

What is relaying?
Relaying is when a mail server accepts and delivers a message to another server.
A mail server accepting and delivering a message to an account on that server is not relaying.
A server accepting a message for an account that forwards to an address on another server is also not relaying.

When the protocol for email (SMTP) was originally designed, relaying wasn't a security issue so no relay security was built in.
Unfortunately spammers came along and changed all that by abusing the relaying capabilities of mail servers, 
so now it is necessary to restrict relaying to avoid your server being hijacked.

A number of different ways of restricting relaying have been added on to SMTP. 
ASSP supports IP based restrictions, and SMTP AUTH.

IP based restrictions decide if a message should be relayed based on the IP address of the client. 
The main advantage of this method is that it can support existing clients as is. 
The main disadvantage is that it is not very useful for supporting roaming clients that are connecting from unknown IP addresses.

SMTP AUTH (also known as SMTP Authentication or SMTP Authorization) is the ideal solution for roaming clients, 
as the client can authenticate with a username and password to allow relaying. 
This requires support for SMTP AUTH in the client (now days all clients support SMTP AUTH) and it typically needs to be turned on by the user.

Some email servers support POP-before-SMTP, where they will allow relaying from an IP address if a client has checked mail from that IP address in the last few minutes. 
There are a number of disadvantages to this, it requires that the client connect before sending (most clients don't support doing this automatically), 
it leaves a window where the IP address the client used could potentially be hijacked by someone else, and for clients behind routers or dialup servers using NAT it allows relaying for everyone else behind the router or dialup server. 
However there is code for POP-before-SMTP built into ASSP. 
It can be used "as is".  


---------------


The "Local Domains" are the  domain names that your mail
  system considers local.  Messages to "Local Domains" are also called "Incoming".
  Messages to domains not  in  "Local Domains" are also called "Outgoing".
  Messages from "Local Domains" are called "local" provided they come from IP's in  "Accept All
  Mail" , relayPort or are authenticated. ASSP supports also "POP before SMTP".
  Messages from domains not on in "Local Domains" are called "external". 
 
 
  That a mail claims to be from one of your local domains does not
  allow it to be relayed -- this is easily spoofed and not useful as a
  security measure. Spoofing an IP address is more complicated in this
  type of environment, and generally relaying is limited by IP
  address.

  If your clients dialup or are dynamically assigned from an untrusted
  pool, then the only reliable way to allow relaying is through
  AUTHENTICATED smtp, and your mail handler must support this type of
  authentication, and you must enable it in your clients. ASSP
  recognizes authenticated connections and allows them to relay.

  Not all ISPs will allow their customers to connect to your SMTP
  port. Many block connections to port 25 (except to their own mail
  server) to prevent spam. ASSP therefore provides a "Second SMTP Listen Port".