It’s important to know your limits. In this case study we find a situation stemming from SMTP being throttled. This is part of the packet capture I received:

SMTP Capture Retransmits

The top lines show the previous conversation ending. SMTP successfully sent 3 messages. After the 3rd message the mail server stopped responding and retransmits began. This pattern was repeatable. More than that it was repeatable from other EC2 instances. The only thing between the EC2 instances and the mail server was a router and a firewall. When the retransmits began the firewall no longer saw the SYN packets. Neither did the router. Clearly though, the server was attempting the connection.

From an infrastructure and application point of view this was a bit perplexing. However, this is when any good sysadmin must know to take everything under consideration and look for the anomaly. The only piece to this puzzle that wasn’t managed by the customer was AWS. After a quick search, it was found that AWS limits SMTP traffic by default to reduce SPAM attempts. You can see their documentation here.

A limit increase was requested, granted, and the emails were sent without issue. This is another reason why familiarity with your environment is crucial. It’s also a good idea to know how to get to documentation and/or support when needed.

To get started with other AWS service limits visit: [https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html].