I have been trying to set up an email notification for my application using Sendmail along with SES on CentOS 6.5. As per AWS document, I have configured sendmail with SES,
The maillog says,
sendmail[29711]: s2QFCjnu027924: to=<abc#edf.com>, delay=00:52:09, xdelay=00:08:00, mailer=relay, pri=210717, relay=email-smtp.us-east-1.amazonaws.com [107.20.142.169], dsn=4.0.0, stat=Deferred: Connection timed out with email-smtp.us-east-1.amazonaws.com
All mails are being added in mailq
# sendmail -v -q
Running /var/spool/mqueue/s2QFueiS001965 (sequence 1 of 21)
<abc#edf.com> Connecting to email-smtp.us-east-1.amazonaws.com port 25 via relay.
^C
Also, I unable to do telnet to the smtp address,
# telnet email-smtp.us-east-1.amazonaws.com 25
Trying 23.21.252.142...
^C
But nmap shows port smtp (25) is open and listening,
# nmap -p 25 localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2014-03-26 17:09 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000080s latency).
PORT STATE SERVICE
25/tcp open smtp
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
netstat output,
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29708/sendmail
I have tried with EU region smtp email-smtp.eu-west-1.amazonaws.com as well, getting the same result.
There is no selinux and iptables running and security group rules are fine with EC2.
Any help would be highly appreciated !!
I was having trouble with the timeout as well. I didn't have any vpc subnet routing as thiyagu114 said was his issue, and none of clement's suggestions helped.
Found this on the Amazon info:
Important Elastic Compute Cloud (EC2) throttles email traffic over
port 25 by default. To avoid timeouts when sending email through the
SMTP endpoint from EC2, use a different port (587 or 2587) or fill out
a Request to Remove Email Sending Limitations to remove the throttle.
So switching from port 25 to 587 fixed the timeout issue for me.
When you are sending a test mail as sudo /usr/sbin/sendmail -f from#example.com to#example.com, the mail is handed over to the sendmail running on your instance.
when sendmail tried to deliver the mail to the SMART_HOST which is email-smtp.us-east-1.amazonaws.com, it wasnt able to connect to email-smtp.us-east-1.amazonaws.com and so the email was placed in the deferred queue for retrying later.
So the problem is that your sendmail instance wasnt able to talk to email-smtp.us-east-1.amazonaws.com.
Is there any network issue in your instance?
Also the document says that you need to fill Request to Remove Email Sending Limitations to remove some restrictions on port 25
Thank you Clement for your help.
I figured it out the issue. it was vpc subnet routing problem with the instance.
Now it works like a charm :-)
If you are using AWS SES as relay you should have this configuration:
Edit main.cf:
...
relayhost = email-smtp.${aws_region}.amazonaws.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
...
Edit /etc/postfix/sasl_passwd
email-smtp.${aws_region}.amazonaws.com:587 SMTP_USERNAME:SMTP_PASSWORD
Edit /etc/postfix/transport
* smtp:email-smtp.${aws_region}.amazonaws.com:587
Pay attention that you have to specify port on all places, even in transport.
execute postmap
postmap /etc/postfix/sasl_passwd /etc/postfix/transport
restart postfix
service postfix restart
And it'll work. The rest of configuration you can find at http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
If you are sending to Amazon SES from an Amazon EC2 instance via port 25 and you cannot reach your Amazon SES sending limits or you are receiving time outs then it's probably because Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits.
Solutions -
You can connect to Amazon SES using ports 465 or 587, neither of which is throttled.
OR
To remove the limits, submit an Amazon EC2 Request to Remove Port 25 Limitations (https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request).
Related
I am trying to configure listmonk with AWS EC2 and sendgrid. However I'm getting timeout while sending mails. I tried debugging using the documentation and when I try to telnet, I'm getting timeout:
# Command
telnet smtp.sendgrid.net 25
I checked the outbound settings and everything is whitlisted:
Is there anything else I need to do to telnet to smtp.sendgrid.net?
By default, AWS blocks outbound traffic on port 25, and you have to file a request to get the restriction removed.
I usually just use a different SMTP port instead of trying to get port 25 opened. SendGrid's documentation states:
SendGrid accepts unencrypted and TLS connections on ports 25, 587, &
2525. You can also connect via SSL on port 465. Many hosting providers and ISPs block port 25 as a default practice. If your Telent session
continually times out or will not connect using port 25, it is likely
that your ISP or hosting provider is blocking the port. You can
contact your host/ISP to find out which ports are open for outgoing
SMTP relay. We recommend using port 587 to avoid any rate limiting
that your server host may apply.
