We recently setup a front-end server to handle activesync, rpc over https and owa. Everything works fine.
All SMTP traffic is designed to go through our back-end server, whether it be Exchange traffic or a few smtp notifications we have setup. We have one application that handles notifications, and someone switched it to the front-end server for the smtp notifications to go out. No big deal, except we found that external smtp mail works going through the fe, but not any smtp mail destined for internal recipients.
We switched it back and it works fine through the back-end, but some people have a history of making this change and we're not aware of it until days later when notifications are not getting through.
On the SMTP relay properties of the fe server, I have it set so no one can access it, yet they still can send mail through it appears. Thoughts?