Recent versions of most popular mail transport agents (MTA) started including anti-relay filters to help fight spam turned on by default. Most system administrators all over the world decided to allow relaying to their internal networks' computers, while denying it to every external computer.
When using a wrapper, every connection appears as if it came from the host where it is located. Of course, this feature of the MTAs is no longer useful, and it should be reimplemented at the wrapper. Fortunately, as everything is already arranged by stages (see section 3.5.2 for explanation, section A.3 for the code), adding this proved extremely easy.
The world's most popular MTA is sendmail, which is, at the time of this writing, at its revision number 8.11.1, handles access lists similar to the following example:
localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY mynetwork.net RELAY 192.168.1 RELAY 172.16.50.30 REJECT 10.3 REJECT email@example.com REJECT advertisement.net REJECT
This file is usually located at /etc/mail/access, and must be compiled into a DBM hash called access.db in the same directory to be used. The file is Tab-separated; the first column holds the patterns and the second one holds the action associated to it.
In this example, relaying is allowed to the localhost (lines 1, 2 and 3) and to the local network -- every host belonging to the mynetwork.net domain (line 4) or with an IP address belonging to the 192.168.1 network (192.168.1.0 through 192.168.1.255, line 5).
On the other hand, input coming from the specific host 172.16.50.30 (line 6), or from any host belonging to the 10.3 network (10.3.0.0 through 10.3.255.255, line 7), to the specific mail address firstname.lastname@example.org (line 8) and to the whole advertisement.net domain (line 9).