How do I troubleshoot email server issues on my EC2 Windows instance?

Short description

When you use SMTP to send email from your instance, you might encounter several common problems:

• Your security groups or network access control lists (network ACL) block SMTP traffic on ports 25, 587, or 465.
  Note: By default, outbound traffic is blocked on port 25 (SMTP) for all Amazon EC2 instances and AWS Lambda functions. To send outbound traffic on port 25, request the removal of this restriction. For more information, see How do I remove the restriction on port 25 from my Amazon EC2 instance or AWS Lambda function?
• The instance's public IP address changes after you stop and start the instance.
• Your outbound messages are flagged as spam.
• Emails aren't delivered to a specific domain.
• Outbound emails are delayed.
• You can't send emails even though you can receive them.

Resolution

Your security groups or network ACLs block SMTP traffic on ports 25, 587, or 465

1. To verify that traffic is blocked, use Test-NetConnection or the telnet utility to check for connectivity at the SMTP port.
2. If traffic is blocked at the SMTP port, then make sure that the following configurations are correct:
   The security group outbound (egress) rules must allow traffic to the SMTP server on TCP port 25, 587, or 465.
   The network ACL outbound (egress) rules must allow traffic to the SMTP server on TCP port 25, 587, or 465.
   The network ACL inbound (ingress) rules must allow traffic from the SMTP server on TCP ports 1024-65535.
   The firewall and antivirus application on your Windows instance must allow traffic to the SMTP server on TCP port 25, 587, or 465.
   The EC2 instance must have internet connectivity.

The instance's public IP address changes after you stop and start the instance

Your instance is automatically assigned a public IP address. However, this address changes whenever you stop and start the instance. To avoid this, make sure that the mail server instance has an Elastic IP address assigned to it.

Your outbound messages are flagged as spam

If you're missing DKIM authentication, SPF records, or a reverse DNS record set, then your outbound messages might be flagged as spam. It's a best practice to set up these records to prevent outbound emails from being flagged as spam. For more information on reverse DNS records, see the following resources:

Configurable reverse DNS for Amazon EC2's Elastic IP addresses

How do I activate reverse DNS functionality for Amazon Route 53 with a PTR record?

How do I troubleshoot issues with the PTR record that I'm using for reverse DNS in Route 53?

Emails aren't delivered to a specific domain

If you can't send emails to a specific domain, then follow these steps:

• Check whether the recipient domain is blocking your IP address.
• Make sure that your emails aren't too large for the destination to accept. Even if you don't have a size restriction on sent mail, the recipient might have limits on incoming mail size. The standard email size setting is 22 MB.

Outbound emails are delayed

If your emails are delayed, then follow these steps:

1. Check whether the delayed emails are going to one specific address or domain.
2. Check your email server configuration to make sure that nothing has changed.
3. Check whether the email queue is slow on your server, or if emails leave your server on time but are slow to arrive at the destination.
   If emails are stacking in the queue on your server, make sure that there aren't performance issues on your SMTP server.
   If the problem is at the destination, make sure that your emails aren't too large for the destination to accept. Even if you don't have a size restriction on sent mail, the recipient might have limits on incoming mail size. The standard email size setting is 22 MB.
4. Use an email header analyzer tool to analyze the message header for diagnostic information.

You can't send emails even though you can receive them

This issue occurs when you don't configure the authentication that the outgoing (SMTP) server requires.