How to Allow Unauthenticated Relay from a Certain Subnet

In certain situations, authentication cannot be enabled for the SMTP protocol. This article describes how to allow a certain IP subnet to send without authenticating while leaving authentication enabled to prevent spamming

Issue cause

Users receive a "Relay Denied" error while sending messages without authentication.

Solution

If you cannot enable authentication for the entire server user base, you need to have a certain IP range or subnet that can be allowed remote delivery. This range will be used as the criteria on which delivery to remote domains will be allowed.

NOTE: This rule will apply to the entire server and has to be defined by the server administrator.
  1. Log into the webadmin interface as the "admin" user account.
  2. Go to "Security & Filtering".
  3. Select "Acceptance & Routing".
  4. Go to the "Advanced Settings" tab.
  5. Click on "Add acceptance / routing rule".
  6. Assign a name to the rule in the "Name" field.
  7. In the "Conditions" section, select: "Remote address" -> "IP".
  8. Click the "Add condition" button.
  9. Select the "Range" option and enter the IP range or subnet.
  10. In the "Actions" section, select: "Delivery" -> "Remote".
  11. Click the "Add action" button.
  12. Select the "Allow delivery for all users" option.
  13. Click the "Save Configuration" button.
Now, the email system will allow the remote delivery of messages without authentication only from the range defined in the rule.

NOTE: Any other user connecting from a different IP address not covered by this rule, will still have to use authentication.
OS: LinuxWindowsFreeBSDNetBSDOpenBSDSolaris
Distros: DEB based distros amd64