Sometimes you need to allow relay from machines that can’t authenticate properly with Exchange. This can be done by creating a new Connector on the Hub Transport under Server Configuration (make sure you select the right server if you have several). Specify the IPs that should be allowed to relay under remote servers.
Under Properties on your new connector open Permission Groups tab and check Exchange Servers, then open the Authentication tab. There is an option for allowing External Authentication. This is mildly confusing, but actually means that Exchange shouldn’t authenticate because the connection will be authenticated BEFORE it hits Exchange.
You can now test the SMTP connection from one of the IPs you specified. Can easily be done via telnet in the following way:
telnet <servername> 25
mail from: <firstname.lastname@example.org>
rcpt to: <email@example.com>
If it says Recipient OK, you’re in the clear.