From the Console, select Options, Server, LAN tab to display the following
Machines with IP addresses which fall within the LAN definition will be allowed to relay unconditionally so the address ranges included must be as small as possible.
For a single machine user, all that's needed is 127.0.0.1.
For a small LAN, something like 192.168.1.* is all that is typically
required.
If the Mailtraq machine has a fixed IP address assignment when online,
e.g. 194.222.58.129, that may also be entered.
From the Console, select Options, Services to display the following
Make sure that the primary SMTP instance has been selected, i.e. the instance listening on port 25 which, if multi-homed as shown, is listening on Mailtraq's Internet interface. Click on the Properties button then select the Relaying tab to display the following
Ignoring version specific differences, the key setting is that Relay for client machines outside this LAN MUST NOT be checked. The default for Relay for non-local senders is enabled but it may be disabled without adverse effect on unauthorised relaying behaviour.
The settings of the last two controls on this tab are also crucial. Neither Always allow relaying from these senders nor Always allow relaying to these recipients should be enabled. Note also that their associated text boxes must be empty as well as being greyed out.
Click Ok and Ok to return to the Console and Mailtraq is now secure from unauthorised relaying.
Further information is available on each of the settings in the Relaying Tab. Consult the Mail Relaying reference for additional background material.