SES SMTP TLS handshake timeout on specific IP addresses in ap-southeast-2 - Infrastructure Issue

I understand you're experiencing TLS handshake timeouts with specific SES SMTP IP addresses in ap-southeast-2. This type of infrastructure issue requires direct investigation by AWS Support, as I cannot diagnose or troubleshoot specific IP addresses or infrastructure nodes.

For SMTP connections to Amazon SES, TLS is mandatory and SES supports both STARTTLS (which upgrades an unencrypted connection to encrypted) and TLS Wrapper (which establishes an encrypted connection from the start). SES supports TLS 1.2, TLS 1.1, and TLS 1.0 for these connections.

To get this investigated properly, I recommend:

1. Open an AWS Support case immediately - Include the specific failing IP addresses, timestamps, and your Exchange server logs showing the TLS handshake timeouts versus successful connections.

2. Provide detailed evidence - The comparison you've documented (3.105.134.170 timing out vs 3.24.9.22 working) is exactly the type of information AWS Support needs to investigate potential infrastructure issues.

3. Check your configuration sets - While this appears to be an infrastructure issue rather than configuration, verify if you're using any configuration sets with specific TLS policies that might affect behavior.

Since you're seeing consistent patterns where some IPs work while others timeout during TLS handshake, and this started suddenly today, this does warrant immediate AWS Support investigation to determine if there's an issue with specific SES endpoint nodes in that region.

Time is important here - the sooner you open a support case with your detailed logs, the faster AWS engineering can investigate the specific infrastructure components involved.
Sources
Amazon SES and security protocols - Amazon Simple Email Service
Amazon SES and security protocols - Amazon Simple Email Service