AWS SES

[BackOffice]

Hello,

Recently i have closed all open ports on my server except 80 and 443, can it somehow be linked with amazon giving me bellow error ?

Error executing "SendRawEmail" on "https://email.eu-west-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://email.eu-west-1.amazonaws.com` resulted in a `403 Forbidden` response: <ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/"> <Error> <Type>Sender</Type> <Code>SignatureDo (truncated...) SignatureDoesNotMatch (client): Signature expired: 20190224T040102Z is now earlier than 20190224T075603Z (20190224T080103Z - 5 min.) - <ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/"> <Error> <Type>Sender</Type> <Code>SignatureDoesNotMatch</Code> <Message>Signature expired: 20190224T040102Z is now earlier than 20190224T075603Z (20190224T080103Z - 5 min.)</Message> </Error> <RequestId>54b24bad-380a-11e9-a490-e7ad6e9e3803</RequestId> </ErrorResponse>

If yes, which ports do i need to open ?

 

[BackOffice]

Found it,
issue is linked with NTP server port 123, in case if anybody has the same problem:

sudo iptables -A OUTPUT -p udp -m udp -m multiport --dports 123 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -m state --state NEW -p udp --dport 123 -j ACCEPT

 

[scottdmat]

So to lock down the mailwizz server and run without issue, the only firewall ports you need open with AWS security groups is ports 80, 443, and 123? No other ports?

 

[twisted1919]

@scottdmat - 80 is http and 443 is https, but why would you need 123?
You most likely need 22 for ssh as well.

 

[scottdmat]

@twisted1919

I am using AWS SES like @BackOffice and it looks like when he locked down his server he was getting an AWS SES error until he opened port 123. I was assuming I would be in the same situation and thought that I would have to do the same.

So to get this correct, do I only need to open ports 80, 443, and ssh port?

Or do I need to open port 123 as well since I am using AWS SES?