Reviewing the documentation on using the outbound relay with Exchange and having the outbound mta as a smart host. What prevents unauthorized servers from connecting to it and using it as an open relay and sending e-mail with my domain. I understand there is spf but wouldn't spf allow mail flow it since the sender IP at that point is matching to the Sophos relay IP?
When using Exchange to send outbound emails, you need to set up in Central Email, the IP address that will be actually connecting to Central to send the email. If Central sees a different IP trying to send an email from the domain you have configured the connection will get rejected.