Back in the "good old days", an SMTP (email) server could blindingly allow anyone from the Internet to relay email. Relaying email
is the process of taking mail and sending it to another mail server. For example, if I am at Site A and I want to email someone at Site
B, I may need to use Site C's email server to relay the message. The SMTP protocol does not provide a means of authenticating
the user attempting to send mail. An SMTP server that relays email from any domain / ip address to any other domain / ip addressis said to be an
The problem with having an open relay SMTP server is that Internet spammers can easily find it and exploit it to do their dirty work.
By forging email headers and using temporary email accounts, it is nearly impossible to track them down and distinguish them from your legitimate users trying to send
So how does one allow legitimate roaming users the ability to relay email without inviting Spammers? One answer is using the
authentication methods available in the POP and IMAP protocols. If the SMTP server can determine that the user attempting to relay
mail has sucessfully authenticated ("logged in") via POP or IMAP then that user can be considered trusted. One such tool for the
qmail SMTP server is SMTP-poplock.
SMTP-poplock maintains a database containing the IP address of user's who have successfully logged in via POP or IMAP. Most
email clients such as Microsoft Outlook provide POP or IMAP email accounts containing a username and password that is sent to the
server. A user who has a laptop and wants to access and send e-mail from a location on travel simply has to log into their email client
to be seen as "trusted" by the SMTP server.