To troubleshoot further, please retrieve couple of mail logs for the messages in issue. Please note the time difference between the connection is initiated (ICID) and the connection aborted. If the time difference is 5 minutes or more (bounce profile), it indicates that packets are getting delayed somewhere in the network before reaching to IronPort. You need to check if there is any SMTP inspection going on in your network for port 25 traffic. This could be a firewall or any other SMTP inspection device in your network. You need to disable the SMTP inspection to resolve this issue.
If this is not the case, I will suggest you to open a TAC ticket to investigate further.
Customer Support Engineer, Team Lead
Cisco Content Security Technical Assistance Center
I've seen some issues like this where TLS is in use and seems to precipitate this problem. If TLS is not required for the domain you're communicating with you might try turning off TLS in a test mail flow policy for their IP.
Alternatively, and I don't know if you're comfortable with packet capture, but you can do a pcap on the IronPort from the Help and Support area in the upper right of the GUI. If you see a lot of TCP retransmission in the SMTP conversation with the problem host that can help you determine a possible communication failure, either in your network or the sender's.
You can do a pcap before and after disabling TLS for the problem sender and see if the communication problem follows TLS. I imagine you'll find retransmissions and a TCP RST.
I could be off the mark, but something to consider.