Do you have the internet Email auto-protect feature enabled?

Can you check your Risk log to see what is showing?

Were there any attachments in the email?

is it block all email or just some?

E-mail auto-protect is not enabled. E-mails with attachments and without attachment. At some point e-mails will go through but mostly not. At first i thought it was the network but internet will be accessible. Risk log doesn't have anything on.

Hi,

Do you have send mail any third party tool ?

What happend if you have send mail singal user ?

Check this thread

https://www-secure.symantec.com/connect/forums/how-do-i-prevent-endpoint-protection-blocking-outbound-emails-large-groups-people

Does disabling the firewall allows all emails to be sent out? Any traces of traffic being blocked in firewall traffic logs?

@ Brain...we're on SEP 12.1 and using app & device control, f/w & IPS no external liveupdate (the SEPM get updates from the internet), using embedded db, f/w rules are defaults. No relay server

@shish...No, we are using groupwise not outlook

@sebastian...Unable to turn on/ off windows f/w. notification "This settings are being managed by vendor application Symantec Endpoint Protection"

On the traffic log:

2013/02/06 09:45:51 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 5 2013/02/06 09:45:43 AM 2013/02/06 09:45:49 AM Block IPv6 
2013/02/06 09:45:30 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 28207 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 28783   Default 1 2013/02/06 09:45:17 AM 2013/02/06 09:45:17 AM Block IPv6 
2013/02/06 09:45:30 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 3 2013/02/06 09:45:11 AM 2013/02/06 09:45:17 AM Block IPv6 
2013/02/06 09:45:02 AM Blocked 10 Incoming UDP FE80:0:0:0:8AC6:63FF:FEFC:8F9B 88-C6-63-FC-8F-9B 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 11 2013/02/06 09:44:35 AM 2013/02/06 09:45:02 AM Block IPv6 
2013/02/06 09:44:56 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 28207 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 28783   Default 1 2013/02/06 09:44:45 AM 2013/02/06 09:44:45 AM Block IPv6 
2013/02/06 09:44:28 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 28207 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 28783   Default 3 2013/02/06 09:44:17 AM 2013/02/06 09:44:29 AM Block IPv6 
2013/02/06 09:44:28 AM Blocked 10 Incoming UDP FE80:0:0:0:9A4B:E1FF:FE3C:3EB5 98-4B-E1-3C-3E-B5 26996 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 31037   Default 2 2013/02/06 09:44:15 AM 2013/02/06 09:44:16 AM Block IPv6 
2013/02/06 09:44:28 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 17 2013/02/06 09:44:13 AM 2013/02/06 09:44:29 AM Block IPv6 
2013/02/06 09:43:55 AM Blocked 10 Incoming UDP FE80:0:0:0:5E95:AEFF:FE5B:572 5C-95-AE-5B-05-72 5353 FF02:0:0:0:0:0:0:FB 33-33-00-00-00-FB 5353   Default 1 2013/02/06 09:43:41 AM 2013/02/06 09:43:41 AM Block IPv6 
 

I think its coz of IPV6 

IPv6 support in Symantec Endpoint Protection 12.1