I' m assuming that the external servers are a SPAM service of some sort where you also relay all external mail?
To keep things easy, I would create the VIP with all ports mapped and then in the security policy something like this... this is the style I would use and there are several ways to accomplish this
WAN -> LAN source all/any, destination <exchange server-VIP>, service HTTP, HTTPS,
WAN -> LAN, source <allowed external smtp server>, destination <exchange server-VIP> service SMTP
LAN -> WAN source <exchange-server-VIP>, destination <allowed_external_smtp>, service SMTP
You could define each external SMTP server in the single rule or create an object group
The policy that you have right now, with all services open, is very dangerous, esp to a windows box
-rd
2x 200D Clusters
1x 100D
1x 60D
FortiOS 5.2
FortiAP 221C
FAZ 200D