That's what I like to see commitment ! (overtime I hope !)
Don't worry about Open Relay, as I said before the standard install does not leave you as an open relay.
A few pointers:
SMTP (Simple Mail Transfer Protocol) is used to send 'emails' from clients (your users) to the mail server, it also sends 'email' from one server to another !
POP (Post Office Protocol) is one way that clients (your users) can receive email from the server.
As you stated in your PM, SMTP requires port 25 to be open and forwarded to your mail server. POP requires port 110 to be open and forwarded to your mail server. You can also use IMAP (Internet Message Access Protocol).
Example Pics below.
Mac OS X Server (Panther) uses Postfix to provide SMTP services, depending on your needs sometimes you have to use the command line (Terminal) To edit the Postfix config files...
www.postfix.org has a lot of info on it !
IMAP and POP are provided by Cyrus.
http://asg.web.cmu.edu/cyrus/
As long as your DNS records are correct and the Firewall(s) are configured to let the correct data in and out, then it should be quite straight forward !
-------------------------------------------------------------------------------------------------
Open server admin, Select Mail service, click the settings tab, click the general tab.
Click enable SMTP
Ignore 'Relay all mail through this host' ( this is used if you have more than one email server and this server would then forward all the outgoing mail to the other server)
Click enable POP
Click enable IMAP (only if you need it, personally I don't use it, so I leave it unchecked)
Copies BCC if you click this, and add in an email address to the line below, all undeliverable emails will be sent to the email address specified.
Copy incoming and outgoing messages to, again if you click this and enter an email address all email's going through the server can be sent to someone...be careful with this one. If your company allows staff to send and receive email...you need to have a 'usage' letter/policy written out for all the staff to see. ie "Our company allows the use of the email system for work related messages only, all emails are monitored."
Would need to be a lot longer and 'more' than this but you get my drift...then an employee can not complain because you have read his/her email that she sent out with a CV attached looking for a new job. You do however need to be very careful, and check the current Data protection laws etc. Plus you need to be very discreet !
Now click the advanced tab:
Check that your mail servers MX record is in the local host aliases pane, if it isn't than add it in, or double click on the current entry and edit that one !(to add a new one)...press the plus sign and then type in the mail servers name. Mine would be:
mac-help.com
If you had other domains, or sub domains you would add them in here.
ie
faqs.mac-help.com
blog.mac-help.com
mac-help.com
So as long as DNS, MX records were setup correctly any emails coming to @faqs.mac-help.com or @blog.mac-help.com or
@mac-help.com would all get routed/accepted through this server !
It will also tell you below the Local Host Aliases pane where the mail will be stored, you don't have to change this just leave it as is. When you become more familiar with OS X Mail Server you may have a reason to change it, in the future.
When this is done press the save box to save changes...
Now go back to the overview button, and then click Start Service...your mail server is now running !
Now do a restart ! When it's back up reopen Server admin and check that Mail Service is running.
Don't worry, about being an open relay we will now secure it !
Back to the Mail Service settings-->Advanced tab
Now depending on what you are running, POP and SMTP etc click on the clear for POP and PLAIN for SMTP. This is the weakest form of protection, but it will do the job. (by clicking on any of those check boxes...activates password only usage ie. If a Hacker does a Port scan on you machine and see's that ports 25 and 110 are open (which they will be !) he/she knows that you are running a mail server...but by selecting any of those check boxes, this now means that the Hacker has to enter a password to send any emails through your server...more often that not,they will just move on to the next target, which is not secured ! The only real reason to use any of the other Password 'schemes' is to provide better protection. To be honest clear/plain or better still login will do an adequate job.
Remember: which every 'sceme' you use you 'clients' must be able to use the same scheme, otherwise they won't be able to send and receive mail !!
Now you need to enable 'Mail' services for each user, unless you have already done it !
Open Workgroup Admin and select which ever user you are going to start with...
Then select the mail tab, and click "Enabled"
You can now set their Mail Quota Size (how much space they are allowed) if left at 0 this gives them unlimited space...I would leave it at 0 for now !
Then below that, you can click on the "POP Only" button, (Unless you are going to setup IMAP).
Leave the Alternate Mail store for now, let the Server put the Mail where it wants to !
You may need this later, once you have been running the server for a while !
One common mistake/annomily is that when you have set up all your users accounts, most people go into 'Mail Service' in Server Admin and look in the Accounts Pane...there will be "no" accounts there !!!
You will have set them up correctly but they do not 'appear' in the Server Admin Mail Accounts Pane until they become 'Active' ie someone sends or recives an email for that account...try it, set up one account in the Workgroup Manager and then have a look...it will look like there is no account setup ! Fire off an email to that account and then check again (a few minutes later), and hey presto it magically appears...this one confused a lot of us !!!
Now set up your email clients...then start sending off some test emails !
Whenever making changes to any config elements in Mail Service - you must restart Mail Service...there are quicker and better ways of doing this with the Terminal but we'll save them for another day....
regards
Ric