How does Symantec Messaging Gateway (SMG) behave after its license expires?

The Messaging Gateway will "fail open" following license expiration:

What Will Continue to Work

Email

• Email messages will continue to be accepted and delivered based on the static configuration in Protocols > Domains and Administration > Configuration > host > SMTP
• Address Masquerading and Aliases will operate as expected
• Integration with Data Loss Prevention systems (DLP) will continue to operate as expected but no policy actions configured in SMG will take effect.
• MTA DNS checks (Protocols > Settings) will still operate as expected
• Sender Authentication checks will still be performed but no policy actions will take effect
• TLS secured email delivery and per-domain TLS settings will continue to operate

Control Center

• Access to the Management Console remains unrestricted.
• Message Audit Logs will display some email message specific information such as Connecting IP, Date, Sender, and Recipient
• Scheduled and manual backups will still be performed
• Automated reports will still be generated and distributed but will not contain data for services which are no longer licensed.
• Spam and Compliance Quarantine data will continue to be expunged on schedule.
• Management of scanner queues will operate as before

What Will No Longer Work

• No policies configured under the following tabs will operate
  • Reputation
  • Spam
  • Threat Defense
  • Malware
  • Content Filtering 
• Messages will no longer be forwarded to the Content Encryption service
• Antivirus and Antispam rulesets will no longer be updated.
• Software updates and patches will no longer be accessibe

Additional Notes:

• Messaging Gateway licenses no longer have a "grace period". Message filtering will end at the license end date.
• Licenses cannot be installed prior to the start date of the license.
• Some components may log errors to disk when running in an unlicensed state which may deplete available disk space