Exchange server 2010, sits in DMZ, internet facing. The server is currently using the Default Receive Connector. This exposes the internal fqdn to the outside world (ehlo). Since you should not (can't) change the FQDN on your Default Receive connector, what is the best practice here?
The only solution I can see is the following:
1. Change the Network on the Default Receive Connector to only internal IP addresses.
2. Create a new Internet Receive Connector port 25 for external IP addresses (not sure what to put in Network tab?) and use my external FQDN for ehlo responses (e.g. mail.domain.com)
3. What do I pick for Auth and Permissions, TLS and Annoymous only?
Michael Maxwell