Email Prevent supports TLS and so if the upstream MTA requests TLS, Prevent will attempt to establish a secure connection with the downstream MTA, but because neither one of the components (upstream MTA, downstream MTA or Prevent) have the necessary keys/certificates in place the connection is dropped and the emails are not going through.

go to the Advanced settings for the Prevent server and change the following setting;

RequestProcessor.AllowExtensions  >>8BITMIME VRFY DSN HELP PIPELINING SIZE ENHANCEDSTATUSCODES STARTTLS

remove the 'STARTTLS' from the field referenced above.

Recycle the prevent services.