Looking for clarification about what Exchange 2007 considers to be "anonymous authentication" for TLS at the Receive Connector. At the company I'm SysAdmin for, about 3 months ago we were getting "spoofed" emails almost daily. These "spoofed" emails would typically have our CEO or the domain admin as the "sender." To mitigate against this, I set our default Exchange "internet" receive connector to DISallow anonymous authentication with a Exchange Management Shell (Powershell) command, and created a separate RC to allow for anonymous-authentication with a set of whitelisted IP's (offsite copiers w/ scan-to-email, Constant Contact, etc). This worked and the spoofing completely stopped.
But here's the issue, now no one that tries to send anything "on behalf of" or "via" someone else can get an email through to us. I was under the impression that disabling anon-auth was only for our organization, but it seems to be affecting all outside parties as well. Gmail will allow these through, but I obviously cannot keep asking my users to have work email sent to their personal Gmail accounts Thank you.