You want to ensure that your Internet-facing Exchange SMTP server is properly secured.
Launch the Exchange System Manager (Exchange System Manager.msc).
In the left pane, expand the appropriate Administrative Groups container, and then expand the Servers container.
Locate the target server, then expand its Protocols container and the SMTP node beneath it.
Right-click the Default SMTP Virtual Server node and select Properties.
Switch to the Access tab and click the Authentication button. The Authentication dialog is shown in Figure 10-1.
Choose the appropriate authentication settings by checking the corresponding boxes. For Internet-facing servers, you must leave anonymous access enabled if you want your server to accept SMTP mail from other servers; you can enable or disable basic and integrated authentication as necessary (see the Discussion section for more on this).
Click OK to accept the authentication settings. They will take effect immediately.
Figure 10-1. The SMTP server authentication dialog
Configuring SMTP authentication is a necessary part of securing your Exchange server. SMTP wasn't originally designed to support authentication, so the IETF has retrofitted authentication via the SMTP AUTH verb as documented in RFC 2554. You can only control authentication at the virtual server level. ...