Back to Community Threads
Your email has been rate limited because this message wasn't sent 4.7.29 over a TLS connection
Question asked by ellisfr - 9/30/2024 at 1:51 AM
Answered
Hello,

Some of my users get this message when sending to Gmail accounts :

"Remote Server returned: '421 4.7.29 Your email has been rate limited because this message wasn't sent 4.7.29 over a TLS connection. Gmail requires all bulk email senders to use 4.7.29 TLS/SSL for SMTP connections. To set up TLS for email, visit 4.7.29 https://support.google.com/a?p=tls-ssl 4.7.29 To learn more about Gmail requirements for bulk senders, visit 4.7.29 https://support.google.com/a?p=sender-guidelines. ffacd0b85a97d-37cbc2ef976si538360f8f.476 - gsmtp'"

I understand the message but I don't see where I need to check/change something ?
Am I right to think this doesn't concern directly the user and if he uses a TLS/SSL to my server, as he is talking to my server and not directly to Gmail server ?

Then my SmarterMail server talk to Gmail do deliver the message.
How do I know/check if my server use TLS/SSL to talk to Gmail ?

I see the difference between "normal" sender and "bulk email" sender, but in the various same case I have my users are sending to 10/20 gmail account, far from the 5000 required for bulk senders.
 
And most of my users send to Gmail accounts without problem.

Any hint welcome, thank you !
Does the domain have SSL like lets encrypt set up on it ? This is not automatic, but something you need to manually turn on. Log in as the administrator, go to Settings, then SSL Certificates and see if "Enable automatic" is turned on.

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
ellisfr Replied
10/1/2024 at 2:52 AM
Hi Curtis, thank you for your answer !

But I'm confused about where and why use certificates in this section.
I have nothing in Settings/SSL Certificates.

But I do have a wildcard certificate for my main mailserver domain, and it is used in the Settings/Bindings/Port section :
(This certificate is also installed in IIS for https connections to the webmail, all users use the same URL)

I never paid attention until yesterday to this settings in Domain options :
I enabled TLS for the domain with problem, I saw in the Delivery log there seems to be a new dialog now when connecting to Gmail :
[2024.09.30] 15:13:08.715 [62123979] CMD: STARTTLS
[2024.09.30] 15:13:08.746 [62123979] RSP: 220 2.0.0 Ready to start TLS

But I still don't get if this is what was missing, and which certificate is used (if any) in this case...

And again, for me it is mymailserver.com that is talking to Gmail (so certificate should be on this) and not mycustomer.com, so does he need to have a certificate for his domain ?
HI. 
Question, are you hosting websites on the server too and using any type of control panel like plesk?  or is it an  email server only and you are doing everything in Smartermail and IIS ?

so,
There is the distinction between your mail server, and the domains that mail is coming from.
Our mail server is in "Settings>General>ServerInfo>Hostname" is mail.GetMySiteOnline.com
But we have 24 domains that mail is sent out from.  Each domain needs to have its own SSL

If I send an email to a gmail account from our domain - HawaiianHope.org, it goes out through our mail server, but gmail will still validate if our domain is legitimate and really living where it says it is - on our mail server

If you are not familiar with MXToolbox.com, take a look at it.
This is for our domain : 
Notice when you look that up, it says HawaiianHope.org as the domain, but the hostname is our mail server mail.getmysiteonline.com

Likewise, for your DNS Settings, for each domain you need to have TXT records for the 3 items of :DKIM, SPF and DMARC,  set in the DNS for each domain to reflect it is legitimate : 

This is some info about this.

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
Kyle Kerst Replied
10/1/2024 at 4:49 PM
Employee Post Marked As Answer
If you already have SSL/TLS set up on your ports - you may just need to enable the TLS options in that domain's settings so that it uses TLS when sending outbound mail. The setting you'll be looking for is a toggle called Enable TLS if supported by the remote server on the Security card in the domain's settings.
Kyle Kerst
Lead Internal Network/System Administrator
SmarterTools Inc.
ellisfr Replied
10/2/2024 at 2:14 AM
Thank you Curtis,
It is a dedicated mail server, only SmarterMail and IIS.
We have 120 domains, they all are configured with SPF, DKIM and DMARC.
But SSL/TLS is another subject, it seems Enable TLS if supported by the remote server was the missing setting in my server and as Kyle confirmed it is ok if we have our SSL certificate on our ports.

Thank you Kyle,
I set Enable TLS if supported by the remote server by default and propagated it to all domains.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
TLS 1.0/1.1 Deprecation InformationGeneral Topics
Remote Server returned: '602' errorSmarterMail > Troubleshooting
Moving SmarterMail to a New Hosting CompanySmarterMail > Domain/User Configuration and Management