Are you saying that for every inbound message you delivered forward to your internal Exchange servers, an NDR was returned from Exchange outbound through SBG? You need to look at the NDRs and figure out why you are delivering mail to exchange that has no recipient. With 2 million NDRs, do you have
--
Symantec Global Bad Senders rejecting e-mail?
-- have you configured directory integration and recipient validataion to reject bad recipients
If you could describe more of your design / mail flow / policy that would help.