On the inbound security policy that allows connections to your mail server that is not working.
Add source nat on interface to this policy.
advanced tab in the Web UI.
This will force the reply traffic on that policy to go back to the correct interface instead of out the main default route.