On B210, WAN1 has a static IP and WAN2 is dynamic.
WAN1’s IP is registered with GApps for smtp-relay purposes.
If WAN1 fails and B210 notifies via email, it does not follow outbound policy (Priority, WAN1 VPN WAN2, Any, TCP465) and instead goes straight through to WAN1 then WAN2.
The purpose of failing over to VPN is that over the VPN connection exists another B210 that has a connection with a static IP which has been registered with GApps as well. If B210 SMTPs the Email Notification over the VPN, the remote B210 has permission to use smtp-relay.gmail.com and will sucessfully deliver the message.
WAN2 does not have a static IP and GApps rejects it.
[INFO] Try email through connection #0 [ERROR] sig_alrm: Timeout (14)!!!!! [INFO] Try email through connection #1 [ERROR] sig_alrm: Timeout (14)!!!!! [INFO] Try email through connection #2 [INFO] SMTP through SSL connected <-] 220 mx.google.com ESMTP j5sm43964pdp.4 - gsmtp ->] EHLO balance.peplink.com <-] 250-mx.google.com at your service, [wan.2ad.dre.ss] <-] 250-SIZE 35882577 <-] 250-8BITMIME <-] 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER <-] 250-ENHANCEDSTATUSCODES <-] 250-PIPELINING <-] 250-CHUNKING <-] 250 SMTPUTF8 ->] MAIL FROM:<firstname.lastname@example.org> <-] 550 5.7.1 Invalid credentials for relay [wan.2ad.dre.ss]. j5sm43964pdp.4 - gsmtp [ERROR] [sent MAIL FROM:<email@example.com> ] [result 550] [expect 250] unknown response "550 5.7.1 Invalid credentials for relay [wan.2ad.dre.ss]. j5sm43964pdp.4 - gsmtp "
(Error message has been modified for privacy.)