Messaging Gateway (SMG) has been configured to use TLS security when accepting mail from the internet but all attempts to deliver TLS secured email to SMG fail with a "500 5.5.2 unrecognized command".
A telnet test to the SMG scanner shows that the expected 250-STARTTLS in the EHLO response has been replaced with 250-XXXXXXXA:
A Cisco / PIX firewall is intercepting and modifying the SMTP session
This issue is caused by an intermediate firewall, usually Cisco PIX, doing SMTP packet inspection and disallowing TLS sessions to the Messaging Gateway. SMTP packet inspection will need to be disabled or modified on the firewall.
Please see Why do you see XXXXXXXA after EHLO and "500 #5.5.1 command not recognized" after STARTTLS? for detail.