This post discuss the steps necessary to allow trusted internal servers and external authenticated users to relay email through your SBS 2008 server. You would do this for scenarios in which external POP3 or IMAP4 clients or an internal application server needs to send email through your Exchange server. This is not to be confused with external anonymous relay, where your server is open to any connecting IP address for abuse.
The key to making this secure is restricting access through either authentication or connection control (filtering by IP address). You will also see how SBS 2008 configures TLS in Exchange to encrypt your traffic to protect against eavesdropping.
Application Server Relay
SBS 2008 Setup creates a Default receive connector in Exchange to allow internal machines using Basic over TLS, Exchange Server, or Windows Integrated Authentication to relay. It listens on port 25 and allows connections from any IP address in the internal LAN. You may need to perform some extra configuration on your application servers to meet the authentication requirements of the connector.
You can tone down the security requirements in favor of an easier deployment by creating a new receive connector that allows anonymous relay, but only from specific IP addresses.
The Exchange blog already has a nice walkthrough on how to configure this. The requirements for SBS are no different. You can reach it through the following link: http://msexchangeteam.com/archive/2006/12/28/432013.aspx