I’m having trouble sending email over port 25 from my Amazon Elastic Compute Cloud (Amazon EC2) instance or AWS Lambda function.

Resolution

AWS blocks outbound traffic on port 25 (SMTP) of all EC2 instances and Lambda functions by default. If you want to send outbound traffic on port 25, you can request for this restriction to be removed.

To remove the port 25 restriction on your Lambda function, associate your function with an Amazon Virtual Private Cloud (Amazon VPC). Then, give internet access to your Lambda function using a network address translation (NAT) gateway. The port 25 restriction can’t be removed from non-VPC functions.

After you complete this task, request AWS to remove the port 25 restriction on either your EC2 instance or your NAT gateway by following these steps:

  1. Sign in with your AWS account, and then open the Request to remove email sending limitations form.
  2. Enter your email address so that AWS Support can contact you with updates about your request.
  3. Provide the required information in the Use case description field:
    A clear and detailed use case for sending email from your EC2 instance or NAT Gateway.
    A statement outlining your plan for assuring that your account isn’t implicated in sending unwanted emails.
    The Region for your EC2 instance or NAT Gateway.
  4. (Optional) Provide the AWS owned Elastic IP addresses that you use to send outbound emails as well as any reverse DNS (rDNS) records that AWS needs to associate with the Elastic IP addresses. When you send emails, it’s a best practice to set up an rDNS record to help prevent outbound emails from being flagged as spam.
    Make sure to link the rDNS record to your Elastic IP address using a DNS A record. For example, if mail.example.com is the rDNS record that you’re setting, be sure that you create an A record for mail.example.com that points to the Elastic IP address.
  5. Choose Submit.

Note: If you have instances in more than one Region, then submit a separate request for each Region. If you have instances in a single Region a request needs to be submitted once for only that Region. If you have instances in more than one Region, then submit a separate request for each Region.

You receive an email with the Request ID after submitting the request form. It might take up to 48 hours to process your request. If your request is approved, you receive an email to notify you that the port 25 restriction is removed. If you don’t receive an update within 48 hours after submitting the request, reply to the initial email that you received.

Note: It’s a best practice to use Amazon Simple Email Service (Amazon SES) instead of sending emails directly from your resources. Email providers can block cloud IP ranges, preventing delivery of emails sent directly from your resources.