When a user logs in to check his emails on pop3 or imap his IP address and login time is added to a postfix-style database using the same libraries as used by postfix (for example, you can have a mysql:/etc/postfix/mysql.conf database). Postfix is then instructed to allow relaying only to those hosts inserted into that database.
Every once in a while, a cron job takes care of removing expired entries from the database and the removed host must authenticate again before being able to relay new emails.