In this scenario, Customer has set up automation in FortiGate to receive an email when someone log in with SSL VPN. To investigate, the below debug was run from FortiGate CLI to isolate the issue:

diag debug reset
diag debug enable

diag debug console

diag debug console timestamp enable

diag deb application alertmail -1

Once the issue is reproduced the debug can be disabled:

diagnose debug disable 

The above debug shows the below output with code 221:

2025-02-21 15:54:35 session finined
2025-02-21 15:54:35 _session_on_destroy
2025-02-21 15:54:35 <== send mail failed, m = 0xbd867e0 s = 0xbd73610
2025-02-21 15:54:35 session: 0xbdbffc0, rsp_state: quit, code: 221
2025-02-21 15:54:35 session finined
2025-02-21 15:54:35 _session_on_destroy
2025-02-21 15:54:35 <== send mail failed, m = 0xbd53f70 s = 0xbdbffc0
2025-02-21 15:54:35 session: 0xbd64ef0, rsp_state: quit, code: 221
2025-02-21 15:54:35 session finined
2025-02-21 15:54:35 _session_on_destroy

In this context code 221 refers to an SMTP response code: '221 Service closing transmission channel'.

This indicates that the email server is closing the connection after completing the email transmission process.

In this example, the user checked from FortiGate GUI under System -> Settings.

In the 'Email Service' section, the SMTP was enabled (Use custom settings). SMTP was enabled, the user disabled SMTP and could receive the email as desired. Issue isolated to the SMTP.

Related documents:

Use FortiGate automation stitches for alert emails