A simple way to think of the SMTP Relay Options is, "Require authentication from all users who send mail through this server to non-local addresses except ..." For example, if 'Relay for local users only' is selected, then everyone must authenticate when sending mail to non-local addresses except for local users. A definition of each relay option is below.
Note: Mail which is destined to local users on the IMail server does not need to be relayed.
If any message which originates on a computer other than the IMail PC is to pass through the IMail server on its way somewhere else then IMail must relay the message. Typically, POP3 or IMAP mail clients on other work stations will send outgoing mail through an SMTP server (in this case, through IMail).
In SMTP Security (IMail Administrator | localhost) you will probably want Relay for Addresses. List the IP addresses (and/or subnets) that you want to Relay Mail For. (It is necessary to stop and restart the SMTP service after the change. If you are running version 8, you should also stop and restart the Queue Manager service.) No Mail Relay is also a secure setting.
Your users who send from IP addresses that you do not list must set their
mail clients to do SMTP login ("My outgoing mail server requires authentication").
Here are descriptions of each of the Relay choices:
Note that only 'No Mail Relay' or 'Relay for Addresses' can prevent unauthorized relaying by remote senders who "spoof" as local users.
Relay mail for anyone
If you set IMail to 'Relay mail for anyone' then IMail will accept mail from any host that is destined for any other host.
If this server is exposed to the internet, it is highly recommended you do not choose this option. Doing so allows unauthorized users to abuse your mail server by relaying mail through your system.
Relay mail for (IP) Addresses
This setting allows you to list IP addresses or groups of IP addresses for which
IMail will relay mail destined to non-local addresses. This setting also allows IMail to relay mail to this list of IP addresses. (This is required when you use IMail as a backup MX or SMTP Gateway.)
If most or all of your users have fixed IP addresses or have dynamic IP addresses from specific ranges, this is the recommended setting.
No Mail Relay
With this option, IMail will not relay mail through the server unless the sending user authenticates. On the SMTP Security tab, make sure that 'Disable SMTP "AUTH" reporting' is NOT selected. (In version 8 and higher, this option is on the SMTP Advanced tab).
No Mail Relay is the best solution for customers who are unable to choose 'Relay mail for Addresses' because their users connect using dynamic IP Addresses.
Relay for local hosts only
IMail checks the FROM address of incoming mail during the incoming SMTP session and determines that it contains a valid hostname. This must be the name of a host or virtual host on the IMail Server system, or a Host Alias of an IMail domain. If it is not, the server does not relay the mail. While this option is more secure than 'Relay mail for anyone', it is very easy for an unauthorized user to forge the FROM address on an email and impersonate a user on the IMail server. If the IMail server is exposed to the internet; this option is not recommended.
Relay for Local Users Only
IMail checks the FROM address of incoming mail during the incoming SMTP session and determines that it contains a valid email address of a local IMail user account. It does not check user aliases or lists. If the User ID is not valid or does not match the correct domain on which the user exists, the server does not relay mail.
You can use the accept.txt file in conjunction with these options to name remote hosts and users that you want the IMail Server to accept as "local" hosts and users. Again, while this is more secure than 'Relay for local hosts only', the FROM address on an incoming email can easily be forged and this setting should not be used if the IMail server is exposed to the internet.
Please note that any changes made to the Mail Relay Options will not be effective until the SMTP service is stopped and restarted. If you are running version 8, you should also stop and restart the Queue Manager service.
If a user not included by your mail relay settings needs outgoing access through your IMail server they can still send outgoing mail through IMail if they have a client that supports SMTP authentication. When this option is enabled in the mail client it performs an SMTP login, allowing the user to bypass your relay restrictions and send mail. The login used must be a valid username and password for a active user account setup on the server.