• A record that points to your server.
  • MX record that points to your A record.
  • Mail daemon listening on port 25 -- I tend towards Postfix.
  • Firewall rules allowing port 25 to accept connections. On EC2, you need to set this in your security groups

I was facing similar problems. I have an MX record set up and the ports unblocked in the security policies, but a port scan still shows port 25 as blocked.

I came across this answer on the AWS forum. It seems that you have to request to specifically unblock your port 25 / 445. http://mxtoolbox.com/ should be useful to test your server.


You'll need an SMTP daemon such as postfix installed, and thus, the ports open from the AWS security group for starters.

Then, you can follow a configuration guide - have a look at the postfix basic configuration guide.

In a nutshell, you'll want to be 100% sure you're not operating as an open rely. Here's a very basic main.cf for simple username based delivery that I use:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no

myhostname = mail.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

mydestination = hostname.domain.com, localhost.mydomain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all


smtpd_helo_restrictions =
    permit_mynetworks,
    #reject_non_fqdn_hostname,
    reject_invalid_hostname,
    permit