How does Microsoft Exchange determine which mailbox database a mailbox is in upon authenticating via POP3?

Performing a Microsoft Exchange 2010 to 2016 migration and everything is ready for transition besides this one problem.

I have an internal CNAME DNS record mail.domain.tld that is pointing to the Exchange 2010 server 192.168.0.10. The Exchange 2016 server is 192.168.0.20.

When I attempt to authenticate via POP3 on the Exchange 2016 server (using OpenSSL command 'openssl s_client -connect 192.168.0.20:995'), the server will authenticate me whether the users mailbox is on 2010 or 2016, and when I terminate the connection I know this because I get a response of '+OK Microsoft Exchange Server 2016 POP3 server signing off.' or '+OK Microsoft Exchange Server 2010 POP3 server signing off.', depending on where the mailbox resides.

When I attempt to authenticate via POP3 on the Exchange 2010 server I am only able to authenticate with mailboxes on the 2010 server, which I know is normal functionality.

However, when I change the internal CNAME DNS record mail.domain.tld that is pointing to the Exchange 2010 server 192.168.0.10 to the Exchange 2016 server 192.168.0.20, when I attempt to authenticate on the Exchange 2016 via POP3 for a mailbox on 2010, the server gives me an authentication error '-ERR Logon failure: unknown user name or bad password.'. I can only assume it is failing to determine which Exchange server the mailbox belongs to and is authenticating me for the Exchange 2016 server, not 2010.

Where can I check the configuration for Exchange 2016 to see how it is determining which mailbox database the mailbox belongs to? My best guess is that Exchange 2016 is seeing that the mailbox belongs to Exchange 2010 and is pointing to mail.domain.tld, thinking that is the 2010 server, when in fact it is the 2016 server and then giving me this authentication error as the mailbox isn't in this database.

Worth noting that on the Exchange 2016 EAC under Servers --> Databases that each mailbox database that is listed has the server FQDN as the server name, not the CNAME record mail.domain.tld

EDIT:

I was able to work around the issue and determined what was causing it. The proxy settings for the POP3 InternalConnectionSettings and ExternalConnectionSettings for Exchange 2016 and the HELO response for Exchange 2010 for POP were both set to mail.domain.tld

What was happening was when I would change the CNAME record for mail.domain.tld from Exchange 2010 to Exchange 2016, when Exchange 2016 was set as the primary CAS, it was trying to send connections for mailboxes not on 2016 to mail.domain.tld and would get stuck in a loop trying to authenticate with itself.

I changed the CNAME record to point to Exchange 2016 and set a DNS record in the hosts file on Exchange 2016 to point mail.domain.tld to the Exchange 2010 server and this fixed the issue.

Now I am able to start migrating mailboxes over from 2010 to 2016.

I was able to work around the issue and determined what was causing it. The proxy settings for the POP3 InternalConnectionSettings and ExternalConnectionSettings for Exchange 2016 and the HELO response for Exchange 2010 for POP were both set to mail.domain.tld

What was happening was when I would change the CNAME record for mail.domain.tld from Exchange 2010 to Exchange 2016, when Exchange 2016 was set as the primary CAS, it was trying to send connections for mailboxes not on 2016 to mail.domain.tld and would get stuck in a loop trying to authenticate with itself.

I changed the CNAME record to point to Exchange 2016 and set a DNS record in the hosts file on Exchange 2016 to point mail.domain.tld to the Exchange 2010 server and this fixed the issue.

Now I am able to start migrating mailboxes over from 2010 to 2016.