Tommy,

I have a feeling your configuration is not complete yet. Try running Tools / Diagnostic Check - Inbound. It is very likely the Invalid Recipient Check will fail. The correct way to configure Xeams in your scenario is:

• Check "Reject email for invalid users". Unchecking this option will make your vulnerable to Reverse NDR attacks. Currently, your Xeams is most likely accepting emails for addresses like mickey.mouse@yourdomain.com, which is obviously not correct.
• Instead, enable either DRV or AD/LDAP Lookup, which will ensure Xeams only accepts emails if it is a valid address in your downstream server.