Amazon SES SMTP Connection timed out

Question

I have been trying to set up an email notification for my application using Sendmail along with SES on CentOS 6.5. As per AWS document, I have configured sendmail with SES,

The maillog says,

sendmail[29711]: s2QFCjnu027924: to=<abc@edf.com>, delay=00:52:09, xdelay=00:08:00, mailer=relay, pri=210717, relay=email-smtp.us-east-1.amazonaws.com [107.20.142.169], dsn=4.0.0, stat=Deferred: Connection timed out with email-smtp.us-east-1.amazonaws.com

All mails are being added in mailq

# sendmail -v -q
Running /var/spool/mqueue/s2QFueiS001965 (sequence 1 of 21)
<abc@edf.com> Connecting to email-smtp.us-east-1.amazonaws.com port 25 via relay.
^C

Also, I unable to do telnet to the smtp address,

# telnet email-smtp.us-east-1.amazonaws.com 25
Trying 23.21.252.142...
^C

But nmap shows port smtp (25) is open and listening,

# nmap -p 25 localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2014-03-26 17:09 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000080s latency).
PORT   STATE SERVICE
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

netstat output,

tcp   0    0 0.0.0.0:25   0.0.0.0:*  LISTEN      29708/sendmail

I have tried with EU region smtp email-smtp.eu-west-1.amazonaws.com as well, getting the same result.

There is no selinux and iptables running and security group rules are fine with EC2.

Any help would be highly appreciated !!

Answer 1

• When you are sending a test mail as sudo /usr/sbin/sendmail -f from@example.com to@example.com, the mail is handed over to the sendmail running on your instance.
• when sendmail tried to deliver the mail to the SMART_HOST which is email-smtp.us-east-1.amazonaws.com, it wasnt able to connect to email-smtp.us-east-1.amazonaws.com and so the email was placed in the deferred queue for retrying later.

So the problem is that your sendmail instance wasnt able to talk to email-smtp.us-east-1.amazonaws.com.

• Is there any network issue in your instance?
• Also the document says that you need to fill Request to Remove Email Sending Limitations to remove some restrictions on port 25

Answer 2

I was having trouble with the timeout as well. I didn't have any vpc subnet routing as thiyagu114 said was his issue, and none of clement's suggestions helped.

Found this on the Amazon info:

Important Elastic Compute Cloud (EC2) throttles email traffic over port 25 by default. To avoid timeouts when sending email through the SMTP endpoint from EC2, use a different port (587 or 2587) or fill out a Request to Remove Email Sending Limitations to remove the throttle.

So switching from port 25 to 587 fixed the timeout issue for me.

Answer 3

Thank you Clement for your help.

I figured it out the issue. it was vpc subnet routing problem with the instance.

Now it works like a charm :-)

Answer 4

If you are using AWS SES as relay you should have this configuration:

Edit main.cf:

...
relayhost = email-smtp.${aws_region}.amazonaws.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
...

Edit /etc/postfix/sasl_passwd

email-smtp.${aws_region}.amazonaws.com:587 SMTP_USERNAME:SMTP_PASSWORD

Edit /etc/postfix/transport

* smtp:email-smtp.${aws_region}.amazonaws.com:587

Pay attention that you have to specify port on all places, even in transport.

execute postmap

postmap /etc/postfix/sasl_passwd /etc/postfix/transport

restart postfix

service postfix restart

And it'll work. The rest of configuration you can find at http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html

Answer 5

If you are sending to Amazon SES from an Amazon EC2 instance via port 25 and you cannot reach your Amazon SES sending limits or you are receiving time outs then it's probably because Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. Solutions - You can connect to Amazon SES using ports 465 or 587, neither of which is throttled. OR To remove the limits, submit an Amazon EC2 Request to Remove Port 25 Limitations (https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request).