[ Thanks to Baiju Thakkar for this
link. ]
“Those of us who run multipurpose servers are probably familiar
with the conundrum of what to do about clients who want to use your
machine as their primary mail server. It would be easy if everybody
had a static IP address, but more likely they have dynamic IPs
through a cable modem or dialup account. If you want to allow them
to use your SMTP server for their outbound mail, then you have to
either maintain an annoying list of their IPs in your access file
to allow relaying, and you have to edit that file as needed when
they change ISPs or go to their school/office network, or you can
simply allow your server to relay mail for anyone; of course, this
latter option is easier for you, but you are now a portal for any
and all spam. Even if you don’t care about being a ‘good netizen,’
this also puts you at risk for having your domain added to
blacklists, thus hampering your overall email capability.“Here, I will outline an alternative, which allows all of your
users to relay mail through your server from anywhere, but which
still prevents you from being an open spam relay. This is achieved
via the use of SMTP-AUTH, which requires users to authenticate with
their username and password before they can send email through your
server. This means that your valid users will be able to use your
server from anywhere, regardless of whether or not their IPs are in
the access list, as long as their mail clients support SMTP-AUTH
(which most now do). For added security, we’ll use enable SSL also,
so the login/password and the session can take place over an
encrypted layer if users so desire. The addendum at the end
describes how to enable secure IMAP (which is far simpler!)…”