We have got two Cisco PIXes 525 (PIXA, PIXB (failover) ) connected to another two PIXes (PIX1, and PIX2),,,,we have got no administrative control over other two PIXes (i.e. PIX1, PIX2).
 
The outside address for us (our company) is ip address between (PIXA,PIXB) and (PIX1, PIX2) which is: 10.1.1.0/24,,,and in turns PIX1, PIX2 connect to outside world (public ip addresses)
 
I have got two mail firewall devices within our dmz area (PIXA, PIXB)
 
First mail firewall (mfa)192.168.101.3, and Second mail firewall (mfb)192.168.101.5
 
Our two clustered Exchange mail servers in inside area (not DMZ), with Clustered ip address is 192.168.2.23
 
Function of the mail firewall (Boarderware MX200) is : receives emails from outside and delivers them to exchange and other way around receives emails from exchange and delivers them to outside.
 
Note: We used to use format 192.168.101.x for any ip addresses within DMZ region
 
The configuration with our firewall (PIXA,PIXB) are :
 
static (inside,dmz) 192.168.101.253 192.168.2.23 255.255.255.255 0 0
static (dmz,outside) 10.1.1.132 192.168.101.3 netmask 255.255.255.255 0 0
access-list dmz permit tcp host 192.168.101.3 host 192.168.101.253 eq smtp
access-list outside permit tcp any host 10.1.1.132 eq smtp
access-list outside permit tcp host 10.1.1.132 host 192.168.2.23 eq smtp,,,,I do not why this was there,,,,I guess it is wrong!!!!
 
access-group outside in interface outside
access-group dmz in interface dmz
 
We used second mail firewall (mfb), we have created cluster for the load balancing with the first one mail firewall.
 
We have created same rules as first mail firewall (mfa) ,,i.e like below:
static (inside,dmz) 192.168.101.253 192.168.2.23 255.255.255.255 0 0,,,this is already there
static (dmz,outside) 10.1.1.202 192.168.101.5 netmask 255.255.255.255 0 0
access-list dmz permit tcp host 192.168.101.5 host 192.168.101.253 eq smtp
access-list outside permit tcp any host 10.1.1.202 eq smtp
 
In order to eliminate the resources of the the problem , what test should I do ?

From outside (through net),,,I did this test to the First Mail Firewall (mfa),,,which is on production line
 
telnet 213.178.101.3 25,,,,,,,,,,,,,,,,fake public ip address, which is natted to first mail firewall
220 mfa.exfw.in ESMTP
helo mfa
250 mfa.exfw.in
mail from: nicename@us.com
250 Ok
rcpt to: a.peter@exfw.in
250 Ok
data
354 End data with .
test message
.
Quit
.
Quit250 Ok: queued as 86946A7AMD
 
but I failed when I tried to do same test on Second Mail firewall (mfb) ?

For more clarification, please see this diagram from BoarderWare Mail Firewall Documentation
http://img402.imageshack.us/img402 [...] reazm7.jpg

Does your MXtreme mail firewall have a static NAT in your PIX firewall?  And if so does the PIX allow SMTP traffic to the MXtreme Mail Firewall?
 
 
To me it sounds like an access-list issue or NAT issue. If only one of your servers works when testing smtp via telnet then most likely you have something blocking it (probably access-list related).

Yes, as it can bee seen in the configuration that I have posted  
static (dmz,outside) 10.1.1.132 192.168.101.3 netmask 255.255.255.255 0 0
 

Yes, as it can bee seen in the configuration that I have posted  
access-list outside permit tcp any host 10.1.1.132 eq smtp  
 

As you have see both of them are there.
 

You meant to say MXtreme Mail Firewall instead of servers ,,,didn't you ?

If you issue "show access-list outside" after trying to telnet to the second mail firewall (to the public IP) do you see any hits taken on the statement permitting anything to 10.1.1.202 for smtp traffic?
 
Also you need to permit the smtp traffic on the PIX to the public IP address of the second mail firewall.