Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
41424344454647484950
4. Do the same thing for the server.key file and the ca.crt file, next to the Key
File and CA File entries, respectively.
5. In Server Admin, click on the Options tab, and make sure the Performance
Cache is disabled for this SSL site. The Performance Cache may cause
problems with the SSL authentication.
6. Click Save.
The web server should now accept SSL connections on the port specified.
4.7 Securing E-mail Services
The e-mail services shipped with Mac OS X Server consist of two software packages:
Postfix for outgoing e-mail service, and Cyrus for incoming e-mail service. The
Postfix software provides an SMTP server that allows users to send e-mail. The
Cyrus software provides both IMAP and POP3 servers that allow users to retrieve
their e-mail from the server. The following sections cover basic security settings;
securely configuring every feature of the Postfix and Cyrus packages is out of scope
for this guide. More documentation and configuration advice is available in Apple’s
Mac OS X Server Mail Service Administration” guide and the project web pages
(http://www.postfix.org
and http://asg.web.cmu.edu/cyrus).
4.7.1 Disable Unnecessary E-mail Services
Mac OS X includes support for three e-mail service protocols: IMAP, POP, and
SMTP. Turn off support for any of these protocols that is not required. We also
recommend using different systems for providing outgoing mail service (SMTP) and
incoming mail service (IMAP or POP) where possible. The e-mail services are
disabled by default, but verification is recommended. To deactivate unnecessary e-
mail services:
1. Open Server Admin.
2. Click Mail in the list for the server you want.
3. Click on the Overview button and verify that the pane says “Mail Service is:
Stopped”. If not, click Stop Service.
4. Click on the Settings tab.
5. Uncheck “Enable SMTP” if the system will not be used as an outgoing mail
server.
6. Uncheck “Enable IMAP” if the system will not be used as an incoming mail
server.
7. Uncheck “Enable POP” if the system will not be used as an incoming mail
server.
8. Click Save.
43
UNCLASSIFIED