I have been preaching this on the forums for many years, but it’s worth a reminder. There is generally no reason to muck with the default receive connectors.
And yes, I am aware of the advice from the 2010 days:
Note that in 2013/16, anonymous is already enabled on the “Default Frontend” connector to boot!
Messing with them is a sure way to stop mail flow between servers and who knows what else.
If you need to customize or have the very common requirement to enable support for inbound TLS with a common FQDN across servers, create a new receive connector on each server. You’ll be glad you did.