If you notice that you are not receiving emails to your server, but can ping your mail server from the TMG server, you should be looking into the Logs & Reports. Edit the filter and set it to Protocol Equals SMTP.
In my case, I got a lot of "A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer."
Researching the web, I could not come close to what the problem was. The only place that I could get a hint was when I was looking at the Monitoring section where I found, by looking at the date and time, a "Server Publishing Failure".
It indicated that one of my firewall rules that I had created did not publish and it was my mail smtp server rule which I had duplicates of but to two different servers since I have two mail servers on my network.
Deactivating the extras, and applying the settings solved the problem.
Update 1:
I have learned that you recieve this error as a generic error when there is no communication between the firewall and the destination. If you are trying to make a servers service or protocal accessible to the outside, you need to publish a non-webserver protocol with the correct properties, not just open a port.
If TMG detects a protocal, and you have not defined a rule for it, it will apply its own system rule.
