External email not received with NDR '550 5.4.317 Message expired, cannot connect to remote server(C

Brass Contributor

Hi all, 


we are getting some problem from one of the external domain not getting through. there is a NDR to the sender '550 5.4.317 Message expired, cannot connect to remote server(CertificateExpired)'


I also run some test using checktls and it also report 

[001.696] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve P-256 DHE(256 bits)
Certificate #1 of 3 (sent by MX): EXPIRED
Cert VALIDATION ERROR(S): certificate has expired
So email is encrypted but the recipient domain is not verified
ssl : scheme=smtp cert=94220930177
: identity=mail.domain.com cn=*.domain.com alt=2 *.domain2 domain.com
Cert Hostname VERIFIED (mail.domain.com = *.domain.com | DNS:*.domain.com | DNS:domain.com)
cert not revoked by OCSP
Version: 3 (0x2)
Serial Number: 0e:cd:b7:0b:82:c2:46:0b::5c:0b:b4:29:5f:e2
Not Before: Oct 26 00:00:00 2021 GMT
Not After: Nov 26 23:59:59 2022 GMT


I have check all exchange server and mail security gateway, all using new ssl certificate.


can anyone shed some light on this matter. 

Thank you all 

2 Replies

The issue you're facing with external emails not being received is accompanied by a Non-Delivery Report (NDR) indicating '550 5.4.317 Message expired, cannot connect to remote server(CertificateExpired).' External tests using checktls confirm a connection conversion to SSL, highlighting a potential certificate expiration problem.