If your SMTP module can accept incoming TCP connections, your Server can be used by spammers as a mail relay engine: they can distribute their messages all over the world using your Server as an open relay.
Also, if your SIP module can accept incoming SIP requests, your Server can be used by "voip" spammers as a SIP relay engine: they can distribute their calls and/or instant messages all over the world using your Server as an open relay.
To protect your site from spammers, you should restrict the Server relaying functionality. Basically, only your own users should be able to use your Server to relay E-mail messages and Signal requests to other places on the Internet. Messages and Signal requests coming from other sources should go only to your own Accounts, and should be relayed to other Internet sites only when you have explicitly allowed that type of relaying.
The simplest way to decide if an incoming SMTP message or a SIP request is coming from your own user is to look at the network (IP) address it is coming from. If all your users connect from one or several LAN(s), you can treat all messages coming from those networks as "messages from Clients", and your Server will relay them to the Internet.
Use the WebAdmin Interface to open the Network pages inside the Settings section (realm), and click the Client IP Addresses link.
Enter the IP addresses on your client connect from, as well as the IP addresses of other systems that should be allowed to use your server as a mail relay:
Process LAN IP Addresses as Clients
Select this option to include all LAN IP Addresses into the Client IP Addresses list.
The IP Addresses are specified in a multi-line format. See the Network section for more details.
If you provide dial-up services, enter the IP address ranges you have allocated to your dial-up users.
You can specify your Client IP Addresses using the reverse lookup domain names.
Note: each Domain can have its own Client IP Addresses list, extending the Server-wide and Cluster-wide lists.
When a client connects from an IP address not listed in the Client IP Addresses list, and the Detect Clients by DNS Name option is enabled, the server tries to get the domain name for that IP address (if the IP address is aa.bb.cc.dd, the Server tries to retri