GFI Support Home Start a conversation Sign in
Start a conversation
  1. KerioConnect
  2. KerioConnect - Spam and Malware
  3. Articles

Resolving Greylist Server Error "430 Too many failed STARTTLS attempts"

Overview

The Kerio Connect Greylist server may throw the error:"430 Too many failed STARTTLS attempts" occurs when Kerio Connect tries to query it, and you may see the below in your debug logs:

[17/Nov/2025 11:11:13][7580] {greylist} Greylisting: connected to reputation service (23.22.110.13:8045), timeout is 2 minutes, keepalive is not set.
[17/Nov/2025 11:11:14][7580] {greylist} Greylisting: service responded "100 Master Greylisting Server ready" over TCP.
[17/Nov/2025 11:11:14][7580] {greylist} Greylisting: Kerio Connect sent "STARTTLS" over TCP.
[17/Nov/2025 11:11:14][7580] {greylist} Greylisting: service responded "430 Too many failed STARTTLS attempts" over TCP.
[17/Nov/2025 11:11:14][7580] {greylist} Greylisting: reputation server 23.22.110.13 cannot establish secure connection: 430 Too many failed STARTTLS attempts.
[17/Nov/2025 11:11:14][7580] {conn} Closing socket 58284
[17/Nov/2025 11:11:14][7580] {greylist} Greylisting: closing connection to server 23.22.110.13
[17/Nov/2025 11:11:14][7580] {greylist} Greylisting: testing connection to greylisting service finished in 709 ms, result is CANNOT_CONNECT_GENERIC.

By default, Kerio Connect is using the greylist server with IP 23.22.110.13, and this issue is likely due to IP blocking by the greylisting service after repeated failed TLS negotiations. The solution involves redirecting the connection to an alternate greylisting server to restore functionality.

Solution

  1.  Disable Greylisting: in Spam Filter > Greylisting settings, disable Check incoming messages by Kerio Greylisting Service > Apply.

  2. Enable Greylisting debug messages (Enabling Debug Log Messages Types in Kerio Connect)

  3. Stop the Kerio Connect Server

  4. Navigate to the Kerio Connect store folder

  5. Edit mailserver.cfg

    • Find the "GlobalGreylistT" table 
    • Insert 52.87.4.206 to the "Server" variable of the "GlobalGreylistT" table. It should look like this:

  6. Start the Kerio Connect Server

  7. Enable Greylisting: in Spam Filter > Greylisting settings, enable Check incoming messages by Kerio Greylisting Service > Apply.

  8. Test the connection which should now be successful on the alternate server. 

📍In case the debug logs are showing the above error against the 52.87.4.206 IP address, you can follow the above steps to switch back to the default IP address.

Frequently Asked Questions

Q1: How do I know if my IP is blocked by the greylisting service?
A1: You will see repeated "430 Too many failed STARTTLS attempts" errors in your logs, indicating that the greylisting service is rejecting connections from your IP.


Q2: What should I do if the alternate server also fails?
A2: If the alternate server fails, ensure that there are no network or firewall issues blocking the connection. Review your DNS and network settings to ensure proper configuration.

Q3: Can I revert the changes if needed?
A3: Yes, you can revert the changes by editing the mailserver.cfg file again and removing the alternate server IP, then restarting the Kerio Connect server.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Ciprian Nastase

  2. Posted

Comments