Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Port 25 Unblock Request Denied Without Justification – Seeking Clarity and Escalation

0

Hi AWS Community,

I recently raised a request to remove Port 25 restrictions for an EC2 instance in the ap-south-1 (Mumbai) region.

The instance hosts a secure, non-commercial mail server for my domain nagraja.com, used only for transactional emails such as user registration, password resets, and account notifications. The setup is fully hardened and follows all AWS and general mail best practices, including:

  • SPF Record: v=spf1 ip4:************* a mx -all
  • DKIM: Implemented and verified via OpenDKIM (***********)
  • DMARC: v=DMARC1; p=quarantine; ************
  • TLS/SSL: Managed through Let’s Encrypt with automatic renewal
  • Firewall: Configured with UFW; only essential ports open
  • Security Tools: Fail2ban, SpamAssassin, ClamAV, Amavis, and Postfix/Dovecot with MySQL authentication
  • Strict Mail Policy: No bulk, promotional, or unsolicited mails — only system notifications from verified users

Despite clearly explaining this legitimate use case, AWS denied the Port 25 unblocking request without providing a technical explanation or any actionable guidance.

This is frustrating because:

  1. There are no prior spam or abuse issues with my account.
  2. I have been an AWS customer for almost a decade, primarily for learning, PoCs, and recent production deployments.
  3. The use case fully aligns with AWS’ guidelines for responsible email practices.

I’m seeking clarity on:

  • Why such requests are denied without context even when the configuration is fully compliant.
  • Whether AWS still allows authenticated, secure outbound SMTP via Port 25 for verified transactional use cases.
  • What options (if any) exist beyond SES if the goal is to maintain self-managed infrastructure for learning and production-grade deployments.

I understand AWS discourages open SMTP to prevent abuse, but it’s disheartening to see responsible users penalized for legitimate setups.

Would appreciate if an AWS representative or community expert could provide guidance or help escalate this for review.

Thank you,

Admin – **********

#ec2 #email #postfix #dovecot #smtp #port-25 #aws-support #networking #spam-prevention

Topics
Front-End Web & MobileBusiness ApplicationsCompute
Tags
Support CaseAmazon EC2Amazon WorkMailAmazon Simple Email Service
Language
English
asked a month ago115 views
4 Answers
1

Hello.

According to the comments in the answer at the URL below, the request was granted by providing the current and past rDNS and other detailed information.
I have also sent a request to remove the restriction on port 25 in the past, but it was rejected, so I gave up and used port 587 instead.
If you have access to port 587, it may be easier to consider using port 587 rather than sending a request to AWS.
https://repost.aws/questions/QUK64zK8ICTGC_q02vJzr3AQ/port-25-opening-denied-i-really-need-some-senior-help-here-please

Thank you so much for taking the time to reply to me & i do understand AWS's need to keep spammers out of you servers. The problem is now resolved, the trust and safety team (via business support and with their help), have now opened port 25 for me, so all is good and no need to use SES (although i may still use SES in future, as it does sound like it has some advantages to me) It did take 4 requests to open the port, but on my 4th request (i am migrating servers to AWS). I provided them with my "current/now previous servers" rDNS and other details, so that they could maybe check my 20 years of "good standing" + i explained some of my lack of knowledge on how i did not fully understand the questions they were asking of me. in under an hour, i got approved, and (now as i was migrating servers), i just need to setup on AWS the rDNS and email this to the T&S team. Thank you again for your attention, but i hope all will now be OK. The migration should be completed today. i just need to read up on how to set up the rDNS :-)

EXPERT
answered a month ago
AWS
EXPERT
reviewed a month ago
0

Submitted Again.. Appreciate if you could help to resolve it at earliest. Thanks.

answered a month ago
0

Amazon Support should take these cases in light of how they are getting percieved with every request denied.. Hope it gets addressed..

answered a month ago
AWS
MODERATOR
reviewed a month ago
AWS
MODERATOR
reviewed a month ago
0

We are sorry about any confusion caused by the denial.. Please send your request through https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request to be reviewed and re evaluated by the team.

AWS
MODERATOR
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content