Getting no incoming mail using spamexperts combined with XG MTA



We want to use Sophos XG email MTA as a second filter for spam and virusscanning, because we notice that SpamExperts (spam filter we use) does not always catch everything.

So at the moment our setup is like this.

Our MX records for our domain name are set to the mx records for SpamExperts and in our Spamexperts portal our destination is set to our public IP and a certain port which are delivered to Exchange via port 25 with a Sophos firewall rule that only allows servers from spamexperts to deliver the mail.

So I tried to active MTA and setup a smtp-scanning rule using this article: I changed the auto added firewall rule to only use wan as source as I only want this for incoming mail. Disabled the rule I had for the delivery of mail directly to Exchange.

SpamExperts is not able to deliver the mail to the XG, is there something that I'm missing?

In the protected domain I filled in 


Edit: When running the SMTP test tool on SpamExperts I get a succesfull smtp reply from the Exchange server using my first method, but when trying the MTA method I don't even get a SMTP response. Under administration>Device Access SMTP Relay is enabled under WAN and our LAN zone

Doing a open port scan on port 25 and 587 results in a closed port, shouldn't this be open as the XG acts as a MTA?