info.mailtraq.com > SMTP Services > Access Control Access ControlThis tab, accessed from the SMTP Service dialog, controls which clients are permitted to use this instance of the SMTP service.
1 Allow any client to connect
If this option is selected, Mailtraq permits any client to connect to this service. This option is not recommended unless Mailtraq is operating behind a separately configured firewall and is an authorised MX relay for your domain or unless access by unauthorised clients is physically impossible (i.e. in a closed network which does not permit connections from external networks).
Tip:
If Mailtraq is your primary mail host it normally will be installed behind a separately configured firewall at your router with NAT or Port Forwarding directing traffic on Port 25 to Mailtraq. In that (most common) instance it is appropriate for Port 25 to accept connections from any client so it can connect to other external mail servers.
2 Use the addresses below as a Firewall
If this option is selected Mailtraq uses the range of IP addresses entered directly into the Limit access to... list box to determine which clients are permitted to use the service.
Use this option if you are using an external mail relay host - such as a spam checking service. Enter the IP address/es your service provider gives you: one per line.
Tip
If you are using an external SMTP mail relay you should make sure that all your MX records point to that service and not directly to Mailtraq to avoid unexpected message rejection.
Note that the firewall is empty by default therefore clients will not be able to use the service until a suitable IP address range is entered.
This option, or its successors below it, should be selected in order to prevent specific IP addresses from connecting to this service instances for policy reasons.
First, enable all clients to connect using the following wildcard pattern entry:-
*.*.*.*
then exclude individual IP addresses or address ranges as required by preceding them with a ~ (tilde, ASCII 126) character as follows:-
~192.168.*.*
~10.0.0.1
~10.0.??.*
where the first entry blocks the IP address range of 192.168.0.0 - 192.168.255.255, the second entry blocks the single IP address of 10.0.0.1 and the third entry blocks 10.0.10.* - 10.0.99.*, i.e. all IP addresses in that range where the third octet consists of two digits.
3 (2) and Local Area Network
If this option is selected Mailtraq uses the range of IP addresses entered directly into the Limit access to... list box followed by the range of IP addresses entered into the LAN tab of the Server Properties dialog to determine which clients are permitted to use the service.
The Edit button can be used to display the LAN tab if needed. Note that there are not separate instances of the LAN tab for each SMTP service instance. The Edit button is merely a navigational aid to display that control for ease of reference.
4 (3) and machines recently collecting POP3 mail
This option operates exactly as option three but also adds, temporarily for approximately twenty minutes, the IP address of any client authorised to collect POP3 mail from Mailtraq to the list of IP addresses explicitly permitted to connect to this SMTP service instance. Note that this feature can include clients hosted on external networks provided they first access a POP3 mailbox (through the POP3 service firewall and using a valid POP3 mailbox name and associated password) before attempting to send mail via SMTP. Note also that this grants permission through the firewall only. If the connecting client wishes to use Mailtraq to relay mail, the appropriate options on the Relaying Tab must also be enabled.
See also: Server LAN Configuration | 
