Your first order of business when configuring your mail server is to ensure that when users connect with Mail, Entourage, or their favorite email client, their username and password are transmitted securely to the server. On both the server side and the client side, authentication methods must be set up separately for POP/IMAP and SMTP.
Mac OS X Server supports several different authentication methods; you can select just one or several each for incoming and outgoing mail. Selecting a method means the server will agree to use that method if a client requests it; the only way to require a particular method is to select just that one method. As tempting as it may be to enable all the options to ensure global compatibility, doing so puts your users at greater risk. The wisest course is to enable only secure methods and then to educate your users about setting up their email software to use those methods.
Regardless of your authentication settings, if you enable SSL (as discussed later in this chapter), usernames and passwords are always sent securely.
To determine which authentication methods your mail server will accept, follow these steps:
Open Server Admin, which is located in /Applications/Server.
In the sidebar on the left, select your server.
If no services are listed under the server name, click the disclosure triangle next to the server name to reveal them.
If the service names are dimmed, choose Server Connect, type your username ...