Rockliffe have a good FAQ on securing the MTA here.
Even after following the instructions, under server - security [x] except for listed hosts must
not contain "*" under accept mail for relay from these hosts. The purpose for
"Except for listed hosts" is to define networks that do not require authentication. If you
are exclusively using authentication, there is no need to check except for listed hosts.