I am very new to exchange 2013. We have a server locally that supports 25 users. We are getting pounded with spam. I implemented a free XEAMS spam filter and it is doing well, but the spam is still flowing. I was under the impression that if the spam is being shut down and not relayed, that it would stop after a few days. It's been about 10 days now and yesterday we had 6600+ spam emails filtered out. I was worried that I may have an open receive connector that was being exploited, so I called Dell because I have hardware and software support through them. I had two techs from dell connect remotely and look over the connectors. I was told that having anonymous checked on the receive connectors would leave us vulnerable to the spam. Now, I have seen more than one legitimate article that totally debunks this as adding anonymous does NOT allow anyone to relay, it does allow submit though. So, is this a problem or not? I have one connector just for copiers to scan to email and the only way I could get it to work was by listing the exact ip addresses of each copier and checking anonymous. I was told that would be a vulnerability. Is that true? Finally, what are the default security settings for the default connectors in exchange 2013? I just want to make sure they are correct now. I am just using one machine for exchange, so I have default, default front end, client proxy, client front end, and outbound proxy front end. Any advice is very much appreciated.

"I had two techs from dell connect remotely and look over the connectors. I was told that having anonymous checked on the receive connectors would leave us vulnerable to the spam. 

Well, yes, but if you uncheck this setting, how would potential customers (for example) send an inquiry by email? What credentials would they use to authenticate?

If you have the luxury of testing this, uncheck the setting and attempt to send a message to your organization from a Gmail or Hotmail account, or perhaps an account from another organization (as a perfectly legitimate business partner might do).

You won't receive any more spam alright. But you won't receive any mail at all.

Default settings?

Compare with Martina's settings here:

https://social.technet.microsoft.com/forums/exchange/en-US/32e13998-a84e-4f10-8557-3f7ce6fdb824/2013-default-receive-connectors

Note that the default frontend includes anonymous:

Name             : Default Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 36 MB (37,748,736 bytes)

---EDIT---

So no, it is not a problem.

Ideally you would filter spam upstream, at the perimeter or with a cloud-based service (Postini is/was one example) so the Exchange server itself is not bombarded. But unchecking the anon permission will not solve the spam problem... without stopping inbound mail flow altogether.

Hey thanks Dave. I did actually do that and people were at my desk asking why people were sending them emails and they weren't getting them, lol. That was a tough five minutes there. I'll check out that link and compare. I did check before the call to dell pro support and the server is not an open relay. I've been running XEAMS free spam filter on another server locally and it is basically getting hammered, but it is making sure the emails are going nowhere, not even to the exchange server. We had almost 6700 emails yesterday and of those over 6400 were spam.

Besides whatever Dell did, you can check to see if you are an open relay here (it's a good site for Exchange admins to know in general):

http://mxtoolbox.com/

("Domain Health" test - if you are someone @ contoso.com, you enter "contoso.com" as the do

Hey thanks. I have been using that a good bit since I started seeing issues. By the way, on my default frontend receive connector, I didn't have exchange server authentication checked, but when I do check it I get an error about needing to change the fqdn of the server for the receive connector? I did some searching and everyone seems to agree that changing that will only cause problems and could stop communication between hub and transport.