In order for Symantec Protection Center to successfully send email messages, the SMTP server must be configured for TLS and advertise STARTTLS. By default, SMG is not setup this way.
Use the following steps to configure Messaging Gateway for TLS connections:
At this point the SMG Scanner may need to restart its services. After it is back up, you can check to see if STARTTLS is being advertised by using telnet: