How do I remove the restriction on port 25 from my Lightsail instance?

3 minute read

I can't send emails over port 25 from my Amazon Lightsail instance.

Short description

By default, AWS blocks outbound traffic on port 25 on all Lightsail instances. To send outbound traffic on port 25, you must request that this restriction be removed.

Note: You can add or remove rDNS restrictions yourself on an Amazon EC2 instance. However, this isn't possible in Lightsail instances. For more information, see Use reverse DNS for email applications.


To request that AWS remove the port 25 restriction on your Lightsail instance, complete the following steps.:

  1. Sign in to the Amazon Lightsail console as the AWS account root user.
  2. Open the Request to remove email sending limitations form.
  3. Enter your email address. This is the email address where you can receive email about your request. Your account email address is prepopulated in the field.
  4. In the Use case description field, enter the reason for the removal of the email quota that includes these details:
    A clear and detailed use case for your Lightsail instance to send emails.
    A statement that outlines your plan to confirm that your account doesn't send unwanted emails.
    Confirmation that the request is for the Lightsail instance. You can also provide the Lightsail instance name.
    The Region where your Lightsail instance is hosted.
  5. (Optional) In the Elastic IP address field, enter the static IP address you use to send outbound emails. (This is the static IP address that you attached to your instance.) You can enter up to two static IP addresses.
  6. (Optional) In the Reverse DNS record field, enter any reverse DNS (rDNS) records that AWS must associate with the Elastic IP addresses. When you send emails, it's a best practice to set up an rDNS record. This prevents outbound emails from being flagged as spam. Make sure to link the rDNS record to your static IP address with a DNS A record. For example, if your rDNS record is set to, then create an A record for that points to the Static IP address. This is the domain that's returned when you perform the reverse DNS lookup. For more information, see Configuring reverse DNS for an email server on your Amazon Lightsail instance on 
  7. Choose Submit.

Note: If you have instances in more than one Region, then submit a separate request for each Region.

You receive an email with the Request ID after submitting the request form. It might take up to 48 hours to process your request. If your request is approved, then you receive an email to notify you that the port 25 restriction is removed. If you don't receive an update within 48 hours, then reply to the initial email that you received.

Related information

How do I remove the restriction on port 25 from my Amazon EC2 instance or AWS Lambda function?

Configuring reverse DNS for an email server on your Amazon Lightsail instance

AWS OFFICIALUpdated 8 months ago

I did exactly this and it was rejected. Using a domain that has been successfully hosting email for over 10 years without being denylisted or having a bad reputation. Very light traffic. Very tight configuration (20+ year cyber security veteran). What exactly is the criteria for allowing outbound SMTP?

replied 2 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
replied 2 months ago