Tommy,
I have a feeling your configuration is not complete yet. Try running Tools / Diagnostic Check - Inbound. It is very likely the Invalid Recipient Check will fail. The correct way to configure Xeams in your scenario is:
- Check "Reject email for invalid users". Unchecking this option will make your vulnerable to Reverse NDR attacks. Currently, your Xeams is most likely accepting emails for addresses like mickey.mouse@yourdomain.com, which is obviously not correct.
- Instead, enable either DRV or AD/LDAP Lookup, which will ensure Xeams only accepts emails if it is a valid address in your downstream server.