For a mail server on the Internet, the best relay setting to have is to only have Allow relay for authenticated senders, and leave Allow relay for local sender addresses unchecked. This will make everyone who wants to send email out via your server provide a username and password.
Find below an explanation of the various relay settings.
Allow relay for authenticated senders
This means that people who try to send mail out through your server need to enter a username and password (ie. SMTP authentication). To set this is different for various mail clients, but in Microsoft Outlook Express and Microsoft Outlook for instance, you do this in the account properties via the "My server requires authentication" checkbox under the "Servers" tab. It is advisable that you have this option enabled if you aren't using
privileged IP ranges.
Allow relay for privileged IP ranges
This means that you will allow people with certain IP addresses to send email through your server. If you know the IP addresses of those persons who are able to send email out through your server, you can use this option. DO NOT select this if you haven't set a list of IP addresses, as you may inadvertently allow everyone access. Normally this option is not selected.
Allow relay for local sender addresses
This will allow people to send mail if their From address has a domain that you host on Mail Enable. For instance, if you host domain.com, and someone sends a mail that has their From address as firstname.lastname@example.org, the email will be sent.
Unfortunately spammers may still abuse this by pretending they are one of your users, so most servers will not use this option.