Ir para o conteúdo
Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post
sobre o re:Post

AWS Port 25 Unblock Request Denied Without Justification – Seeking Clarity and Escalation

0

Hi AWS Community,

I recently raised a request to remove Port 25 restrictions for an EC2 instance in the ap-south-1 (Mumbai) region.

The instance hosts a secure, non-commercial mail server for my domain nagraja.com, used only for transactional emails such as user registration, password resets, and account notifications. The setup is fully hardened and follows all AWS and general mail best practices, including:

  • SPF Record: v=spf1 ip4:************* a mx -all
  • DKIM: Implemented and verified via OpenDKIM (***********)
  • DMARC: v=DMARC1; p=quarantine; ************
  • TLS/SSL: Managed through Let’s Encrypt with automatic renewal
  • Firewall: Configured with UFW; only essential ports open
  • Security Tools: Fail2ban, SpamAssassin, ClamAV, Amavis, and Postfix/Dovecot with MySQL authentication
  • Strict Mail Policy: No bulk, promotional, or unsolicited mails — only system notifications from verified users

Despite clearly explaining this legitimate use case, AWS denied the Port 25 unblocking request without providing a technical explanation or any actionable guidance.

This is frustrating because:

  1. There are no prior spam or abuse issues with my account.
  2. I have been an AWS customer for almost a decade, primarily for learning, PoCs, and recent production deployments.
  3. The use case fully aligns with AWS’ guidelines for responsible email practices.

I’m seeking clarity on:

  • Why such requests are denied without context even when the configuration is fully compliant.
  • Whether AWS still allows authenticated, secure outbound SMTP via Port 25 for verified transactional use cases.
  • What options (if any) exist beyond SES if the goal is to maintain self-managed infrastructure for learning and production-grade deployments.

I understand AWS discourages open SMTP to prevent abuse, but it’s disheartening to see responsible users penalized for legitimate setups.

Would appreciate if an AWS representative or community expert could provide guidance or help escalate this for review.

Thank you,

Admin – **********

#ec2 #email #postfix #dovecot #smtp #port-25 #aws-support #networking #spam-prevention

Tópicos
Web e dispositivos móveis front-endAplicativos de negóciosComputação
Tags
Caso de suporteAmazon EC2Amazon WorkMailServiço de e-mail simples da Amazon
Idioma
English
feita há 2 meses124 visualizações
4 Respostas
1

Hello.

According to the comments in the answer at the URL below, the request was granted by providing the current and past rDNS and other detailed information.
I have also sent a request to remove the restriction on port 25 in the past, but it was rejected, so I gave up and used port 587 instead.
If you have access to port 587, it may be easier to consider using port 587 rather than sending a request to AWS.
https://repost.aws/questions/QUK64zK8ICTGC_q02vJzr3AQ/port-25-opening-denied-i-really-need-some-senior-help-here-please

Thank you so much for taking the time to reply to me & i do understand AWS's need to keep spammers out of you servers. The problem is now resolved, the trust and safety team (via business support and with their help), have now opened port 25 for me, so all is good and no need to use SES (although i may still use SES in future, as it does sound like it has some advantages to me) It did take 4 requests to open the port, but on my 4th request (i am migrating servers to AWS). I provided them with my "current/now previous servers" rDNS and other details, so that they could maybe check my 20 years of "good standing" + i explained some of my lack of knowledge on how i did not fully understand the questions they were asking of me. in under an hour, i got approved, and (now as i was migrating servers), i just need to setup on AWS the rDNS and email this to the T&S team. Thank you again for your attention, but i hope all will now be OK. The migration should be completed today. i just need to read up on how to set up the rDNS :-)

ESPECIALISTA
respondido há 2 meses
AWS
ESPECIALISTA
avaliado há 2 meses
0

Submitted Again.. Appreciate if you could help to resolve it at earliest. Thanks.

respondido há 2 meses
0

Amazon Support should take these cases in light of how they are getting percieved with every request denied.. Hope it gets addressed..

respondido há 2 meses
AWS
MODERADOR
avaliado há 2 meses
AWS
MODERADOR
avaliado há 2 meses
0

We are sorry about any confusion caused by the denial.. Please send your request through https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request to be reviewed and re evaluated by the team.

AWS
MODERADOR
respondido há 2 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Conteúdo relevante