Firstly, do you have a list of all the message lab ip addresses?
Once you have them, then you can create an object-group:
object-group network messagelabs
network-object host
and just keep on adding all the message lab ip subnet/ip addresses
Then check if there is any access-list applied to the ASA inside interface, and add to the existing access-list:
access-list permit tcp host object-group messagelabs eq 25
Do you also need inbound mail from messagelabs towards your internal mail server?
I assume you already have the NAT configured?