Hello Mel,
The issue is probably something simple, but difficult to narrow down in forum communications like this. I recommend calling support to get what will probably be a quick answer.
However, aside from that, to recap:
- You installed the Symantec Messaging Gateway (SMG) and configured it.
- You have never received email through the SMG
- When you test via telent from a public IP pool, you receive a "you are not allowed" rejection.
- When you test with a service like MX Toolbox, the banner is seen and it doens't appear that they get the same rejection.
If all the above are true, then you may not have an issue, just a testing difficulty. Are you expecting live mail to be flowing through the SMG? If so, what do the Message Audit Logs (MAL) say? You can search for connections (since messages aren't being processed you might only see connections) in the MAL by setting the filter to "Connecting IP" and setting the filter value to "." (just a period, no quotes). If necessary, you can also temporarily set your Message Transfer Agent logs to Information and check the logs for activity and connecting IPs.
Another thing that can give you info is if you send an email from a sender like gmial or yahoo or some other provider, you should receive an NDR back (Non-Delivery Report) that should provide some info on what occurred. Basically, it may just be that you see your "you are not allowed" but at least you'd then know that it's not just your telnet test that is failing.
Another thing to check is your MX records to make sure they are pointed to the correct IP for your environment. Since you are using internal IPs for SMG, you'll also want to make sure your firewall is utilizing NAT correctly. Based on your telnet test, it seems that these steps are complete, though.
In regards to telnet tests, have you tried to telnet to your downstream MTA (172.16.0.52 based on your screenshots)? Making sure you can connect and deliver messages to the next hop will remove that from the list of possible failure points. Sometimes the environment is not configured to properly allow SMG to connect to the internal mail server, so messages get processed by SMG but are not delivered to the final recipients.
Hopefully that information will help you get a little further. It's a lot, and possible just starting points, which is why I recommend calling support. The bottom line, though, is that legitimate mail senders should not be getting the same failure error that your telnet test is giving (the "you are not allowed" error).
Regards,
Art