By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I solve the problema while receive de message "Diagnostic-Code: smtp; 550 4.4.7 Message expired: unable to deliver in 840 minutes.<421 4.4.1 Failed to establish connection>"?

0

Hello. I'm having trouble sending emails to certain domains using SES. I receive the following error message: "Diagnostic-Code: smtp; 550 4.4.7 Message expired: unable to deliver in 840 minutes.<421 4.4.1 Failed to establish connection>" In my company I have an instance of Zimbra for managing local mailboxes, and when I send a message through it, the message is forwarded normally. However, I noticed in my Postfix logs that the destination domain introduces a delay in the connection time, and precisely the domains that take more than 5 seconds to establish the connection are the ones that are not delivered. How do I solve this problem?

Topics
Application IntegrationFront-End Web & MobileBusiness Applications
Tags
Amazon Simple Notification Service (SNS)Amazon Simple Email Service
Language
English
rePost-User-2796092
asked a year ago2501 views
3 Answers
1

Hi, Your SES configuration may be set to enforcing a policy of sending only when a TLS connection can be established to receiving server (and message is encrypted) all the way to the end-user. Depending on how sensitive your emails are, this may be the desired behavior.

However, if you want to continue to send the mail, even when unencrypted, you can disable the require TLS setting. SES will still use TLS when possible, according to documentation -

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/security.html

profile pictureAWS
EXPERT
Didier_Durand
answered a year ago
  • rePost-User-2796092
    a year ago

    Got it, and I followed these steps, after created a configuration set with the option TLS obrigatory:

    Amazon SES to receiver Amazon SES supports TLS 1.2, TLS 1.1, and TLS 1.0 for TLS connections.

    By default, Amazon SES uses opportunistic TLS. This means that Amazon SES always attempts to make a secure connection to the receiving mail server. If Amazon SES can't establish a secure connection, it sends the message unencrypted.

    You can change this behavior by using configuration sets. Use the PutConfigurationSetDeliveryOptions API operation to set the TlsPolicy property for a configuration set to Require. You can use the AWS CLI to make this change.

    To configure Amazon SES to require TLS connections for a configuration set At the command line, enter the following command:

    aws sesv2 put-configuration-set-delivery-options --configuration-set-name MyConfigurationSet --tls-policy REQUIRE In the preceding example, replace MyConfigurationSet with the name of your configuration set.

    When you send an email using this configuration set, Amazon SES only sends the message to the receiving email server if it can establish a secure connection. If Amazon SES can't make a secure connection to the receiving email server, it drops the message.

0

In my use case I've found the solution instructions following these instructions https://docs.aws.amazon.com/ses/latest/dg/vdm-get-started.html. I turned off "optimized shared delivery" option in virtual deliverability manager settings the emails are delivered immediately.

accasoftware
answered a year ago
0

Sorry but it didn't work. The emails keep returning with the same error message. Any other suggestions?

rePost-User-2796092
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content