JIRA Mail configuration with AWS SES

I have configured outgoing mail to use Amazon Web Services SES, following the guide here: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp-software-package.html

I can send test messages and they are received correctly.  I can also invite new users via the JIRA UI and they get their email invitations with no problem.

However, issue notifcations fail, with errors such as:  (I have replaced an actual email address with xxxx@xxx.com)

{code}

2017-07-25 15:30:00,152 Sending mailitem To='xxxx@xxx.com' Subject='(NGWDD-38) CSV download for today's date does
ot match roll-up number' From='null' FromName='John Holdzkom (JIRA)' Cc='null' Bcc='null' ReplyTo='null' InReplyTo='<JI
RA.10138.1500993908000@Atlassian.JIRA>' MimeType='text/html' Encoding='UTF-8' Multipart='javax.mail.internet.MimeMultip
art@6d9c345d' MessageId='null' ExcludeSubjectPrefix=false' ERROR anonymous Mail Queue Service [c.a.mail.queue.MailQu
eueImpl] Error occurred in sending e-mail: To='xxxx@xxx.com' Subject='(NGWDD-38) CSV download for today's date does
not match roll-up number' From='null' FromName='John Holdzkom (JIRA)' Cc='null' Bcc='null' ReplyTo='null' InReplyTo='<
JIRA.10138.1500993908000@Atlassian.JIRA>' MimeType='text/html' Encoding='UTF-8' Multipart='javax.mail.internet.MimeMult
ipart@6d9c345d' MessageId='null' ExcludeSubjectPrefix=false'
com.atlassian.mail.MailException: com.sun.mail.util.MailConnectException: Couldn't connect to host, port: email-smtp.us
-east-1.amazonaws.com, 25; timeout 10000;
nested exception is:
java.net.SocketTimeoutException: connect timed out
at com.atlassian.mail.server.impl.SMTPMailServerImpl.sendWithMessageId(SMTPMailServerImpl.java:225)
at com.atlassian.mail.queue.SingleMailQueueItem.send(SingleMailQueueItem.java:44)
at com.atlassian.mail.queue.MailQueueImpl.sendBufferUnderLock(MailQueueImpl.java:103)
at com.atlassian.mail.queue.MailQueueImpl.sendBuffer(MailQueueImpl.java:56)
at com.atlassian.jira.mail.JiraMailQueue$1.apply(JiraMailQueue.java:51)
at com.atlassian.jira.mail.JiraMailQueue$1.apply(JiraMailQueue.java:48)

{code}

 

This does not make sense to me since the server configurations are working fine for test messages and new user accounts.  

 

Any help would be appreciated, thanks.

3 answers

I changed two things which seemed to make this work, but it did not last long.

a) changed from SMTP (port 25) to SMTPS (port 465)

b) changed Timeout from 10000 to 60000 ms

However, after about 1 day, outgoing mail again fails, now with the following error:

 

{code}

com.atlassian.mail.MailException: javax.mail.MessagingException: [EOF]
at com.atlassian.mail.server.impl.SMTPMailServerImpl.sendWithMessageId(SMTPMailServerImpl.java:225)
at com.atlassian.mail.queue.SingleMailQueueItem.send(SingleMailQueueItem.java:44)
at com.atlassian.mail.queue.MailQueueImpl.sendBufferUnderLock(MailQueueImpl.java:103)
at com.atlassian.mail.queue.MailQueueImpl.sendBuffer(MailQueueImpl.java:56)
at com.atlassian.jira.mail.JiraMailQueue$1.apply(JiraMailQueue.java:51)
at com.atlassian.jira.mail.JiraMailQueue$1.apply(JiraMailQueue.java:48)
at com.atlassian.jira.util.velocity.DefaultVelocityRequestContextFactory.runWithStaticBaseUrl(DefaultVelocityRequestContextFactory.java:110)
at com.atlassian.jira.util.DefaultBaseUrl.runWithStaticBaseUrl(DefaultBaseUrl.java:50)
at com.atlassian.jira.mail.JiraMailQueue.sendBuffer(JiraMailQueue.java:48)
at com.atlassian.jira.service.services.mail.MailQueueService.run(MailQueueService.java:21)
at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImpl.java:61)
at com.atlassian.jira.service.ServiceRunner.runService(ServiceRunner.java:62)
at com.atlassian.jira.service.ServiceRunner.runServiceId(ServiceRunner.java:44)
at com.atlassian.jira.service.ServiceRunner.runJob(ServiceRunner.java:32)
at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:153)
at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:118)
at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:97)
at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:443)
at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeLocalJob(CaesiumSchedulerService.java:410)
at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:388)
at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService$1.consume(CaesiumSchedulerService.java:285)
at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService$1.consume(CaesiumSchedulerService.java:282)
at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:65)
at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:59)
at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:34)

{code}

0 votes

Just a best guess from previous SES usage, but I think you might be encountering the following two issues:

  1. As per Amazon SES SMTP Issues, "Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. [...] You can also connect to Amazon SES via port 465 or port 587, neither of which is throttled." - so if you by chance are running JIRA on EC2 (even indirectly via Docker or so), this might well explain your first experience, and indeed the general advise is to not use port 25 with SES if you can avoid it.
  2. The JIRA SES integration page you referenced does not mention that SES is sandboxed for new users to "help protect our customers from fraud and abuse and to help you establish your trustworthiness to ISPs and email recipients" - for example, you can "send a maximum of 200 messages per 24-hour period.", which could easily explain why it worked at first and then stopped "after about 1 day".

Amazon SES works great for our (small) production deployment of the entire Atlassian suite, but besides verifying email addresses and domains and moving out of the sandbox, you really need to make sure to manage your sending limits and esp. monitor your sending activity to avoid issues with bounces, complaints and rejects.

For more guidance you might also want to check the extensive Troubleshooting Amazon SES collection.

Thanks for your responses.  I should have mentioned that I have verified my domain with SES and my account is allowed up to 50k emails per day and is outside the sandbox.  To be granted this, I had to set up an SNS topic to capture bounces, complaints, and rejects (and I have seen none). 

So I'm still stumped....  I may contact AWS support to see if they have any ideas.

I am beginning to wonder if the problem is that the From address is null.  From the log:

{code}

From='null' FromName='gmcmullin (JIRA)' Cc='null' Bcc='null' ReplyTo='null' InReplyTo='<JIRA
.10138.1500993908000@Atlassian.JIRA>' MimeType='text/html' Encoding='UTF-8' Multipart='javax.mail.internet.MimeMultipart@
3659f1a6' MessageId='null' ExcludeSubjectPrefix=false' ERROR anonymous

. . .

{code}

even though I have a valid From address configured in the Outgoing Mail configuration, and am not overriding that for any Project (and in the Project setting it reflects the one configured for Outgoing).

John did you ever get jira working with SES SMTP?

I did.  I switched to the SECURE_SMTP option and port 465 and also increased the Timeout to 90000ms.  I had tried port 465 earlier but not with that large of a Timeout.  With this combination it started working and has been fine ever since. 

Ok I'll give it a try I also found EC2 instances (AWS Linux AMI) have their MTU set pretty high (6500 ish) which on another thread they recommended changing it to the default ethernet of 1500.  I'll update you if I find anything on this.

John our issue was simple our EC2 instance don't have public IP addresses by design.  Without a public IP or a NAT gateway they couldn't get to the external AWS SES server.  We spun up a NAT gatway and all worked well with the below

SMTP

port 587 

tls check 

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

933 views 5 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot