Can't connect to Exchange 2016 with port 587 TLS

Hi everyone i'm having issues with SMTP notifications connecting on port 587 with TLS.

Right now I have an internal Exchange 2016 server and all email works great. I have a few customers who have software (mainly backup software) that can have SMTP notifications setup. In order to do this, I need to connect to my SMTP server.

If I connect using port 25 all mail and tests seem to work fine. If I tell it to use TLS and port 587, however, the connection never goes through. I've tried going through the default receive connector and making sure my SSL cert is bound to the connection. Ive forwarded 587 on my firewall and verified everything else, but it just won't work.

I did notice that in the documentation the default connector on 587 is used for IMAP/POP accounts. In this case its SMTP notifications so I'm not sure if that matters. Its just a backup software with an option to specify SMTP server, port, and login creds.

Anyone have any idea of what I could be missing or what could possibly be locking this out? I feel like im misunderstanding something or missing something obvious as everything I've looked into is configured properly.

Any help would be greatly appreciated!!

openssl s_client -connect -starttls smtp exchange01.int.contoso.com:587

I did verify this and ran the command to ensure my paid cert is set. Looking at the bottom of the openssl text under SSL-Session it says: Protocal TLSv1

I had to have the host after the -connect argument or I would get errors about specifying a port. 'openssl s_client -starttls smtp -connect exchange01.int.contoso.com:587'