In Setup -> Security Settings -> IP shielding -> Pop before SMTP
Check "Local sender must have accessed mailbox within the last X minutes".
If your version does not support pop before SMTP, you cannot secure it.(Any other configuration suggested will be a kludge designed to get around DNSbl sites.)