you need to run the tests on your domain or MX name to make sure the relay open.
Yes you need anonymous connections enabled otherwise the servers coming into your network won't be able to send any email through.
The default settings which don't enable relay on the receive connector are:
Permission Groups (tab)
Enable:
Anonymous users
Exchange users
Exchange servers
Legacy Exchange Servers
Authentication (tab)
Enable:
Transport Layer Security (TLS)
Basic Authentication
Offer Basic authentication only after starting TLS
Exchange Server authentication
Intergrated Windows authenication
We also use have added a bunch of servers to your anti-spam in the Exchange server which cuts down on about 98% of the spam we get without them.
Anti-spam -> IP Block List Providers
Providers:
dns.rfc-ignorant.org
sbl-xbl-spamhaus.org
bl.spamcop.net
dnsbl.sorbs.net
list.dsbl.org
All other settings are default.
