Building a Relay in Exchange 2010 that any IP can Authenticate to

so you want to have your phones pass messages via the relay in exchange? yet you want the relay to require authentication

This is quite easy to setup. You just need to create a new Receive Connector and set the parameters properly...
- Open EMC
- expand Server Config
- click Hub Transport
- Create New Receive connector
- Give it a Name
- Network Tab Port 25 and Add the IP Addresses for all of the phone systems to this Receive Connector
- Authentication Tab leave all options unchecked
- Permissions Tab check Anonymous Users

That should do it.

Will.

Yes Helao.  That is what I want to do.  And Thank you Will.  However, I'd like to keep it open to all IP addresses because a portion of our customers have dynamic IP addresses.  I don't want to have to keep track.  So I want them be HAVE to authenticate.  I DID have this setup and working but somehow it wasn't quite right because spammers started relaying off of my server within hours.  So the security wasn't quite right.  However, if I telnet'd to the server it would not allow me to relay unless I used the account I specified with the following Exchange Shell command.  Not quite sure how they were able to relay.....

Get-ReceiveConnector <RelayName> | Add-ADPermission –User “NT Authority\Anonymous Logon” –ExtendedRights ms-Exch-SMTP- Accept-Any-Recipient,ms-exch-bypass-anti-spam

Why would I be able to make it work like that though?  In theory, It doesn't seem too hard.  If I allow ONLY people who authenticate to my server to relay mail to anywhere for that one account and be sure to have a hard password, why wouldn't that work in theory?  Not trying to be a pain, just wondering how they may penetrate that...

Thank you.