No you don't have to worry about creating any ACL rule for the return traffic as that will be allowed by default on the ASA. The ASA will create a state entry for the leaving traffic, and when the traffic comes back the ASA will check its state entries and if there is an existing one it will then allows the return traffic to pass through.

I'm not clear about the packet capture. You mentioned this was taken from a VPN client (192.168.1.15) trying to connect to the SMTP server, is that correct? if so, why the capture shows the return traffic coming from a public IP address (52.96.79.162) instead of the internal SMTP server (192.168.1.201)? where is the internal SMTP server sitting on your network? could you please draw a quick diagram showing where the SMTP is sitting from the ASA perspective? also you mentioned that the issue could be caused by a NAT rule? which NAT rule are you referring to?

The VPN pool must not overlap with anything on your network, otherwise this would cause routing issues from the ASA perspective. However, when you create a VPN pool on the ASA and there are no VPN clients connected yet, or there is no client connected with the IP of an internal resource (in this case I'm referring to the SMTP internal IP 192.168.1.201), then the ASA would not have any route defined for that IP or subnet.

The way how the ASA deals with the VPN pool routes is dynamic and it creates host routes for the connected clients. In your case you have the VPN pool 192.168.1.0/24 defined, so let's say you have 10 VPN clients connected and they were assigned the first 10 IP addresses from the VPN pool. This will result in having 10 host routes with /32 created dynamically on the ASA, these routes will be flushed once the VPN clients are disconnected. So they only last for the duration of the client VPN sessions.

Now let's assume that you also have defined a static route on the ASA towards the 192.168.1.0/24 subnet going via a downstream device. What I think would happen in that case is that the ASA will keep using the host routes for the VPN clients that have been created dynamically, and would also use the 192.168.1.0/24 static route to reach anything in the 192.168.1.0/24 subnet that does not have a host route created. The routing preference will be based on the longest match, so if the traffic is destined to the IP 192.168.1.201 and this IP happened not to be taken by any VPN client then I think the ASA in this case will use the defined static route towards the 192.168.1.0/24 subnet. I'm not saying that having an IP addressing overlap between the VPN clients pool and the internal resources would be ok, but I'm trying to break it down a bit and trying to locate the causing issue. Best practice will still be to have a non-used range/subnet on your network that will be dedicated for the VPN clients.

Please see attachment of network diagram. 

The packet capture was taken when I tried to set up SolarWinds Kiwi Syslog server and received a connection error after I put in the smtp login information. 

The 52.96.79.162 address is one of Microsoft’s “smtp.office365.com” addresses.  The 192.168.1.201 address is the local host where SolarWinds Kiwi Syslog is installed to provide logging for the ASA, the 192.168.1.15 host is my laptop on the VPN.   

The reason why I brought up NAT was because I didn’t see DMZ in the last NAT statement in our configuration using the DMZ interface - 192.168.1.0./24, I only saw the ones below.

nat (DMZ,outside) source static any any destination static DMZ_VPN_POOL DMZ_VPN_POOL no-proxy-arp route-lookup

object network DMZ_VPN_POOL

 nat (outside,outside) dynamic interface

object network inside

 nat (inside,outside) dynamic interface

Should the DMZ_VPN_POOL NAT statement be configured as shown below since the DMZ interface is 192.168.1.0./24 & the outside is the 52.X.X.X?

object network DMZ_VPN_POOL

nat (DMZ,outside) dynamic interface