3

Question: Would like some help on how to debug to find a point of failure where an email to be received by AWS SES might get dropped?

(Please note: Problem is related to receiving mails via SES email server, rather than sending it. As latter is usually the use case of SES and also has a lot of help available over the internet)

Context: We have a setup wherein multiple sources of email senders would send email to some AWS SES address. SES would create a object in S3 with the complete mail content (using rule sets).

The setup is complete and works if I just send a mail (has been for a month). But recently I have discovered that it is dropping some mails (or not triggering rules). and this issue has been there from the time we started using the service, when there was comparatively lesser load on it.

Things I have already checked:

  • SES Troubleshooting Guide, which does not have any guide for problems receiving emails.
  • Checked CloudWatch for Publish Expired / Publish Failure for all rule sets and all have been 0 for the duration. (as we are not using SES for sending mails)
  • Added a lambda as an action in the beginning of the rule action list, and consoled whole the event object and found out that SES did not receive the email. (So no problem with S3, SES is the one who did not receive the mail)
  • Made sure that 'Enable spam and virus scanning' option is disabled.
  • Used a GMail sender. This will ensure if the email is getting bounced for some reason, I would get a 'Could not send your email' as a reply. Did not receive any notification from GMail and some mails sent via Gmail were also dropped.

Thing I need help with: I have tried reading about how MX records work, which was used during setup of this SES account, and it might be the case where our other email address might be conflicting with this one. As I do not have direct access to GoDaddy console from where DN was purchased, I don't have more info on this or cannot immediately verify this.

I suspect that we have a DN x.com which has a MX record and it points to SES. And there is another DN y.com which is pointing to our GMail service. Is there a possibility that if MX records of x.com were already pointing to Gmail service and during setup of SES just another MX record of AWS were added, would some mails go to Gmail and some to AWS?

Side note: Also we cannot contact AWS for issue as their technical support is paid and paying more is not an option (dropping SES itself is better option than that).

Update: Just verified that x.com has aspmx.l.google.com, as well as inbound-smtp.us-east-1.amazonaws.com both with preference 10, by using mxtoolbox.com

Lalit Umbarkar
  • 131
  • 4

2 Answers2

4

Update: Just verified that x.com has aspmx.l.google.com, as well as inbound-smtp.us-east-1.amazonaws.com both with preference 10, by using mxtoolbox.com

This is your problem. Some email's going to randomly go to SES, other email's going to go to Gmail. You need to pick one provider for inbound email per FQDN.

ceejayoz
  • 32,469
  • 7
  • 81
  • 105
1

Well this happened to me before where the x.com having 2 mx record with different G-Suite and used AWS SES.

Frankly both of that email provider have the same priority https://support.google.com/a/answer/174125?hl=en where the AWS SES have the mx record for instance in N. Virginia inbound-smtp.us-east-1.amazonaws.com with priority 10 feedback-smtp.us-east-1.amazonses.com with priority 10

So how to solve that issue are either you lower or higher the priority that your AWS SES priority. You cannot use the same priority where that MX Record are pointing to different provider.

For me this how to solve.

Value/Answer/Destination. | Priority

ASPMX.L.GOOGLE.COM. | 1

ALT1.ASPMX.L.GOOGLE.COM. | 5

ALT2.ASPMX.L.GOOGLE.COM. | 5

ALT3.ASPMX.L.GOOGLE.COM. | 10

ALT4.ASPMX.L.GOOGLE.COM. | 10

inbound-smtp.us-east-1.amazonaws.com. | 15

feedback-smtp.us-east-1.amazonses.com| 15

Aeterno
  • 31
  • 2