Exchange 2007, FortiGate UTM,Error 451 4.4.0 and Error 400 4.4.7


Exchange 2007 (no Edge, one server with mailbox role, one server with hub+cas roles) behind a FortiGate appliance


As soon as the UTM part of the FortiGate appliance is enabled, I had a lot of 451 4.4.0 and 400 4.4.7 errors shown in the message queue (outgoing)


First, I had to check the Connectivitytimeout value for the send connector. Fortinet support pointed out that enabling ANY UTM check will add a delay that Exchange could not accept (it is something regarding incoming and outgoing mail, by the way). So, from the Exchange Management Shell I used


Get-SendConnector | fl


The value was 10 minutes, so no problem here


ConnectionInactivityTimeOut  : 00:10:00


With a little bit of search, I have noticed that the problems was limited to a list of specific domains and it looked like something related to the use of HELO.

This post was really useful and I have tried the suggested cmdlet


New-SendConnector -Name ForceHelo -AddressSpaces -ForceHELO $true

It worked. Probably one of the UTM filters expected to open the connection with the external domain using HELO. I will investigate this one with people inside Fortinet, to have a confirmation.