SMTP Relay Protection should be used on ALL SMTP mail servers (such as VPOP3) which have a permanent connection to the Internet. You may also want to use it on servers which are only connected occasionally via a dial-up connection.
SMTP Relay Protection is needed because junk emailer's (SPAMMERS) often do network scans looking for unprotected mail servers and then use those to send their junk email out to other people on the Internet - so they are using your mail server without your permission.
There are several ways of protecting VPOP3 against this type of abuse. In general the best way is to make VPOP3 check the IP address of the computer which is connecting to it against a list of allowed addresses. If the connecting computer is an allowed one, VPOP3 will let it send local or outgoing mail, otherwise it will just allow it to send mail to local users (this is needed for incoming SMTP connections).
On the Services page, click on SMTP Server From the SMTP Anti-Relay Protection list choose Check Client IP Address. Then, in the 'Access Restrictions' box, enter the TCP/IP addresses you want to be able to send outgoing mail. For instance, to allow computers in the TCP/IP subnet 192.168.1.0 with subnet mask 255.255.255.0, add a line
Note: If you have a proxy server between the Internet and VPOP3, this should be EXCLUDED from the access restrictions range allowed by VPOP3, eg if the proxy server is 192.168.1.100, add a line
If you don't do this, any incoming connections through the proxy server will be allowed, regardless of where the user's computer is - this is because all these connections will appear to be coming from the proxy server's IP address.
Go here to test the VPOP3 relay protection settings. This site is run by abuse.net who run the 'Network Abuse Clearinghouse'