I am quite new to MS Exchange and did deploy a Exchange 2013 recently which I am migrating right now to production.
When examining the receive connectors it occurred to me basic ath was enabled on Port 25 by default along with Windows Auth and Exchange server authentication.
On any other email system I would switch it off for security reasons, there is Submisson, 587/tcp for clients.
Is there any reason to keep basic auth switched on on port 25 smtp or can I safely turn this off?
Are there any other basic best practices to harden Exchange? (I know, this is a very wide area question but I ask it anyway :)