Hi Souradeep. Excellent Question. You need a hold/qurantine queue for SMTP to be able to do that. There are multiple ways, how this could be achived.
You add a header via DLP & ask for your next HOP to Quarantine if that specific header (#quarantine) is found.
The next hop should have the hold functionality which then your incident review team then could release/drop on a case-to-case basis.
Generally, there are companies that use Brighmail Gateway, IronPort, etc. as their next HOP serving as a Quarantine. Some companies even use the free linux services for this purpose (URL below):
https://www-secure.symantec.com/connect/blogs/absence-additional-budgets-qurantine-solution-used-dlp-smtp-prevent-use-postfix-interim
Similar how there is variety, in the configurations that could servce this purpose, there are different options for the workflow as well.
On Symantec Brightmail for example, some companies who have their LDAP in sync, might also implement a user/manager based self-review review-release/drop workflow or some even leave theonus on the central incident management team to do that. Whatever suits you the best.