Login to the ECP and click Mail Flow, then Recieve Connectors. Create a new Recieve Connector.
Name the connector something descriptive.
Select Frontend Transport and Custom.
In Network Adapter Bindings leave "All available IPv4" this is only the case if the Exchange Server has a single NIC. It's slightly different if your server has arms in two networks.
In Remote Network Settings, enter the IP's of the network appliances you want to be able to send mail without authentication.
To test use the following Telnet commands (you run this from a server which is listed as allowed in the new Recieve Connector).
OPEN mail.domain.com 25
RCPT TO:email@example.com NOTIFY=success,failure
Subject: Test from Telnet
If it's successful it should return a message similar to below.
If you want the server to be able to relay to external domains you must run another command as well.
Change it to reference your Exchange Server and Recieve Connector name, also remember and run it from Exchange Mgmt Shell or it will fail.
Get-ReceiveConnector "EXSRV\REC CONN NAME" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient