When monitoring emails sent from Symantec Data Loss Prevention (DLP) (Cloud or On-Premise) to Email Security.cloud (ESS), certain messages appear as "Email Rejected."

Checking the specific error logs in the ESS portal reveals the following status: "Blocked - no DATA from client"

Symantec DLP Cloud

Symantec DLP On-Premise: Version 16.x and above

Symantec Email Security.cloud (ESS)

This behavior occurs when a "Modify SMTP Message" response rule is triggered within DLP.

To apply the requested modifications (such as adding headers or changing the subject line), the DLP server must:

1. Terminate the initial SMTP connection to ESS.

2. Initiate a brand-new connection containing the modified message data.

The "Blocked - no DATA from client" error is logged by ESS for the first (terminated) connection because the session was closed before the actual email data packet was transmitted.

No action is required; this is expected behavior.

While the logs show a rejection for the initial connection attempt, the email is not lost. DLP immediately establishes a second connection to deliver the modified version of the email. You can verify successful delivery by searching for the same Message ID or Recipient in the ESS logs to find the subsequent "Delivered" or "Accepted" entry.