i've been on a 24 hour binge of google and nada thus far, even though this topic has been hammered so many times.
So we have a exchange 2003 box with etrust Secure Content manager on it. All mail outbound, and inbound go through SCM. the SCM listens on port 25 (external and internal) and exchange 2003 listens on 2525 and sends on port 25.
the exchange 2007 (sp1) was installed using an excellent punch list (http://www.msexchange.org/tutorials/Transitioning-Exchange-2000-2003-Exchange-Server-2007-Part1.html
) to the T with no problems along the way. moving mailboxes was fine (just moved a couple) but was getting the infamous "451 5.7.3 cannot acheive exchange server authentication". Quick google pointed to the intergrated windows auth. on the 2003 default SMTP virtual server, which i did. no change.
i rebuilt the routing connectors several times (currently have a interop rgc) which can be seen in the 2003 ESM. and eventually email was able to go from exchange 2003 to 2007.
So, outside people can email to the one user on the 2007 server. Inside people on the 2003 can email to the user on the 2007. 2007 can send to people outside (using the smarthost on the 2003 SCM server), but cannot send to local users.
OWA does switch over (internally, haven't changed the outside DNS settings yet) for the 2007 user.