Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How do I troubleshoot SMTP connectivity or timeout issues with Amazon SES?

Lesedauer: 4 Minute

My Amazon Simple Email Service (Amazon SES) Simple Mail Transfer Protocol (SMTP) is timing out. How do I resolve SMTP connectivity or timeout errors with Amazon SES?

Short description

Timeout connections typically indicate that your client can't establish a TCP connection to the public Amazon SES endpoint. To resolve SMTP connectivity or timeout errors with Amazon SES, first troubleshoot the application's TCP connection. If the TCP connection is successful, then troubleshoot the SSL/TLS negotiations.

Important: By default, Amazon Elastic Compute Cloud (Amazon EC2) restricts Amazon Virtual Private Cloud (Amazon VPC) egress traffic on port 25 for all Amazon EC2 instances. For applications that require traffic on SMTP port 25, you can request to remove this restriction.

Resolution

Troubleshoot the application's TCP connection

1. Run the following telnet, netcat (nc), or Test-NetConnection commands. Replace email-smtp.us-east-1.amazonaws.com with the Amazon SES SMTP endpoint that you're using:

telnet email-smtp.us-east-1.amazonaws.com 587
telnet email-smtp.us-east-1.amazonaws.com 25
telnet email-smtp.us-east-1.amazonaws.com 465

nc -vz email-smtp.us-east-1.amazonaws.com 587
nc -vz email-smtp.us-east-1.amazonaws.com 25
nc -vz email-smtp.us-east-1.amazonaws.com 465

-or-

In PowerShell, run the following command to connect to the Amazon SES SMTP server:

Test-NetConnection -Port 587 -ComputerName email-smtp.us-west-2.amazonaws.com

2. Note the output. If the connection is successful, then proceed to the Troubleshoot SSL/TLS negotiations section. If the connection is unsuccessful, then proceed to step 3.

Successful connection

The telnet command returns an output similar to the following:

Trying 35.170.126.22...
Connected to email-smtp.us-east-1.amazonaws.com.
Escape character is '^]'.
220 email-smtp.amazonaws.com ESMTP SimpleEmailService-d-A12BCD3EF example0mJncW410pSau

The PowerShell command returns an output similar to the following:

ComputerName     : email-smtp.us-west-2.amazonaws.com
RemoteAddress    : 198.51.100.126
RemotePort       : 587
InterfaceAlias   : Ethernet
SourceAddress    : 203.0.113.46
TcpTestSucceeded : True

Unsuccessful connection (timeout)

The telnet command returns an output similar to the following:

Trying 18.232.32.150...
telnet: connect to address 18.232.32.150: Connection timed out

The PowerShell command returns an output similar to the following:

WARNING: Ping to 52.39.11.136 failed with status: TimedOut

ComputerName           : email-smtp.us-west-2.amazonaws.com
RemoteAddress          : 35.155.47.104
RemotePort             : 587
InterfaceAlias         : Ethernet 2
SourceAddress          : 10.0.0.140
PingSucceeded          : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : False

3. For unsuccessful connections, confirm that your local firewall rules, routes, and access control lists (ACLs) allow traffic on the SMTP port that you're using. Also, confirm that your sending application has access to the internet.

For example, if you're using an EC2 instance to send emails and connect to the SMTP endpoint, then verify the following:

The security group outbound (egress) rules must allow traffic to the SMTP server on TCP port 25, 587, or 465.
The network ACL outbound (egress) rules must allow traffic to the SMTP server on TCP port 25, 587, or 465.
The network ACL inbound (ingress) rules must allow traffic from the SMTP server on TCP ports 1024-65535.
The EC2 instance must have internet connectivity.

Troubleshoot SSL/TLS negotiations

If your TCP connection is successful but you're still having connectivity or timeout issues, check if there are problems with SSL/TLS.

1. From an EC2 Linux instance, run the openssl command. For Amazon EC2 Windows instances, see Test your connection to the Amazon SES SMTP interface using the command line, and choose the PowerShell tab.

openssl s_client -crlf -connect email-smtp.us-east-1.amazonaws.com:465 
openssl s_client -crlf -starttls smtp -connect email-smtp.us-east-1.amazonaws.com:587

Note: Replace email-smtp.us-east-1.amazonaws.com with the Amazon SES SMTP endpoint that you're using. Modifying the location of the default certificate authority (CA), might cause problems when you run the preceding commands. When you install OpenSSL, make sure that you identify the location of the default CA bundle file.

2. Note the output. The expected responses are SMTP 220 and SMTP 250.

3. If you don't get the expected output, check the following:

Verify that the SSL/TLS certificate store is configured correctly.
Confirm that your sending application has the correct path to the certificate.
Verify that the Amazon SES certificate is installed on your server.

Note: You can test whether the correct certificates are installed. For instructions, go to About the Amazon Trust Services Migration, and review the About the certificates section.

Related information

Using the Amazon SES SMTP interface to send email

Themen

Frontend-Web & Mobile Geschäftsanwendungen

Relevanter Inhalt

Wie überwache ich meine Amazon-OpenSearch-Service-Cluster mithilfe von CloudWatch-Alarmen?
AWS OFFICIALAktualisiert vor 2 Jahren
Warum erreicht mein VPC-CNI-Plugin den API-Server in Amazon EKS nicht?
AWS OFFICIALAktualisiert vor einem Jahr
Wie kann ich mithilfe der Amazon SES-Funktion E-Mails senden, wenn sich meine RDS for SQL Server-Instance entweder in einem öffentlichen oder privaten Subnetz befindet?
AWS OFFICIALAktualisiert vor 6 Monaten
Warum erhalte ich Fehler mit dem Statuscode 554 oder 400 für abgelehnte Nachrichten und der Fehlermeldung „E-Mail-Adresse nicht verifiziert“ von Amazon SES?
AWS OFFICIALAktualisiert vor 7 Monaten