By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Do SES SMTP endpoints block IPs from VPS services like Linode?

0

I've been using an SES SMTP endpoint for an extremely low volume of outbound mail from my personal Linode server for several months, and for at least the past few weeks all TCP traffic to these endpoints is getting blocked on every port.

Everything was up and running fine, verified and operational, and suddenly it's just blocked. I did extensive troubleshooting on the firewall side of the linode server itself. SMTP to other destinations works too, just not into SES. Linode is telling me they're not blocking anything.

It's a pretty common practice to just blackhole VPS services like Linode because of the sheer volume of garbage that comes in from there, so I completely understand if AWS wants to block these IPs (though an option for allowlisting an individual IP would be nice). There's just no indication in any documentation anywhere that this is the case.

Does anyone know if SES SMTP endpoints implemented blocking recently?

Topics
Front-End Web & MobileBusiness ApplicationsAWS Well-Architected Framework
Tags
Amazon Simple Email ServiceSecurityNetwork Security
Language
English
Erik
asked 8 months ago98 views
2 Answers
1
Accepted Answer

Updating with what turned out to be the problem. I doubt it will be useful to anyone.

No, AWS was not blocking my IP.

It looks like I had a broken iptables configuration. There was a custom script that configured the firewall on the server, but it was crashing before it could permit established/related traffic inbound on IPv4 (IPv6 was working fine). Because SES's SMTP endpoints are all IPv4, traffic to it was not working. Every other service on this host was working fine because they were all inbound, not outbound.

In this specific case, I was able to verify the problem was coming from iptables by running a tcpdump on all ICMP traffic on the affected interface, and pinging the SMTP server. I could see the ICMP replies come in, but the ping could not receive them.

Erik
answered 8 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed 8 months ago
1

Troubleshooting info here: https://docs.aws.amazon.com/ses/latest/dg/troubleshoot-smtp.html

Sounds like you have done some pretty good validation. I would recommend opening a support case to make specific query about the service. re:Post is a community forum so there is a limit to the specific knowledge of any service changes that may occur.

Hope this helps.

profile pictureAWS
EXPERT
iBehr
answered 8 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content