For external email relay, you need to create a new receive connector which is limited to the IPs of the servers/devices which you want to enable external email relay for.
For example, we want to allow the IPs "220.127.116.11","192.168.0.25","192.168.0.200" to relay through a new receive connector called "Device Relay" and we want the receive connector created on our Exchange server called EXCAS01. To do this, open up the Exchange Management Shell and enter the below commands:
$Name = "Device Relay"
$RemoteIPRanges = "18.104.22.168","192.168.0.25","192.168.0.200"
$server = "EXCAS01"
$RC = New-ReceiveConnector -Name $Name -Usage Custom -Bindings 0.0.0.0:25 -RemoteIPRanges $RemoteIPRanges -PermissionGroups ExchangeServers -Server $server -TransportRole FrontendTransport
$RC | Set-ReceiveConnector -AuthMechanism TLS,ExternalAuthoritative