A situation arises when FortiMail stops relaying email from older devices/applications due to a STARTTLS issue.

Old Application/printer does not support STARTTLS, but it used to work and relay email before. But due to a change in FortiMail, email relay from these devices stops working.

In such a case, the logs on FortiMail should be checked first to identify the error being generated and the policy associated with it. .

from=<test@demolab.local>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=SMTP_MTA, relay=[172.26.61.6]

Milter: to=<app@external.local>, reject=421 4.7.0 STARTTLS is mandatory

TLS is mandatory

The screenshot shows that policy 1:1:0 SYSTEM was used for relaying. The first step is to review ACL 1.

The ACL is used to enforce STARTTLS to outbound email for Internal-User/Source_IP address. This STARTTLS enforcement needs to be disabled to allow email from those old applications/printers.

TLS profile for such a device should be NONE.