Modern Workplace English,FortiGate,Microsoft Exchange 2007, FortiGate UTM,Error 451 4.4.0 and Error 400 4.4.7

Exchange 2007, FortiGate UTM,Error 451 4.4.0 and Error 400 4.4.7

Scenario:

Exchange 2007 (no Edge, one server with mailbox role, one server with hub+cas roles) behind a FortiGate appliance


Problem:

As soon as the UTM part of the FortiGate appliance is enabled, I had a lot of 451 4.4.0 and 400 4.4.7 errors shown in the message queue (outgoing)


Solution:

First, I had to check the Connectivitytimeout value for the send connector. Fortinet support pointed out that enabling ANY UTM check will add a delay that Exchange could not accept (it is something regarding incoming and outgoing mail, by the way). So, from the Exchange Management Shell I used

 

Get-SendConnector | fl

 

The value was 10 minutes, so no problem here

 

ConnectionInactivityTimeOut  : 00:10:00

 

With a little bit of search, I have noticed that the problems was limited to a list of specific domains and it looked like something related to the use of HELO.

This post http://www.networkadminsecrets.com/2010/04/421-and-451-exchange-2007-errors.html was really useful and I have tried the suggested cmdlet

 

New-SendConnector -Name ForceHelo -AddressSpaces problemdomain.com -ForceHELO $true


It worked. Probably one of the UTM filters expected to open the connection with the external domain using HELO. I will investigate this one with people inside Fortinet, to have a confirmation.