Masters,
Unfortunately we got some spam mail which seems to be coming from our own domain.
I found some article which all says to remove Anonymous login from internet receive connector
(http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html)
I think i something misunderstood about those articles, because if i remove the Anonymous connection e-mails did not receive from external address (like gmail – Diagnostic-Code: SMTP; 530 5.7.1 Client was not authenticated)
Some pictures about our configuration:
Best Answer
Everyone on this question seems to have completely ignored the also good practice of enforcing SPF (you could also use DKIM).
Your zone file should have an SPF record and it should specify only the Public IP Address of your Exchange server is allowed to send email from your domain.
Enable SPF enforcement and you're done. You won't be receiving emails spoofing your domain.
If you don't know if you have an SPF record or don't know what's in it now is a good time to become familiar with mxtoolbox.com.
Yes make sure your Exchange server is not an open relay but only doing that will not solve your problem. For that, setup SPF.