One or more users are trying to send emails to a specific domain via Symantec's mail servers but these emails are going into retry as the Email Security.cloud service is unable to connect to the recipient's infrastructure.
421 4.4.0 [internal] no MXs for this domain could be reached at this time
Note that the "MXs" part in error message "421 4.4.0 [internal] no MXs for this domain could be reached at this time" does not refer to MX records in context but rather stands for "Mail Exchanger".
This is could be caused by an Intrusion Prevention System inspecting SMTP traffic, using specific SMTP rules such as:
An intrusion prevention system can also have different actions on the amount of time an IP address can be blocked for, such as:
The recipient mail server administrator will need to investigate this issue on their side and allow the Symantec Email Security.cloud services IP ranges on port 25 to deliver mail to their infrastructure.