Sorry for the confusion!
The sequence of commands I posted essentially replicates interactively how mail servers talk to each other without using TLS.
Since I can't explain the differing HELO greet strings, I want to see if non-TLS mail sent to the outside IP actually gets to your Zimbra system.
Just based on what I see (the greet string differences), I suspect the mail system answering on the outside IP is not your Zimbra system.
Further, since TLS tends either to work or not, it just seems unusual that TLS would work for you on one IP but not on another -- especially when that "other" IP's mail system HELOs with a totally different greet string.
IOW, something is wonky and before we go messing around, perhaps needlessly, with your nice shiny Zimbra server, let's make absolutely sure the surrounding network configuration is 100% correct.
All the best,