If you take a look at the properties of a Send Connector you will notice an option to proxy through a Client Access server.
When this option is enabled outbound email that is being sent via a Send Connector does not go directly out from the Mailbox server, and instead is proxied through a Client Access server in the site.
There is nothing complicated going on here, the Client Access server simply acts as a proxy for the connection so that the receiving host out on the internet sees the connection as coming from the Client Access server name and IP address rather than the Mailbox server.
To demonstrate, here is a message header for an email sent without the proxy option enabled.
Notice that in hop 2 the message is received by E15MB1, and then in hop 3 you can see E15MB1 send to mx.google.com. In other words, it was send directly without proxying.
And here is a message header for an email sent with the proxy option enabled. Note the extra hop before the email goes out to the Google mail servers.
Notice the subtle difference. In hop 2 the message is received by E15MB3, but then in hop 3 the message is being sent from E15MB1 to mx.google.com. E15MB3 has silently proxied the message through the Client Access server role on E15MB1.
This option is likely to be more useful for organizations that do not use a smart host or Edge Transport server for outbound email routing, and want to control where outbound SMTP connections are coming from. A justification for this would be to simplify the firewall rules.
Personally I don’t expect to see this option used much in small environments, however it could certainly be useful in some larger organizations.