Exchange 2003 Authentication Advice

HI, Looking for advice here as I am in uncharted waters, for me , anyway... Been doing these pci compliance scans and up till recently we have been ok - then they add something new that they say is a problem, we fail the test, we fix the problem and then we pass - -the cycle goes on like this and just this week we got a Clear Text password issue on port 25.... So after trawling I found a sembee response to exactly this question and as advised , turned off all authentication except anonymous - and the scan passed the test.

I am happy that it passed the test but am unsure of exactly what was done - because it was through the night,  -i.e. if this had been done through the day time, would it have disabled email to the users, what would not have worked - we have web shops that use the mail server to relay email receipts to anyone purchasing goods -I am assuming that these would have failed?

While the switching off of authentication passed the test, for which I am grateful - is there a longer term permanent solution to this issue (and no doubt the scanning company will hit me with others in a couple of months)

Also , has anyone managed to get away from these scanning companies - we tried but they told us we were non compliant when we let the contact lapse - and then got charged by the bank.... all advice welcome - thanks