Out of office replies from some external domains are being deleted because they fail BATV.
Looking the Message Audit Log on Symantec Brightmail Gateway (SBG) entries are seen that indicate that the message failed bounce attack validation.
The subject portion of the failed message has also a string similar to out of office: <original subject>
Exchange 2007 and 2010 will send Message Disposition Notifications using a null sender address and will also use the MAILFROM address as the RECIPIENT and this will cause messages to fail verification, because it generates a new message that does not contain the original signature Return-Path added when it passed through the SBG appliance.
RFC 3798 - The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or
other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN.
RFC 3834 - Section 4 says auto-replies SHOULD be sent to the return path.
RFC 3834 - section 7 gives an example of a Personal Responder (which is what the Out of Office Assistant is), and it uses a null sender, and the Return-Path of the subject message as the recipient.
RFC 2821 - Section 4.5.5 says non-standards-track autoreplies SHOULD be sent with non-null return paths.
It is required to change the default action for messages that fail BATV validation to Deliver message normally and create a content filtering policy to address the issue.
To change the default action for the BATV validation:
Symantec Brightmail Gateway 9.0