SMTP Restriction Removal For AWS Organization
Hi, I have a customer that has about 50 accounts within their organization, I would like to ask what is the procedure that needs to be done, in order to request in one bulk to remove the SMTP restriction for their entire organization? As they need this port to be open for all of their accounts, and open a single case for each of the accounts to request moving the restriction, doesn't make sense.
Thank you
- 言語
- English
- 新しい順
- 投票が多い順
- コメントが多い順
By default, AWS blocks outbound traffic on port 25 (SMTP) for all EC2 instances and Lambda functions to prevent potential spam and abuse. For an organization with 50 accounts, there isn't a documented bulk process to remove this restriction across all accounts simultaneously.
The standard process requires submitting individual requests for each account using the "Request to remove email sending limitations" form. Each request needs to:
- Include details about why port 25 needs to be opened
- Explain how spam/abuse will be prevented
- Specify the instance IDs requiring the restriction removal
- Be submitted separately for each AWS Region where the restriction needs to be lifted
The approval process can take up to 48 hours per request, and AWS may deny requests if they don't meet their criteria for legitimate use cases.
Instead of pursuing multiple restriction removals, consider these alternatives:
- Use alternative ports that aren't restricted by default:
- Port 587 (TLS)
- Port 465 (SSL)
- Implement Amazon Simple Email Service (SES) across the organization, which is specifically designed for sending emails from AWS resources and doesn't require port 25 to be open.
These alternatives are generally more secure and don't require special permissions from AWS.
Sources
SMTP issue, not able to send out Email through the port | AWS re:Post
SMTP Limitation | AWS re:Post
how to open port 25 in cloudshell | AWS re:Post
Send notifications for an Amazon RDS for SQL Server database instance by using an on-premises SMTP server and Database Mail - AWS Prescriptive Guidance
How to remove email sending limitations | AWS re:Post
Yes, you're right, managing SMTP (Port 25) restriction removal across 50+ accounts individually can be time-consuming. Unfortunately, as of now, AWS does not support a bulk/unified request for Port 25 unblocking across an entire AWS Organization.
Current AWS Policy: Each AWS account must submit its own request to remove the SMTP (Port 25) restriction. This is due to the account-level enforcement of email sending policies to prevent spam and maintain service integrity across regions.
Recommended Approach: Here's how to handle this efficiently for multiple accounts:
-
Use the Port 25 Request Form per account: --> https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request
-
Use the same justification across accounts: --> Clearly state the use case (e.g., trusted internal mail relay, production app mail server). --> Mention you are part of an AWS Organization and list the org ID.
Centralized Tracking: --> Use a script or ticket system to track which accounts have submitted and completed the unblocking request.
(Optional) AWS Support Plan: --> If you have a Business or Enterprise support plan, you can open a single consolidated support case requesting guidance for bulk processing. While they won’t process it in bulk, they might expedite approval or provide a faster workflow.
