Since most ISPs block unencrypted SMTP (tcp port 25) outbound connections, I've configured my managed mobile clients to connect to my mail server on port 465 (SMTPS) and use TLS to authenticate to "phone home".

This allows these clients, even on untrusted client IP segments to authenticate over a secure connection, and deliver email as to their current whereabouts (IP address.)

First, configure RemotelyAnywhere to use port 465, and force TLS/SSL.  (Obviously, you'll have to provide a username/password etc. here.)  I created a dedicated mailbox/user for this purpose.

Next, on the Edge Transport machine, create a new receive connector for port 465.  You'll have to rearrange your existing connector(s) to ensure there's no port/scope overlap:

• Edge Transport
• New Receive Connector
• port 465, enable TLS
• Allow exchange users ONLY
• In the Shell: Get-ReceiveConnector server\connector | add-adpermission -user USERNAME -extendedrights ms-Exch-SMTP-Accept-Any-Sender

Replace USERNAME with the dedicated user.  Replace server\connector with the identity of the connector.  To get the name, do "Get-ReceiveConnector" by itself, and pick the appropriate entry.  Note that this will force the Exchange Edge server to permit ONLY current Exchange Users (ie. not anonymous/unauthenticated users) to submit mail via SMTPS on port 465.

So now, I have machines that can check their local IPs every X minutes, open a secure connection to my email server, and send an email with its current IP address, on any internet connection that permits tcp port 465 (SMTPS) outbound.