wesupport

Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

AWS Port 25 block – Why does it happen and how to fix it?

by | Aug 8, 2016

From payment confirmation to support queries, emails play a vital role in online business communication. Delayed alerts or lost orders end up adversely affecting the business.

In AWS EC2 instances, mail delivery problems can happen due to many reasons, mainly port 25 connection limits, IP blacklists and port 25 blocks.

Read: How to fix Amazon EC2 IP blacklisting in Spamhaus PBL and other email RBLs

Today we’ll see the different reasons for mail delivery failures and the ways to resolve them.

1. Port 25 throttling

Amazon sets limits on the number of emails that can be sent from a mail server, as a method of spam prevention. This throttling can lead to email delivery issues.

To remove the limits on the number of connections, one needs to contact Amazon and submit a request. Once Amazon approves the request details, they would raise the limits.

2. IP blacklisting

It has been noted that IP addresses on Amazon EC2 get occasionally blacklisted in Spamhaus and other such lists. In such cases, to ensure email delivery, immediate action required is to change the mail interface IP.

Amazon provides additional IP addresses upon requests. This extra elastic IP can be assigned to the mail server, if the existing IP is blacklisted.

Some anti-spam companies validate a mail server using its RDNS record. As a proactive measure, it is important to contact Amazon and set RDNS for your mail server.

Read: How your web hosting business can keep out of spam blacklists

3. Port 25 blocks

Port 25 blocks can happen in the server side or in the client side. We’ll see how to sort out both.

a. Security rules

It is possible to add security groups for each EC2 instance, each group containing certain firewall rules. To secure their instances, many people add custom security rules.

But if not done without proper caution, the rules can mess up server connectivity for various services. For eg, if there is any rule that blocks connection to port 25, mail issues can occur.

By auditing the security group associated with an EC2 instance, it is possible to identify any blocking rule and to correct it. This can be done from the AWS console.

 

Update security rules in AWS EC2

Update security rules in AWS EC2

 

To be on the safer side, it is advisable to add custom rules for SMTP to allow connections to port 25 from a required IP range and assign it to the AWS EC2 instance with these steps:

 

Add security rule for SMTP port in AWS EC2

Step 1: Add security group for SMTP port in AWS EC2

 

 

Assign security group to AWS EC2 instance

Step 2: Choose security group for AWS EC2 instance

 

 

Assign security group to EC2

Step 3: Assign security group to EC2 instance

 

Read: How to resolve and prevent recurring IP blocks by CSF/LFD in cPanel/WHM servers

 

b. ISP blocks

Many ISPs block the default SMTP port, port 25, to avoid spamming. In such cases, there are two solutions possible.

The easiest solution is to switch to the ISP’s mail server and use that for sending and receiving mails. You just need to update your email client settings with the relevant details.

But many online businesses have their own mail servers and prefer using them. In such cases, configure the mail server to use another port such as 2525 or 587.

A security group rule has to be configured for the newly assigned port to allow connections from desired IP range. Once this is group is updated in the EC2 instance, mails would work fine.

Read: How you can prevent spam block listing of web hosting servers

In short..

Though AWS claims that their IPs are permanently white-listed at Spamhaus and other lists, there are many issues reported where mails fail to deliver due to IP blacklisting.

Here we discussed ways to deal with email delivery failures in AWS EC2 instances. However, its always better to proactively secure the email server to avoid any spamming and blacklist issues.

Read: How to secure a server

 

For as low as

$74.99/server/mo

Get full spectrum infrastructure management services - including setup, monitoring & maintenance.

Never again face a critical business downtime. We keep your servers secured, optimized and updated at all times. Our engineers monitor your servers 24/7 and fix issues before it can affect your customers.

SEE SUPPORT PLANS


Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Categories

Tags