Setting up a secure SMTP relay for users
Users who employ a mail client program will want to send messages through your server using the SMTP protocol. Since we set up an MTA, your server already supports SMTP connections, but only to receive e-mail destined for your domain. Messages submitted anonymously for destinations other than your domain should be rejected. Otherwise, we would create a so-called open relay, and spammers would quickly abuse your server. Anti-spam filters would then put your server on blacklists, and other mail servers would stop accepting messages from your users.
In order to avoid creating an open relay, and yet allow remote users to send mail to other domains, we need to require user authentication. We will allow authenticated users to submit mail bound for any domain but reject outbound mail submitted anonymously.
The SMTP protocol supports a method of authentication called Simple Authentication and Security Layer (SASL), which allows users to specify their username...