SMTP server rule breaks incoming connections then rejects packets

I have a simple network set-up:

Internal network 192.168.1.0/24.
Perimeter network 10.1.1.0/24
ISA 2006 standard server as back firewall with internal address 192.168.1.221, external address 10.1.1.220
Front Cisco firewall forwarding port 25 to 10.1.1.220
Internal Exchange 2003 mail server at 192.168.1.204
Standard ISA SMTP publishing rule set up to publish SMTP Server.

When I use the SMTP tester at http://www.zoneedit.com/smtp.html I receive the test email and all is well.

When a server tries to send mail (presumeably that's more than a few lines of text), it's not received. The firewall log (an excerpt focusing on the problem) says:

Original Client IP
Transport
Source Network
Destination Network
GMT Log Time
Source Port
Processing Time
Bytes Sent
Bytes Received
Log Record Type
Log Time
Client IP
Destination IP
Destination Port
Protocol
Action
Rule
Result Code

208.78.69.71
TCP
External
Internal
14/02/2008 0:27
59992
4849
5051
5253
Firewall
14/02/2008 11:27
208.78.69.71
192.168.1.204
6263
SMTP Server
Initiated Connection
Publish Exchange SMTP SMTP Server
0x0 ERROR_SUCCESS

208.78.69.71
TCP
External
Internal
14/02/2008 0:33
59992
385985
571
122
Firewall
14/02/2008 11:33
208.78.69.71
192.168.1.204
9899
SMTP Server
Closed Connection
Publish Exchange SMTP SMTP Server
0x80074e24 FWX_E_CONNECTION_KILLED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
120121
122123
124125
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
134135
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
156157
158159
160161
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
170171
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
192193
194195
196197
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
206207
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
228229
230231
232233
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
242243
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
264265
266267
268269
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
278279
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
300301
302303
304305
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
314315
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
336337
338339
340341
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
350351
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
372373
374375
376377
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
386387
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

208.78.69.71
TCP
External
Local Host
14/02/2008 0:34
59992
408409
410411
412413
Firewall
14/02/2008 11:34
208.78.69.71
10.1.1.220
422423
SMTP
Denied Connection

0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED
and so on.

It appears that the ISA Server kills the connection before the data packets arrive and then rejects the data packets. I don't know why. I also don't understand why the destination address changes in the firewall from 192.168.1.204 to 10.1.1.220.

Unbinding the SMTP application filter from the SMTP server firewall rule changes the "connection killed" message to "abortive shutdown", but the behaviour seems otherwise the same.