A duplicate Message Audit Logs entry, showing Action as "Message rejected by MTA", exists for a message that has been accepted and processed by Symantec Brightmail Gateway (SBG) appliance.
For a message that has been accepted and processed by SBG, a duplicate entry exists on Message Audit Logs page showing Action as "Message rejected by MTA". This duplicate entry shows the Time, From, and Original Subject fields exactly as those shown under the Audit Logs entry for the message that was accepted, but the To field shows None.
Most common cause of this issue is a blocking firewall that is masking some Enhanced SMTP (ESMTP) commands from the SMTP client to SBG appliance. For example, EHLO can be masked by Mailguard feature of the PIX firewall.
If you are seeing this issue for almost every message that is accepted by the appliance, then please make sure that ESMTP commands to the SBG appliance are not masked or blocked by any device between the SMTP client and the SBG appliance.
You may also notice this issue if an SMTP client sends an invalid command to SBG during SMTP conversation, before completing a successful SMTP conversation over the same connection. For example, if there is an error in the first HELO command, or the MAIL FROM command, but subsequent commands are successful, then two entries are seen in Message Audit Logs with the first one showing "Message rejected by MTA".