Exchange 2010 Anonymous user with accept-any-sender permission?
Solution 1:
To accept email from the internet then you have anonymous enabled. Therefore the settings you are seeing are correct. You would need to check whether the appliance can send email to your server via authentication to decide whether to change it. If it isn't able to authenticate, then you will have to leave anonymous enabled.
However, if the Exchange server cannot be seen from the outside world, I wouldn't worry about it. Furthermore, if you have things internally sending email - such as printers, scanners etc, they would normally not need to authenticate if sending email to an internal recipient. Authentication is normally only used for relaying.
Therefore having anonymous is normal and to be expected.
The second permission is the default. It allows a printer for example to send as [email protected] and for it to be accepted by the server. Some will remove the permission, which is a crude way of stopping spoofing. However it is only effective on an external facing system. If you have a gateway in front then its effectiveness would be limited. The email has been accepted and would then bounce, so you are wasting bandwidth. Spoofing control should really be done at the point of delivery.