1

I have been beating my head over this for a while now. I've been all over the internet and have read this post and this post regarding similar issues. However I cannot seem to resolve this issue at all.

My setup includes an AWS EC2 Instance running Ubuntu Server 18 with Postfix. I have opened the ports 25 and 587 on the ufw and also allowed all traffic in the AWS console. I have added a FQDN during the setup of the Postfix and my .conf is below.

/etc/postfix/main.cf

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ip-172-xx-xx-xx.ec2.internal
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, xxx.xxxxxxxxx.com, ip-172-xx-xx-xx.ec2.internal, localhost.ec2.internal, localhost
relayhost = x.xx.xxx.xx:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

What am I doing wrong?

fischgeek
  • 111
  • 2
  • 5

1 Answers1

2

AWS throttles outgoing port 25 connections by default. You'd need to get it removed. See https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/

Additional troubleshooting page which is designed for SES but has some EC2 relevance: https://aws.amazon.com/premiumsupport/knowledge-center/smtp-connectivity-timeout-issues-ses/

For example, if you're using an Amazon EC2 instance to send emails and connect to the SMTP endpoint, then check the following:

  • Be sure that the security group outbound (egress) rules allow traffic to the SMTP server on TCP port 25, 587, or 465.
  • Be sure that the network ACL outbound (egress) rules allow traffic to the SMTP server on TCP port 25, 587, or 465. Additionally, confirm that network ACL inbound (ingress) rules allow traffic from the SMTP server on TCP ports 1024-65535.
  • Be sure that the EC2 instance has internet connectivity.
tater
  • 1,445
  • 2
  • 10
  • 12
  • I did see this in other comments, but does "throttle" mean completely disallowed or does it mean a limitation on frequency? -- Edit: According to the form needed to lift the throttle it says "_...we enforce default limits on the amount of email..._ which leads me to believe it should work but not for large amounts of mail. – fischgeek Aug 06 '20 at 14:03
  • If you cannot telnet out to port 25 from the EC2 instance, then it is either blocked by a setting on the instance (firewall, SELinux) or blocked/throttled to zero by AWS. Don't think there is any point looking at postfix configs if you can't even establish a connection via telnet. – tater Aug 06 '20 at 16:18
  • Okay thank you. I submitted the form to AWS to lift the restriction. Is there anyway I can use another port or am I forced to 25? – fischgeek Aug 06 '20 at 16:22
  • I added another AWS troubleshooting link has a few things to look at for EC2 instances (but still at network level, not postfix). – tater Aug 06 '20 at 16:25
  • Port 25 - it depends where you're sending mail to. If you are relaying all mail to (e.g.) gmail or some delivery service (SES, ...) then they'll usually provide an alternate port. However, if you want your EC2 instance to deliver mail directly to recipients, then you can only count on their mail server listening on port 25, so in that case you do need 25. – tater Aug 06 '20 at 16:27
  • thank you. That makes sense. I'll review your updated answer too. – fischgeek Aug 06 '20 at 16:40
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/111510/discussion-between-fischgeek-and-tetech). – fischgeek Aug 06 '20 at 16:44