Sophos XG - Fail to send mail

Client is using a Sophos XG Firewall to filter email. The XG had been configured in MTA mode and had been working with an Exchange 2010 server running on  Server 2008R2 for about 1 year. Over the weekend, the client updated the firmware from SFOS17.0.2 MR-2, to SFOS 1706 MR-6. After the update, Sophos log reported that email had been delivered from the Sophos to Exchange, but was not received in the client mailboxes.

A call to Sophos support resulted in turning the Sophos from MTA mode to Legacy mode which achieved the objective of Email being filtered and delivered to user mailboxes, however, any reports generated by the XG (i.e. Quarantine Digest) are not being delivered from the XG to Exchange.

One symptom which the Sophos tech was unable to explain was that he was able to telnet from a workstation into the Exchange server, and get a response, but not from the XG into the Exchange server. We would get "Connection refused". When reviewing the Sophos logs (after the change to Legacy mode), System Log reports "Fail to send mail: Cannot connect to mail server servername.domainname.com:25, when attempting to send a test from the XG.

There have been no changes to the email server and the only change is the XG firmware. Has anyone else experienced this issue?