Dear Mustafa,
I have attached the article that defines port 10025 for Network Prevent for Mail:
https://knowledge.broadcom.com/external/article/160297/ports-used-by-symantec-dlp.html
Additionally, I have a few questions to clarify:
1. Have you installed the network capture tool on NP for Email?
2. Are you using Forward or Reflection mode?
3. Is there any MTA between the mail server and NP for Email?
I hope this information helps you!
Regards
Junaid Ahmed