As sicon says, you have your rule directions messed up (your first rule applies to inbound traffic, while your second to outbound). You are also making things unnecessarily complex, trying to chain two "Block if no further match" with a negated IP address in the second. I would also not try to modify the Default Data Filter rule set (Set #2), but rather set up your rules in Set #3, say, and make sure you explicitly chain from Set #2 to Set #3.

I assume you have established a service object named "Mail" with the following settings:

Name: "SMTP"
Protocol: TCP
Source Port: =1~65535
Destination Port: =25~25

Then, change your fisrt two rules to be as follows:

1st Rule active: Yes
Enabled: Yes
Comments: Block SMTP Out
Schedule indexes: none
Clear sessions when schedule ON: No
Direction: LAN/RT/VPN -> WAN
Source IP: Any
Destination IP: Any
Service Type: SMTP (as Service Object)
Fragments: Don't care
Filter: Block If No Further Match, with Syslog
Branch to Other Filter set: None

2nd Rule active: Yes
Enabled: Yes
Comments: Allow SBS SMTP
Schedule indexes: none
Clear sessions when schedule ON: No
Direction: LAN/RT/VPN -> WAN
Source IP: 192.168.1.8 (as single IP address)
Destination IP: Any
Service Type: SMTP (as Service Object)
Fragments: Don't care
Filter: Pass immediately, with Syslog

Then, I'd preface your 3rd rule (allowing inbound traffic from WebSense) with another rule which similarly sets "Block If No Further Match" on all inbound traffic to TCP port 25.

We do this here on our 2850 (and, previously, on a 2830) and it works flawlessly.