Menu
Amazon Simple Email Service
Developer Guide (API Version 2010-12-01)

Amazon SES SMTP Issues

If you are having problems sending email through the Amazon SES Simple Mail Transfer Protocol (SMTP) interface, review the possible causes and solutions below. For general information about sending email through the Amazon SES SMTP interface, see Using the Amazon SES SMTP Interface to Send Email.

  • You are unable to connect to the Amazon SES SMTP endpoint

    • Verify that you are using the right credentials. Your SMTP credentials are different than your AWS credentials. To obtain your SMTP credentials, see Obtaining Your Amazon SES SMTP Credentials. For more information about credentials, see Using Credentials With Amazon SES.

    • Your network might be blocking outbound connections over the port you're trying to send email from. Try the following command: telnet email-smtp.us-west-2.amazonaws.com <port>, where <port> is the port you're trying to use (typically 25, 465, 587, 2465, or 2587). If that works, and you are trying to connect to Amazon SES using TLS Wrapper or STARTTLS, try the openssl commands shown in Using the Command Line to Send Email Through the Amazon SES SMTP Interface. If you cannot connect to the Amazon SES SMTP endpoint using telnet or openssl, then something in your network (for example, a firewall) is blocking outbound connections over the port you're trying to use. Work with your network administrator to diagnose and fix the problem.

  • You are sending to Amazon SES from an Amazon EC2 instance via port 25 and you cannot reach your Amazon SES sending limits or you are receiving time outs—Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. To remove these limits, submit an Amazon EC2 Request to Remove Email Sending Limitations. You can also connect to Amazon SES via port 465 or port 587, neither of which is throttled.

  • Network errors are causing dropped emails—Ensure that your application uses retry logic when it connects to the Amazon SES SMTP endpoint, and that your application can detect and retry message delivery in case of a network error. SMTP is a verbose protocol and submitting an email using this protocol requires several network round trips. Because of the nature of this protocol, the potential of transient network errors increases. A message is accepted by Amazon SES for delivery only when Amazon SES responds with an Amazon SES message ID.

  • You lose connection with the SMTP endpoint

    • If you receive a time-out error message, the maximum transmission unit (MTU) size on the network interface of the computer you're using to connect to the Amazon SES SMTP interface might be too large. To mitigate this, you can try setting the MTU size on that computer to 1500. For instructions on how to set the MTU size on Microsoft Windows, Linux, and Mac OS X operating systems, see Queries Appear to Hang in the Client and Do Not Reach the Cluster in the Amazon Redshift Cluster Management Guide. Users connecting to Amazon SES from an Amazon EC2 instance can alternatively try the workaround described in Security Group Rules for Path MTU Discovery in the Amazon EC2 User Guide for Linux Instances.

    • Do not attempt to maintain long-lived connections with the Amazon SES SMTP endpoint. The Amazon SES SMTP endpoint runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). In order to ensure that the system is up-to-date and fault tolerant, active Amazon EC2 instances are periodically terminated and replaced with new instances. Because your application connects to an Amazon EC2 instance through the ELB, the connection becomes invalid when the Amazon EC2 instance is terminated. You should establish a new SMTP connection after you have delivered a fixed number of messages via a single SMTP connection, or if the SMTP connection has been active for some amount of time. You will need to experiment to find appropriate thresholds depending on where your application is hosted and how it submits email to Amazon SES.

  • You want to know the IP addresses of the Amazon SES SMTP mail servers so that you can whitelist the IP addresses with your network—We are unable to provide a specific set of IP addresses for the Amazon SES SMTP endpoints because they reside behind load balancers and the IP addresses can change frequently. We recommend that you only whitelist based on DNS and not static IP addresses.

  • You are integrating Amazon SES with a Sendmail or Postfix mail server using the instructions in Integrating Amazon SES with Your Existing Email Server, and your mail server cannot authenticate with the Amazon SES SMTP endpoint because the hostname does not match. —In this case, try the following steps.

    • Sendmail—In Step 1 of Integrating Amazon SES with Sendmail, put the following additional line in /etc/mail/authinfo, depending on the AWS region of the Amazon SES endpoint you are using. Note that you must replace USERNAME and PASSWORD with your SMTP user name and password.

      Region name Add this line to /etc/mail/authinfo

      US East (N. Virginia)

      AuthInfo:ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com "U:root" "I:USERNAME" "P:PASSWORD" "M:LOGIN"

      US West (Oregon)

      AuthInfo:ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com "U:root" "I:USERNAME" "P:PASSWORD" "M:LOGIN"

      EU (Ireland)

      AuthInfo:ses-smtp-eu-west-1-prod-345515633.eu-west-1.elb.amazonaws.com "U:root" "I:USERNAME" "P:PASSWORD" "M:LOGIN"

      In Step 4 of Integrating Amazon SES with Sendmail, add the following to /etc/mail/access:

      Region name Add this line to /etc/mail/access

      US East (N. Virginia)

      Connect:ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com RELAY

      US West (Oregon)

      Connect:ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com RELAY

      EU (Ireland)

      Connect:ses-smtp-eu-west-1-prod-345515633.eu-west-1.elb.amazonaws.com RELAY

    • Postfix—In Step 3 of Integrating Amazon SES with Postfix, put the following additional line in /etc/postfix/sasl_passwd, depending on the AWS region of the Amazon SES endpoint you are using. Note that you must replace USERNAME and PASSWORD with your SMTP user name and password.

      Region name Add this line to /etc/postfix/sasl_passwd

      US East (N. Virginia)

      ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 USERNAME:PASSWORD

      US West (Oregon)

      ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com:25 USERNAME:PASSWORD

      EU (Ireland)

      ses-smtp-eu-west-1-prod-345515633.eu-west-1.elb.amazonaws.com:25 USERNAME:PASSWORD