I suggest just switching to use port 587
I'm trying to test an email validation service on AWS EC2 instance, where my program would query the SMTP server (Mail Transfer Agent on port 25). For testing purposes, I replicated the program using Telnet connection, which works fine on my local machine:
telnet gmail-smtp-in.l.google.com 25
Trying 66.102.1.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP a20si12977453wrg.559 - gsmtp
HELO gmail.com
250 mx.google.com at your service
MAIL FROM:<testing#gmail.com>
250 2.1.0 OK a20si12977453wrg.559 - gsmtp
RCPT TO:<thisemailwillneverexist#gmail.com>
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/?p=NoSuchUser a20si12977453wrg.559 - gsmtp
Telnet, however, doesn't work on EC2, as in the example below:
telnet gmail-smtp-in.l.google.com 25
Trying 74.125.133.26...
telnet: connect to address 74.125.133.26: Connection timed out
Trying 2a00:1450:400c:c08::1a...
telnet: connect to address 2a00:1450:400c:c08::1a: Network is unreachable
EC2 is running a linux instance and allows all outbound connection. My guess here is that AWS doesn't let you connect to SMTP server on port 25 to prevent spam, but I haven't seen the confirmation of that. Any suggestions how I could fix this? If AWS is too rigid, any alternative AWS-like services where I could migrate my project?
Thank you!
AWS blocks outbound traffic on port 25 by default for EC2 instances and Lambda functions (source: AWS support page).
You can place a request for removing restriction on port 25 for your EC2 instance following this link: https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request. You have to be logged in your AWS account to be able to access this link.
i've configured a mail server on my was ec2 which is linux 2 ami. But unfortunately whenever I try to send a mail from my server to a gmail account or yahoo account the maillog show me that connection timed out. I've created the following steps
created a subdomain named mail.domain.com pointed to my AWS Elastic Load Balancer on route 53
installed postfix
added my_domain = domain.com and hostname = mail.domain.com inet_protocol = ipv4
created my hostname as mail.domain.com
I have checked the ports 25 is running and it is also allowed on my aws security groups.
mail status on log is deferred
Now I really need to setup the mail server but I am not being able to create it. Can anyone help me?
Try to remove SMTP throttling. You can learn more about it below.
AWS blocks outbound traffic on port 25 (SMTP) of all EC2 instances and Lambda functions by default. If you want to send outbound traffic on port 25, you can request for this restriction to be removed.
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/
I had my web app running in EC2 instance(AWS server 1). I have another AWS server 2 where the DB is. I had a verified domain and verified recipient test email address and emails were going out well. One day I did Elastic IP so that AWS 1 talk to AWS 2 for some other purpose. Not sure if that caused the issue. Now I reverted AWS 1 to normal Ipv4 address(removed Elastic IP) and all over my app and for SSH I use normal IPv4 address.
As per other posts, I also contacted AWS and increased the sending
limit.
I also set the outbound rules SMTP and SMTPS. None seems to
be working.
If I run the web app in my localhost with same SES
credentials, emails are sent out. Only when my web app is in Amazon EC2 then emails are not being sent out.
Following is the error that I am getting.
Unable to execute HTTP request: Connect to email.us-west-2.amazonaws.com:443 [email.us-west-2.amazonaws.com/52.94.209.0] failed: connect timed out
It's been 2 days and I am scratching my head to get it resolved. Please help.
PS: As per request, here are the outbound rules
Type : MYSQL/Aurora
Protocol: TCP
Port Range: 3306
Destination : //MyIP
I don't have any other outbound rule.
I run...
telnet email-smtp.us-east-1.amazonaws.com 25
And it says...
421 Timeout waiting for data from client
What am I missing?
I've validated a sender address and sent a test email, which arrived.
Because my SES service is sandboxed, I needed both the sender and recipient to be the verified email address.
From the top of the "Sending Statistics" page in the console...
Your Amazon SES account has "sandbox" access in region US East (N.
Virginia). With sandbox access you can only send email to the Amazon
SES mailbox simulator and to email addresses or domains that you have
verified. To be moved out of the sandbox, please request a sending
limit increase.
That works fine. You should probably check if outgoing traffic to port 25 is blocked in your network environment. Many organizations block that outgoing traffic for security reasons.
You can check that port with nmap. Here's what it looks like from a network where traffic is permitted:
$ nmap email-smtp.us-east-1.amazonaws.com -p 25 | grep '25/tcp'
25/tcp open smtp
And from a network where it is not permitted:
$ nmap email-smtp.us-east-1.amazonaws.com -p 25 | grep '25/tcp'
25/tcp filtered smtp