Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does Amazon EC2 limit port 25? [closed]

It says here...

Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. To remove these limits, submit a Request to Remove Email Sending Limitations. You can also connect to Amazon SES via port 465 or port 587, neither of which is throttled.

Why doesn't it throttle ports 465 and 587? Why doesn't everyone use these ports instead of 25 and avoid the throttling issue altogether?

like image 413
Ian Warburton Avatar asked Jan 09 '16 14:01

Ian Warburton


People also ask

Does AWS block port 25 inbound?

AWS blocks outbound traffic on port 25 (SMTP) of all EC2 instances and Lambda functions by default. If you want to send outbound traffic on port 25, you can request for this restriction to be removed.

Is there a limit on EC2 instances?

EC2 InstancesBy default, AWS has a limit of 20 instances per region. This includes all instances set up on your AWS account. To increase EC2 limits, request a higher limit by providing information about the new limit and regions where it should be applied.

Why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately?

Explanation:An EC2 instance must be unreachable for 20 minutes before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 minutes and will not require any action on the part of the customer.


1 Answers

This is an anti-spam measure.

Without this restriction you could create a new Amazon account, fire up an EC2 machine and send a few million spam messages before anything could be done. By throttling the connection, it makes that scenario unavailable to new user accounts.

465/587 are authenticated ports, and it specifically mentions Amazon Simple Email Service (SES) Which is specifically designed for bulk sending email and is tuned to detect use by spammers.

Edited to add SES information

When you first sign up for SES you are placed in a sandbox. This will place the following restrictions upon your account.

  • You can only send mail to the Amazon SES mailbox simulator and to verified email addresses and domains
  • You can only send mail from verified email addresses and domains.
  • You can send a maximum of 200 messages per 24-hour period.
  • Amazon SES can accept a maximum of one message from your account per second.

Which basically means that if you want to use SES in a production scenario because you can only send to / from accounts that you have explicitly verified. You need to request a sending limit raise. Which you can either do from the console or by raising a support ticket.

You will then have a new sending limit applied and a daily quota. For instance on my dev account I have a 50,000 per day daily quota and 14/second sending limit.

If I were to attempt to send more than 14 messages per second, over SMTP (regardless of port) you will get this SMTP error message 454 Throttling failure: Maximum sending rate exceeded if I tried to send more than 50,000 messages I would receive 454 Throttling failure: Daily message quota exceeded

In order to understand how throttling works, you need to think about the process that is occurring.

When you connect to SES over SMTP (on any port) you pass your credentials, AWS will check the limits on your account and start counting against your limits. At that point you are an authenticated user coming over an authenticated endpoint (you cannot send via SES anonymously - You can receive email in SES, but there are no incoming email limits applied, apart from message size) In that context you can see that throttling a particular port would be entirely pointless.

The only AWS service to have default throttling on port 25 is EC2.

the ONLY time that SES will throttle your messages is when you exceed your allowed limits.

Those limits can never be removed, they can only be increased (albeit increased to reasonably insane numbers)

Those limits will grow over time, if you are diligent in your use of SES and your handling of blocked / bounced messages your numbers will increase.

So, in summary.

  • SES Does not throttle port 25, port 465 or port 587.
  • SES will only rate limit messages based on your quotas.
  • SES Rate limits apply entirely independently to TCP port numbers.
like image 66
Michael B Avatar answered Sep 21 '22 19:09

Michael B