Jump to content


Photo

Amazon web services - Best practices


  • Please log in to reply
1 reply to this topic

#1 Paladin IT taff

Paladin IT taff
  • Members
  • 5 posts

Posted 21 October 2018 - 01:49 AM

To whom it may concern,

 

We have a number of software vendor that rely on Amazon AWS as their network infrastructure.  Because of this, they are using Amazon outgoing SMTP to send out reports, notification and updates.  What is the best practise to allow incoming email without running into issue with SFP and prefer not to whitelist the entire Amazon SMTP server farm.

 

The From portion would show "010001669552e147-d43a109c-4538-4459-a688-dc7976172871-000000@amazonses.com".   This character before the @ sign would change for every email received.   At this time, we whitelisted amazonses.com to prevent SPF or barracuda from blocking the email.  But this is not preferred because of a recent SPAM attack, in which one users was targeted.  The user mailbox was flooded with various mailing list request, I created a recipient quarantine rule on my Barracuda gateway.  It successfully block majority of DDOS, except for the source is from Amazon, which was whitelisted.  

 

Any advice or suggestions is greatly appreciated.

 

Nelson m

 

 



#2 Michael Manning

Michael Manning
  • Members
  • 187 posts
  • LocationOhio, USA

Posted 22 October 2018 - 02:20 PM

I don't know what the correct 'best practice' would be, but I probably would not whitelist amazonses.com for the reason you stated.

 

Looking at header info, the Received: from address is the amazonses.com address, but the alias 'From' address is still joe.blow @ whatevercompany.com and you should still be able to allow based on that alias address. We have senders in orgs who have since moved to AWS or some other hosted mail solution from systems they previously hosted themselves. I've not updated anything to do with how they are whitelisted to reflect that and their email still comes through as whitelisted.