After upgrading to Symantec Data Loss Prevention 15.8, one Network Prevent for Email detection server does not see any email traffic.

Reflect mode is enabled.

The RequestProcessor0.log shows:

INFO: (SMTP_CONNECTION.1201) Connection accepted (tid=25 cid=Upstream-xxxxxxxxxx local=x.x.x.x:10025 remote=x.x.x.x:50708)
Jul 19, 2021 7:54:11 AM com.vontu.mta.rp.log.SmtpLogManager logForwardHostNotAvailable

SEVERE: (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=25 cid=<> reason=Connection refused: connect)
Jul 19, 2021 7:54:11 AM com.vontu.mta.rp.log.SmtpLogManager logUpstreamConnectionClosed

Jul 19, 2021 7:54:27 AM com.vontu.mta.rp.ESMTPRequestProcessorThread run
WARNING: RPT(28): Could not establish session peers.
com.vontu.mta.rp.MTAException: Unable to establish forwarding connection.
 at com.vontu.mta.rp.EventLoop.establishPeers(EventLoop.java:77)
 at com.vontu.mta.rp.ESMTPRequestProcessorThread.run(ESMTPRequestProcessorThread.java:91)
 at java.lang.Thread.run(Thread.java:748)

Symantec Data Los Prevention 15.8

The wrong port is set for RequestProcessor.MTAResubmitPort

 1. In the Enforce web console, navigate to System > Servers and Detectors > Overview > Select the Network Prevent for Email detection server > Server Settings.
 2. Scroll down to "RequestProcessor.MTAResubmitPort". What port is being used? 
 3. Confirm with your MTA team that the port specified in "RequestProcessor.MTAResubmitPort" is the correct one DLP should be using when communicating back in reflect mode.