No offense meant, I know you were simply trying to answer your own question and post for the SF community, but I would say you are doing it wrong.
You should setup your Receive connector as a proper relay, with the permissions tab set to Exchange Server
not Anonymous
and your Authentication Tab set to Externally Secured
. Then lock the Receiver down to only accept messages from the WSUS server's IP address.
Using Anonymous
permissions isn't the right way to handle it in general...
EDIT: in order to clarify and answer some questions in the comments, see this Technet article: http://technet.microsoft.com/en-us/library/bb232021%28v=exchg.141%29.aspx even though it isn't exactly the easiest to follow.
You have 2 roads to go down...if you choose to go with "Anonymous" then you have to run a shell command to allow anonymous connections the proper ADPermission, something that can't be done in the EMC. This in effect will be the same as the way I'm stating, however some apps will still act like they have to send a username/pwd, so in the past my results have been mixed using this.
So...I stick with the 2nd option they give of "Externally Secured". However, that requires (as mentioned in the article) that the permissions be set to Exchange Servers
. What happens is mentioned in this article: http://technet.microsoft.com/en-us/library/bb690954%28v=exchg.141%29.aspx -- stating:
Use this option if the incoming connections to this Receive connector
are secured by external means. For example, use this option if the
connection is physically secured over a private network or by using
Internet Protocol security (IPsec). When you select this option, you
make an assertion of external security that can't be programmatically
verified by Exchange. Before you select this authentication method,
you must first select the Exchange servers permissions group on the
Permission Groups tab.
So in essence you are saying with that Receive Connector "trust anything that comes from this set of inbound IPs I'm allowing", no auth, no prompts, no nothing, just take the email and send it out.
Hope that helps.