Email Prevent supports TLS and so if the upstream MTA requests TLS, Prevent will attempt to establish a secure connection with the downstream MTA, but because neither one of the components (upstream MTA, downstream MTA or Prevent) have the necessary keys/certificates in place the connection is dropped and the emails are not going through.
go to the Advanced settings for the Prevent server and change the following setting;
RequestProcessor.AllowExtensions >>8BITMIME VRFY DSN HELP PIPELINING SIZE ENHANCEDSTATUSCODES STARTTLS
remove the 'STARTTLS' from the field referenced above.
Recycle the prevent services.