How to configure Exchange Receive Connector for Postini or any hosted antispam service

 Create the Receive Connector

Set up a new Receive Connector on the Hub Server to allow relaying. This step is the same for either method of reinjection setup.
1.
Expand Server Configuration from the Exchange Management Console

2.
Choose Hub Transport from the server roles list.

3.
In the Details Pane choose the appropriate hub transport server

4.
In the Properties Pane right click in the Receive Connectors tab and choose New Receive Connector. The following screen will appear:


5.
Name the connector “Reinjection” and choose Next

6.
You will see the Local Network Settings page. If you haven’t made any customization to the IP settings of the Hub Server, keep the defaults. Otherwise, use the settings appropriate for your customization.


7.
Click Next to go to the Remote Network settings page. Click the default range that is input by the system and click Edit.



8.
You will see the Edit Remote Servers box. Enter the appropriate IP range. For a list of IP ranges, see IP Ranges.


9.
Click OK, then click Next to continue.


10.
Click New, then click Finish on the Completion page.

Method One: Apply Anonymous user access to the connector
The first method to allow reinjection is to set the receive connector to allow Anonymous Users. This is recommended for most configurations.
The first step in this process is to add the Anonymous Permissions Group to the connector.
1.
Double click your new connector and choose the Permission Groups tab.

2.
Check the Anonymous Users checkbox.

3.
Choose OK.



4.
Open the Exchange Management Shell from Start -> Programs -> Microsoft Exchange Server 2007 -> Exchange Management Shell

5.
Type the following command:

Get-ReceiveConnector "Reinjection" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient" 6.
You will see a results screen:


Method Two: Externally Secured Connector
If you do not allow Anonymous Access, you can instead create a connector as an externally secured connector. This option allows you to bypass Exchange’s anti-spam filters.
1.
Open the newly created connector and click the Permissions Groups tab.

2.
Check Exchange Servers and click Apply.


3.
Click the Authentication tab.

4.
Check “Externally secured.”


Using the externally secured setting applies the following permissions:
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

If you chooses the externally secured you will bybass the exchange antispam feature and you will not be able to block spoofing so it's highly recommended to use the first way to configure postini receive connector and you have to do a new command to remove a permission from receive connector as explained in this EgyEng.com thread.
http://egyeng.com/forums/showthread....8504#post28504


Be aware as it's currently postini for some reason is listed in spam lists as ones disabeld below in the screen so if you face any issues configuring the first way with anonymous permission check your RBLs



That takes from me days to know the cause of the issue not receiving any mails from outside if using first way.