This refers to Exchange 2007 (but probably could apply to Exchange 2010). The default receive connectors (Server Configuration | Receive Connectors tab) cannot, by default, receive messages from the Internet (from anonymous users). There are at least two ways to modify this: Check "Anonymous Users" under the Permissions Group tab on the Default Receive connector or Create another / a custon receive connector ("INBOUND" for example) and check "Anonymous Users" there. I opted for the second option, having seen it used in a Exchange training video, but I see that you can simply modify the default connector. Is there any reason to prefer one method rather than the other? Is it even worth creating that third connector?

No use the default connector, for orgs that accept internet mail directly to the HT (no edge or third party filter) then the guidance is to just set anonymous on the default connector. Configuring Exchange 2007 Hub Transport role to receive Internet mail http://blogs.technet.com/b/exchange/archive/2006/11/17/3397307.aspx You would create a separate connector for applications that relay through your HT server. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com