What's your Exchange server version? What NDR message did the sender receive when failed sending the message?
The receive connector Default Frontend <ServerName> accepts anonymous connections from external SMTP servers. This is the common messaging entry point into your Exchange organization.
You could also refer to the official document: Scenarios for custom Receive connectors in Exchange Server
Scenario 2: Receive email from a partner
For this scenario, the Receive connector listens for TLS authenticated SMTP connections on port 25, but only from the specific IP addresses of the partner organization. No default Receive connector is suitable for this scenario; you need to create a custom Receive connector.
And here is a related thread discussed about the issue Receive connector won't work for TLS-enabled domains
You may also check Configuring the TLS Certificate Name for Exchange Server Receive Connectors
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.