Amazon SES SMTP issues - Amazon Simple Email Service


Amazon SES SMTP issues

本節包含有關透過 Amazon SES 簡易郵件傳輸協定 (SMTP) 界面傳送電子郵件的一些常見問題的解決方案。此外,也包含 Amazon SES 所傳回的 SMTP 回應代碼清單。

若要深入了解如何透過 Amazon SES SMTP 界面傳送電子郵件,請參閱Using the Amazon SES SMTP interface to send email

  • You can't connect to the Amazon SES SMTP endpoint.

    Problems connecting to the Amazon SES SMTP endpoint are most commonly related to the following issues:

    • Incorrect credentials – The credentials that you use to connect to the SMTP endpoint are different from your AWS credentials. To obtain your SMTP credentials, see Obtaining your Amazon SES SMTP credentials. For more information about credentials, see Types of Amazon SES credentials.

    • Network or firewall issues – Your network might be blocking outbound connections over the port you're trying to send email from. To determine if an issue on your local network is causing connection issues, type the following command at the command line, replacing port with the port you're trying to use (typically 465, 587, 2465, or 2587): telnet port

      If you are able to connect to the SMTP server using this command, and you are trying to connect to Amazon SES using TLS Wrapper or STARTTLS, complete the procedures shown in Test your connection to the Amazon SES SMTP interface using the command line.

      If you can't connect to the Amazon SES SMTP endpoint using telnet or openssl, it indicates that something in your network (such as a firewall) is blocking outbound connections over the port you're trying to use. Work with your network administrator to diagnose and fix the problem.

  • You're sending to Amazon SES from an Amazon EC2 instance using port 25, and you're receiving timeout errors.

    Amazon EC2 restricts port 25 by default. To remove these restrictions, submit an Amazon EC2 移除電子郵件傳送限制的請求. You can also connect to Amazon SES using ports 465 or 587, neither of which is restricted.

  • Network errors are causing dropped emails.

    Ensure that your application uses retry logic when it connects to the Amazon SES SMTP endpoint, and that your application can detect and retry message delivery in case of a network error. SMTP is a verbose protocol, and sending an email using this protocol requires several network round trips. Because of the nature of SMTP, the potential for network errors increases.

  • You lose connection with the SMTP endpoint.

    Lost connections are most commonly caused by the following issues:

    • MTU size – If you receive a time-out error message, the Maximum Transmission Unit (MTU) of the network interface for the computer you're using to connect to the Amazon SES SMTP interface may be too large. To resolve this issue, set the MTU size on that computer to 1500 bytes.

      For more information about setting the MTU size on Windows, Linux, and macOS operating systems, see Queries Appear to Hang in the Client and Do Not Reach the Cluster in the Amazon Redshift Cluster Management Guide.

      For more information about setting the MTU size for an Amazon EC2 instance, see Network Maximum Transmission Unit (MTU) for Your EC2 Instance in the Linux 執行個體的 Amazon EC2 使用者指南.

    • Long-lived connections – The Amazon SES SMTP endpoint runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). In order to ensure that the system is up-to-date and fault tolerant, active Amazon EC2 instances are periodically terminated and replaced with new instances. Because your application connects to an Amazon EC2 instance through the ELB, the connection becomes invalid when the Amazon EC2 instance is terminated. You should establish a new SMTP connection after you have delivered a fixed number of messages via a single SMTP connection, or if the SMTP connection has been active for some amount of time. You will need to experiment to find appropriate thresholds depending on where your application is hosted and how it submits email to Amazon SES.

  • You want to know the IP addresses of the Amazon SES SMTP mail servers so that you can whitelist the IP addresses with your network.

    The IP addresses for the Amazon SES SMTP endpoints reside behind load balancers. As a result, these IP addresses change frequently. It's not possible to provide a definitive list of all of the IP addresses for the Amazon SES endpoints. We recommend that you whitelist the domain, rather than whitelisting individual IP addresses.

