I ran into some issues with Exchange running through Zone-based firewalls, where the servers would not pass mail between them. This appears to be related to SMTP inspection rejecting the ESMTP commands Exchange uses. The problem can be resolved by creating a class for SMTP between your mailservers, and configuring it with a pass action, instead of inspect. Just remember that you need to create rules in both directions, and the class must be before any classes that would inspect the traffic.

A Simple config would look something like this, with the mail servers at 172.16.1.10 and 172.17.1.10.

ip access-list extended ACL-FIREWALL-EXCHANGE
 permit tcp 172.0.1.10 0.255.0.0 172.0.1.10 0.255.0.0 eq 25
 permit tcp 172.0.1.10 0.255.0.0 eq 25 172.0.1.10 0.255.0.0
 ! The access-list matches traffic to or from either mail server 

class-map CLASS-FIREWALL-EXCHANGE
 match access-group name ACL-FIREWALL-EXCHANGE

class-map CLASS-FIREWALL-ALLOWED-PROTOCOLS
 match protocol HTTP
 match protocol HTTPS
 match protocol FTP 

policy-map type inspect POL-MAP-LAN-TO-WAN
 class  CLASS-FIREWALL-EXCHANGE
  pass
 class  CLASS-FIREWALL-ALLOWED-PROTOCOLS
  inspect 
 class class-default
  drop 

policy-map type inspect POL-MAP-WAN-TO-LAN
 class  CLASS-FIREWALL-EXCHANGE
  pass
 class  CLASS-FIREWALL-ALLOWED-PROTOCOLS
  inspect 
 class class-default
  drop 

zone security WAN
zone security LAN
zone-pair security WAN-TO-LAN source WAN destination LAN
 service-policy type inspect POL-MAP-FIREWALL-OUTBOUND
zone-pair security LAN_TO_WAN source LAN destination WAN
 service-policy type inspect POL-MAP-LAN-TO-WAN

interface e0/0
 zone-member security LAN

interface s0/0
 zone-member security WAN