I’ve had to do this a few times now for applications that require anonymous relay in order to send email. Whenever I do this I limit the scope of the anonymous relay to the application server in question. Below I’ve given the PowerShell commands that can be used on SBS 2011 Standard or Exchange 2010 to correctly create an anonymous relay for any traffic coming from the application server with the IP of 192.168.1.3.
The process needs to be done in two steps – first command line will create the Anonymous Relay connector and the second like will modify the permissions of it to allow it to function correctly.
New-ReceiveConnector -Name "Application Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 192.168.16.2:25 -RemoteIpRanges 192.168.16.3
Get-ReceiveConnector "Application Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Creating the Receive Connector via the Exchange System Manager is not enough – if you have done just that, then you also need to run the 2nd PowerShell command below for it to work.