Exchange 2010 530 5.7.1 Client was not authenticated from some MTAs

I have a strange issue on an Exchange 2010 Version: 14.03.0158.001 (latest to date). The receive connector is set up correctly, with anonymous users checked, but still, I can receive mail from some servers (like gmail and some hosts I have access to) both plaintext and TLS, but from some other hosts, that are perfectly legit and support TLS and plaintext too, I get the error in $subject. The logs show the same things I can see if I try to send email manually via telnet.

The only thing that changed recently was a DST switchover yesterday, but the host is set to UTC-7 and seems to be bang on

here's a set of failed and passed comms:

"220 mail.exchange.ca Microsoft ESMTP MAIL Service ready at Mon, 4 Nov 2013 15:44:28 -0700",
EHLO cantsend.com,
250-mail.exchange.ca Hello [1.2.3.4],
250-SIZE 10485760,
250-PIPELINING,
250-DSN,
250-ENHANCEDSTATUSCODES,
250-STARTTLS,
250-AUTH LOGIN,
250-8BITMIME,
250-BINARYMIME,
250 CHUNKING,
MAIL FROM:<[email protected]> SIZE=1095 BODY=7BIT,
530 5.7.1 Client was not authenticated,

"220 mail.exchange.ca Microsoft ESMTP MAIL Service ready at Mon, 4 Nov 2013 15:46:04 -0700",
EHLO cal1-mh747.smtproutes.com,
250-mail.exchange.ca Hello [192.69.16.69],
250-SIZE 20971520,
250-PIPELINING,
250-DSN,
250-ENHANCEDSTATUSCODES,
250-STARTTLS,
250-AUTH,
250-8BITMIME,
250-BINARYMIME,
250 CHUNKING,
MAIL FROM:<[email protected]> SIZE=78604,
08D0A7BE5BCEFE28;2013-11-04T22:46:04.886Z;1,receiving message
250 2.1.0 Sender OK,
RCPT TO:<[email protected]>,
250 2.1.5 Recipient OK,
DATA,
354 Start mail input; end with <CRLF>.<CRLF>,
Tarpit for '0.00:00:31.033' due to 'DelayedAck',Expired;Timeout
250 2.6.0 <[email protected]> [InternalId=18696] Queued mail for delivery,
QUIT,
221 2.0.0 Service closing transmission channel,