Hello Mark,

"the 515E returns the 220 and not my mail server"

I dont know a reply type of "220" from PIX firewall. If you telnet 25 to the IP and get any kind of screen (either blank or some output) other than "Could not open connection to the host" Connect failed or timeout, that means the port is open.

By the way, exchange server reply to a telnet to port 25 starts with 220. Here is one of them

"220 xxxx.xxxx.xxx Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at

Wed, 23 Jul 2008 23:09:19 +0300 "

Or sometimes just 220 and some ASCII chars like ######## or so.

If you post your sanitized config, we would help better.

Also make sure that you configued your SMTP Connector in Exchange server

Regards

You probably also want to turnoff fixup for smtp. We run a 515e and E2K and have it off. It's my understanding that MS has a problem with that.

when I do the telnet 25 from an outside location I get one of 2 returns

220 ####### - I am told this is the 515e responding

or nothing

Guessing old, I inherited this when I started this job.

version 6.3(5) does that sound right?

In this case I advise you to turn off smtp fixup.

Mark,

"220 ####### - I am told this is the 515e responding"

Inspection is replacing the starttls echo-reply with ## sometimes ** . Most mail servers work in this case, but your mail server may not be able to establish connection with some mail servers.

Following are the necessary commands to correct that

policy-map type inspect esmtp esmtp_map

parameters

no mask-banner

policy-map global_policy

class inspection_default

inspect esmtp esmtp_map

But this is available in code 7.2 or higher. I dont know an equivalant for 6.3 code and I assume it does not exist.

Better upgrade your IOS or remove the fixup as suggested.

Regards