I've found that in Exchange 2013 I am able to send email FROM a local account, TO a local account, and have the server not ask for any authentication. I want to lock this down, but I can't find a setting anywhere in Exchange or Forefront to tell the receive
connector to authenticate any session where the email is FROM a local user.
On Exchange 2010 I removed a permission from the Internet recieve connector:
remove-ADPermission -Identity <receive connector> -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
and it works, but its not worked on Exchange 2013.
Please advise!