Mine is set to use anonymous access, basic authentication, and integrated windows authentication. If I hit the users button next to integrated windows auth, I have only authenticated users in my list, with the allowance of submitting and relaying.
If you don’t allow anonymous access, then no one outside of your company can attach to it to send you an email (which sounds like what is happening right now for you).
If you look on the same tab, you’ll see a button for relaying. That’s where you specify via checkbox that only authenticated users (computers) can relay. That prevents you from being an open relay, and still allows you to receive external email.
(BTW, we only have one exchange server, so these settings should apply only for your external-facing exchange server, if you have multiple.)
When someone sends you an email, their server has to connect to your SMTP server in order to hand off the message. Without anonymous access allowed, their server would need to have an account on your system and use those credentials in order to sign in. Since you can’t give out an account to every mail server in the world. you can just allow anonymous access.
Relaying is different. Relaying is me using your server to send my email to someone else. It is not the same as me connecting to your server in order to give you a message for you.