SMTP response codes returned by Amazon SES

本節包含 Amazon SES SMTP 界面所傳回的回應代碼清單。

您應該重試接收 400 錯誤的 SMTP 請求。我們建議您實作的系統,能夠不斷重試請求,並拉長每次請求間的等待時間 (例如,等待 5 秒鐘再重試、下一次等待 10 秒鐘、下一次等待 30 秒鐘)。若第三次重試不成功,請等待 20 分鐘,然後重複此程序。如需執行漸進式重試政策的操作實例,請參閱 AWS 傳訊與目標部落格 中的如何處理「調節 - 超過最高傳送率」錯誤相關文章。


AWS 開發套件會自動套用重試邏輯,但其使用的是 HTTPS 界面,而非 SMTP。

若接收到 500 錯誤,您必須修改您的請求以修正問題,之後再提交請求一次。例如,如果您的 AWS 身份驗證登入資料無效,必須先將應用程式更新為使用正確的登入資料,再提交您的請求一次。

描述: 回應代碼 其他資訊


235 Authentication successful

您的 SMTP 用戶端成功連線並登入到 SMTP 伺服器。


250 Ok MessageID

MessageID 是一個獨特的字符串 Amazon SES 用於識別消息。


421 Too many concurrent SMTP connections

Amazon SES 無法處理請求,因為目前 SMTP 伺服器有過多連線。


451 Temporary service failure

Amazon SES 無法處理請求。請求可能有問題,因此無法加以處理。


451 Timeout waiting for data from client

兩次請求之間已經過太長的時間,因此 SMTP 伺服器已關閉連線。


454 Throttling failure: Daily message quota exceeded

您已超過 Amazon SES 允許您在 24 小時期間內傳送的最大電子郵件數量。如需更多詳細資訊,請參閱「管理您的 Amazon SES 發送配額」。


454 Throttling failure: Maximum sending rate exceeded

您已超過 Amazon SES 允許您在每秒內傳送的最大電子郵件數量。如需更多詳細資訊,請參閱「管理您的 Amazon SES 發送配額」。

驗證 SMTP 登入資料時發生 Amazon SES 問題

454 Temporary authentication failure

可能導致此問題的原因包括 (但不限於):


454 Temporary service failure

Amazon SES 接收請求未成功。因此,訊息未傳送。


530 Authentication required

您用來傳送電子郵件的應用程式,在連接 Amazon SES SMTP 界面時未嘗試進行身份驗證。


535 Authentication Credentials Invalid

您用來傳送電子郵件的應用程式未將正確的 SMTP 登入資料提供給 Amazon SES。請注意,您的 SMTP 登入資料與您的 AWS 登入資料不同。如需更多詳細資訊,請參閱「Obtaining your Amazon SES SMTP credentials」。

帳戶未訂閱至 Amazon SES

535 Account not subscribed to SES

擁有 SMTP 登入資料的 AWS 帳戶未註冊於 Amazon SES。


552 Message is too long.

您嘗試傳送的訊息大小超過 10 MB。

帳戶未訂閱至 Amazon SES

535 Account not subscribed to SES

擁有 SMTP 登入資料的 AWS 帳戶未註冊於 Amazon SES。

使用者未獲授權呼叫 Amazon SES SMTP 端點

554 Access denied: User UserARN is not authorized to perform ses:SendRawEmail on resource IdentityARN

擁有 SMTP 登入資料使用者的 AWS Identity and Access Management (IAM) 政策或 Amazon SES 傳送授權政策,不允許呼叫 Amazon SES SMTP 端點。


554 Message rejected: Email address is not verified. The following identities failed the check in region region: identity0, identity1, identity2

您嘗試發送電子郵件的電子郵件地址或網域未經驗證,請先驗證以從您的 Amazon SES 帳戶傳送電子郵件。此錯誤可以套用到「寄件人」、「來源」、「寄件者」或「傳回路徑」地址。若您的帳戶仍在沙盒中,除非收件人係由 Amazon SES 信箱模擬器提供,否則您也必須驗證每個收件人的電子郵件地址。若 Amazon SES 無法顯示所有驗證檢查失敗的身分,則錯誤訊息的結尾為三個句號 (...)。


Amazon SES 在多個 AWS 區域中皆有端點,而每個 AWS 區域的電子郵件地址驗證狀態都是分開的。您必須在想要使用的 AWS 區域中,完成每個寄件者的驗證程序。