The most easy way to debug the sending of the FortiToken activation e-mails from a FortiGate firewall is by using the CLI debugging tools. The sending of activation e-mails is part of the alerts e-mail system so we need to enable debugging on that system.

To enable debugging from the CLI:

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1

Sending the activation e-mail will output the e-mail contents and the SMTP session. Particularly useful are the SMTP return codes after each SMTP command. See this page on Wikipedia to see a list of return codes.

The debug session will remain active for 30 minutes after which it will stop automatically. You can stop debugging sooner than that with these commands:

diag debug disable
diag debug reset