your business is required by law to retain copies of all communications, you can check the “Copy all mail to” box and fill in an address to archive to, but be prepared that a company of reasonable size could fill up Terabytes annually with this approach.

Email Filtering Tools And Strategy:

Starting email is easy. It’s stopping it (or rather, handling it selectively) that takes work. OS X includes a number of mechanisms to regulate what kind of email users can receive and from whom the server will accept messages.

Moving to the “Relay” pane, you’ll find the first option already checked by default. Apple configures the OS X mail server to only allow relaying (the resending of messages from an external source) from machines on your local subnet. Unless you’re confident your network is locked down tight, you’ll want to consider removing those listings, instead adding only other mail servers within your domain, or even just the machine’s own IP for troubleshooting purposes. Be aware that at this point, only the addresses you’ve just added will be able to send email through this server. We’ll add the ability for client machines to send mail when we set up authentication methods later on.

At the bottom of the pane, you’ll find a field to use what Apple calls “junk mail rejection servers”. Also known as DNS blacklists, these servers store the IP addresses of supposed or suspected spammers. While blocking the addresses on these lists can significantly reduce the amount of junk mail a server receives, this method (like any filtering scheme) runs the risk of creating false positives and denying legitimate mail.

The “Filters” pane addresses the spam issue by content rather than by origin, allowing the server to check for common spam characteristics. Checking “Scan email for junk mail” enables this feature, while the “Minimum junk mail score” determines how many matching patterns flag a message as spam. Unless you’re deleting suspected spam without warning, a lower, more aggressive score will probably yield results users prefer.

The big question, once you’ve marked mail as “junk”, is what to do with it. Of the four options, the most polite (or lenient) is to deliver the mail, usually with some warning in the subject line. This option also puts a junk warning in the message headers that most email clients can interpret. For users with little spam, this may be a sufficient step, but in many environments you’re better off bouncing suspected messages and letting legitimate senders contact the intended recipient when they’ve been filtered. If you do choose this option, it’s best to have a clear mail-handling policy in place that’s shared with users prior to implementation. You’ll also want to avoid configuring a “Send notification to” address, which will fill up with thousands (if not hundreds of thousands) of messages every day.

Also in the “Filters” pane are anti-virus options. While viruses haven’t been an issue on OS X, certain scripts can still effect the Microsoft Office products or be manually forwarded back to Windows users. There’s no compelling reason not to “Scan email for viruses”, which can simply be bounced back to the sender and the recipient notified.

Next Week: In part two, we’ll look at configuring quotas, determining authorization methods, and enabling user accounts for corporate mail.

Recommended Reading: Back in 1993, Terry Gray at the University of Washington compared IMAP vs. POP. Surprisingly little has changed since then. In 2006, Wikipedia posted it’s first comparison of DNS blacklists, which has been kept current ever since. For more information on the spam and virus protection built in to OS X Server, check the SpamAssassin and ClamAV websites.