Rajesh Kumar

Error: Connection timed out with aspmx3.googlemail.com & Network is unreachable

Posted by

rajeshkumar

Scenario

I recieved these errors while sending an email from AWS Ec2 instance to google mail services.

Error

$ sudo apt-get install mailutils

$ echo "This is a test email" | mail -s "Test Email" rajesh@devopsschool.com


$ echo "Test2" | mail -s "Dashboard LOG Analysis Report - $ydate" -r rajesh@mymail.com "rajesh@mymail.com"

43J8QuFY010148   133228 Fri Apr 19 08:26 <apache@ip-172-31-1-28.ec2.internal>
                 (Deferred: Connection timed out with aspmx3.googlemail.com.)
                                         <backend@mymail.com>

$ mailq
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
80097103D4      427 Tue Apr 23 00:23:15  rajesh@mymail.com
(connect to alt2.aspmx.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
                                         rajesh@mymail.com

DE26B12535      446 Tue Apr 23 00:25:09  root@ip-172-31-41-118.ap-south-1.compute.internal
 (connect to alt1.aspmx.l.google.com[173.194.202.27]:25: Connection timed out)
                                         rajesh@mymail.com

-- 0 Kbytes in 2 Requests.
root@ip-172-31-41-118:/home/ubuntu# mailq
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
80097103D4      427 Tue Apr 23 00:23:15  rajesh@mymail.com
 (connect to alt1.aspmx.l.google.com[173.194.202.26]:25: Connection timed out)
                                         rajesh@mymail.com

DE26B12535      446 Tue Apr 23 00:25:09  root@ip-172-31-41-118.ap-south-1.compute.internal
 (connect to alt1.aspmx.l.google.com[173.194.202.27]:25: Connection timed out)
                                         rajesh@mymail.com

-- 0 Kbytes in 2 Requests.

$ telnet alt1.aspmx.l.google.com  25
Trying 173.194.202.27...

Issues and Solution


The error message (Deferred: Connection timed out with aspmx3.googlemail.com.) indicates that your EC2 instance tried to send an email, but the connection to the recipient’s email server (in this case, a server used by Google Mail) timed out. This can occur for several reasons when sending from an AWS EC2 instance:

Method – 1: IP Reputation

  • Issue: AWS EC2 instances may have a less favorable IP reputation because these IPs could have been previously used by other customers who might have sent spam or malicious content.
  • Solution: Use Amazon Simple Email Service (SES), a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. It integrates with your applications and provides a higher deliverability rate.

Method – 2: SMTP Restrictions

  • Issue: AWS imposes limitations on outbound SMTP traffic on port 25 (the standard port for sending email) from EC2 instances to prevent spam. New accounts especially may find these ports throttled.
  • Solution: You can request AWS to remove the throttle on port 25 for your EC2 instance. Alternatively, you can configure your mail sending applications to use port 587 or 465 for secure SMTP connections. you can contact AWS Support to discuss the possibility of allowing outbound email traffic over port 25 from your EC2 instance. AWS blocks this port by default for new EC2 instances to help prevent abuse

Method – 3:Egress Filtering

  • Issue: AWS has network-level egress filtering that might block traffic considered potentially harmful or frequently abused.
  • Solution: Ensure your network access control lists (ACLs) and security groups are configured to allow outbound traffic on the ports used by your mail server (e.g., 25, 587, 465).

Method – 4: Port Blocking

AWS blocks outgoing traffic on port 25 by default to prevent spam. This could be the primary reason why the connection to Google’s mail server timed out.

Solutions:

  • Use an Alternative Port: Configure your mail sending application to use alternative ports that might be open, such as port 587 (submission) or 465 (SMTPS), both of which are intended for email client to email server communication and usually support encryption.
  • Request to Remove the Port 25 Block: You can submit a request to AWS to remove the block on port 25 for your EC2 instance. This is not generally recommended due to the potential for abuse and the likelihood of being blacklisted by major email providers.

Permanent Solution

Using AWS SES

As previously mentioned, using Amazon Simple Email Service (SES) is highly recommended for sending emails from AWS infrastructure. SES manages many of the deliverability and server reputation issues automatically.

Steps to set up SES:

  • Verify Your Domain: This is required to send email from any address on that domain.
  • Move Out of the SES Sandbox: New AWS accounts use SES in a “sandbox” environment where you can only send emails to verified email addresses and domains. You’ll need to request a limit increase to send emails to unverified emails.
  • Configure Email Sending: Use the SES SMTP interface or API in your applications.

rajeshkumar

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Recent Posts

Categories

Tags

There’s no content to show here yet.