In our enterprise we have our iphones connecting to a OWA server (webmail), that ensures that we can place SMTP incoming and outgoing restrictions on the firewall to only allow that protocol to and from messagelabs (who filter our email). The phones work fine going through OWA .. always seemed that by having separation that way it reduces security incidents.
How do you have your iphones configured, directly to the exchange server ? that uses different ports than 25 though ?