We can't seem to get port 25 to stay open on the server. The correct IP server IP address -- 192.168.20.1 -- is mapped to port 25, all Exchange services are up, and our static NAT statements are correct in the firewall. Yet our spam service can't telnet in and they won't release cached mail until they can.
We can telnet on the LAN.
Telnet has never been open on the WAN, just port 25 forwarded to our mail server.
For some reason, port 25 was originally mapped by the server (during setup? we did not indicate this IP at all) to 192.168.20.2, an IP that we don't use at all. The second NIC on the server is disabled.