Single Server Configuration
By default, Exchange 2007 is expecting you to use an Edge server. An Edge server requires an additional Windows and Exchange licence and is designed to go in to a DMZ. For most companies, an Edge server is a waste of the licensing and hardware costs. The feature benefits that an Edge server can provide with regards to message hygiene are easily achieved using third party products which cost significantly less than the additional Windows and Exchange licences. As such your best option is to have email delivered directly to the Exchange server with the Hub Transport Role. Configuring Exchange 2007 to work in this way is quite straight forward.
The first thing that you have to change is to allow the server to be able to receive email directly from the internet. That means a change to the Receive Connector.
The receive connector that you are changing is the Default Receive Connector. The Client Receive Connector can be left in its default state.
Open the properties of the Receive Connector, then choose the Permissions Group tab. Enable "Anonymous Users". Apply/OK out.
As with many things in Exchange 2007, this change will not take effect immediately, you need to restart the Microsoft Exchange Transport Service. However there are other configuration changes that you can make before you need to do that.
On the general tab you will se the HELO/EHLO field. This is what remote servers see when they connect to the server. However for a receive connector, the only valid values are blank, the server's real name or the server's FQDN. This field does not have to be a public name and will not affect your server's ability to receive email or your email being flagged as spam.
To send email, you will need a Send Connector. Unlike Receive Connectors, these are not created by default. Create a Send Connector.
Even if you are using a third party tool to manage your anti-spam functionality, you should still enable the anti-spam agents. The key agent that you need is the recipient filtering agent, which allows you to drop email for non valid users at the point of delivery. Instructions on installing and configuring the antispam agents are here.