You are seeing a lot of undelivered emails on your Exchange server queues, which are not being accepted for delivery by your DLP Cloud Service for Email.

Release : 15.8

Component : DLP Cloud Service for Email, integrated with on-prem Exchange (aka - the DLP Cloud Service in "hybrid mode")

Confirm whether any new certificates have recently been applied to the SMTP services in Exchange.

When saving new certificates for Exchange, it is also necessary to ensure the certificates have been applied to all the service in Exchange - most importantly, to the "SMTP" service, so that mail delivery can utilize the new certificate. Otherwise, the old certificate will continue to be presented.

Updates to Exchange are outside the scope of DLP Support, but we have found the following article discusses the steps required:

Assign certificates to Exchange Server services | Microsoft Docs

Messages sent from Exchange servers to DLP will be dropped if the Exchange certificate has expired - because the DLP Cloud Service is not an MTA (we are an SMTP Proxy), messages are never held by the Cloud Service. Instead, they would queue upstream if bounced or rejected.