I was configuring the mail configs for sending invitation mails for enrolling devices, in wso2 EMM, in the axis2.xml file , if i change the port number which is by default 587 to 25, will it work or i have to use 587 port only.
The Simple Mail Transfer Protocol (SMTP) port 587 is the default port for SMTP Servers to receives mails from external clients.
The SMTP port 25 is for relaying messages from a mail server to another.
Port 25 can sometimes be blocked by residential ISPs and Cloud Hosting Providers.
Changing the port might cause an issue in sending the mail.
Related
I currently have a backend running in a container (ECS), this backend has a SES service for sending e-mail (user password recovery).
I implemented this same scenario using SUBNET for my backend, but sending e-mail is no longer working.
In both my old scenario (without using a subnet) and localhost, sending the email works perfectly.
I did a ping test from the container and got a timeout answer:
In this case it looks like you have the wrong address, you have
email-smtp.us-east-1.amazonaws.com (email-smtp) defined on your endpoint, and
email.us-east-1.amazonaws.com (email) in your ping.
Remember that a Ping may not respond if ICMP is not allowed through.
For a wider answer to this question, you have 2 options:
Make sure that you have an Internet Gateway configured correctly on your Subnet, and the security group added to your ECS host allows outgoing traffic to port 25 (this is throttled by AWS), 587 or 2587 depending on what you are using to talk to SES: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-connect.html
Create an SES VPC Endpoint on your subnet, then direct all of your SES requests to this new endpoint/IP Address: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-set-up-vpc-endpoints.html
If any of these are not working, check:
You are not in SES Sandbox mode (raise a support request)
You are not being throttled on port 25 from your host (use port 587 or raise a support request)
You can connect to the internet from your EC2/ECS instance
Port 587 is enabled on your security group
The URL Address is correct (email-smtp.us-east-1.amazonaws.com)
The IAM Role on your EC2/ECS Host (or IAM User) is enabled for SES Sending.
I run a simple mybb forum on AWS EC2 and I wish to send notifications to my users.
I have tried to request aws regarding upgrade of my email sending quota but they have refused.
Also tried SES but request is refused again.
Is there any way out I can reach my audience?
Wondering if I can do a http GET request to a SMTP server to send emails?
You definitely don't want to send emails directly from your ec2 server, and I would generally recommend SES instead - but if for whatever reason that doesn't suit your needs, any SMTP server should work fine - doesn't need to be an GET request, just plug in your SMTP credentials to whatever service you are using - gmail, ses, mailchimp, sendgrid, mailgun - pretty much any service is available to you and should work fine.
I have a very private problem, I have a Java EE application (WildFly 10), running on the infrastructure of Amazon, well.
This application has an SSL certificate acquired of a specific domain ("www.xxx.com"), which has been properly installed on Amazon's Application Load Balancer (ALB), which retains requests and forwards securely to the application server an EC2, so far everything great.
But when we try to instantiate in the pages a "client" "WebSocket" in JavaScript it even presents "MixedContent" errors when used via unsecured WebSocket (WS), so that's fine because it is a browser security requirement:
ws = new WebSocket("ws://<ip-address>:8080/web-socket");
So i use a secure WebSocket (WSS) to make the connection, then under the IP and then presented the error that the IP was not secure because it had not been certified:
ws = new WebSocket("wss://<ip-address>:8443/web-socket");
So I installed the SSL certificate of the domain on the WildFly 10 server, but even then the error was still presented because the SSL certificate was purchased for the domain, not for the IP I'm trying to connect.
If i try to connect Secure WebSocket (WSS) through the secure domain, the same connects, but the Amazon ALB always drops it for inactivity time, and even if the value is too high, the Time to Live (TTL) over time, it shows performance loss over time, I believe by pooling TCP connections.
ws = new WebSocket("wss://www.xxx.com.br:8443/web-socket");
A possible solution would be to buy an SSL certificate that instead of registering a domain, would be registered under the IP of the server, the same would be installed on the server to allow this secure connection between Secure WebSocket and Secure Application, what opinion or experience you?
I have used Gmail SMTP service with port 587 on the local server and it's working fine.
But it's not working on AWS EC2 instance. So I added SMTP rules on EC2 instance security inbound rules see below image but SMTP port can not be editable.
Now the issue is if your domain does not configure secured connections. Gmail does not offer port 25 in an unsecured connection.
So, there is any way to use SMTP on unsecured connection with 25 port or any other way.
I have fixed issue as of now for a development server. Please, not it's not the correct way to a production site.
For sending an email from AWS EC2 using Gmail SMTP service please follow below steps.
Edit security group of your EC2 Instance.
Edit inbound rules of the security group.
Add 587 port in inbound rules. See below image.
you need to set your instance inbound rules for coming mail and outbound for send.
After that, you can send email using 587 SMTP port from AWS EC2.
Please read this article. https://support.google.com/accounts/answer/6010255?hl=en
https://myaccount.google.com/lesssecureapps
Because of the spam abuse that has historically been sent from people using EC2 instances, virtually ALL popular mail providers block the receipt of email from EC2 instances. The world of email and anti-spam measures is part-technical, part-political. For this reason, AWS offers Amazon Simple Email Service.
Step to fix it-
Go to google account setting and Turn on Two-step verification.
Now generate an app password for the app you want to send mail.
Use the generated password for the app in SMTP with the same Email.
That's it.
To send email from C# hosted on Amazon EC2, make sure you have two things done.
Use following setting in your Web.config
<mailSettings>
<smtp deliveryMethod="Network" from="<from email goes here>">
<network host="smtp.gmail.com" port="587" enableSsl="true" userName="email id goes here" password="<password goes here> />
</smtp>
</mailSettings>
Login the above gmail account onto the Amazon EC2. If you do not login, then gmail blocks the email being sent from code due to security reasons.
According to Googles documentation, you can use the G Suite SMTP relay service through port 25. You can read more information here:
https://support.google.com/a/answer/176600?hl=en
and here:
https://support.google.com/a/answer/2956491
Hope this helps!
We have an external service that is currently accessible via the http (port 80, non-SSL) and https (port 443, SSL) addresses.
What is the best way to limit connections to only the https address? Is it something we can do via IIS or does it have to be done via code.
Additional info: Regular ASP.NET web service (.asmx) running on IIS on Windows 2003 server. Service is built with C# on .NET 3.5.
Require SSL on the application
In a custom error page for the 403 redirect the browser to the incoming URL, changing http to https along the way.
Note: Keep port 80 open for this - or there won't be a server to listen for requests to redirect.
Just to clarify Greg's point 1. IIS Manager > Site properties > Directory Security > Secure Communications > Require Secure Channel (SSL)
Is just not accepting any connections on port 80 an option? I'm a complete web server noob so I don't know if the server can operate without an unsecured listen port but if the server can operate only listen on port 443 that would seem to be simplest option.
Another option would be a redirect from the unsecure port to the secure one