I set up an Amazon Simple Email Service (Amazon SES) receipt rule that sends inbound emails to an Amazon Simple Storage Service (Amazon S3) bucket. However, the inbound emails aren't arriving or saving to the S3 bucket.
Resolution
To identify and resolve what's preventing your inbound emails from saving to the S3 bucket, check the following:
Amazon SES domain verification
To receive inbound emails on Amazon SES, you must complete the verification process for your email domain.
Mail exchanger record (MX record)
To receive inbound emails on Amazon SES, you must set up one of the following:
The MX record refers to the endpoint for the AWS Region where you use Amazon SES. To check if the record exists using macOS or a Linux operating system, run the dig command:
Note: Replace example.com with your domain.
dig MX example.com +short
If the MX record exists, then the command returns the MX record:
example.com. 60 IN MX 10 inbound-smtp.eu-west-1.amazonaws.com
To check if the record exists using a Windows operating system, run the nslookup command:
- At the command prompt, type NSLOOKUP. Then, press Enter.
- At the > prompt, type set type=MX. Then, press Enter.
- At the next > prompt, type your domain. For example, type example.com. Then, press Enter.
If the MX record exists, the command returns the MX record:
Non-authoritative answer:
example.com MX preference = 10, mail exchanger = inbound-smtp.eu-west-1.amazonaws.com
Note: If there are more than one MX records for your domain, then make sure that the MX record for inbound emails (SES) has the highest preference. The number before the MX record indicates preference. The lower the number, the higher the preference. For example:
10 inbound-smtp.us-east-1.amazonaws.com
20 mail-host1.example.com
Receipt rule settings
Confirm that the receipt rule that you're using to send inbound emails to Amazon S3 is in an active rule set. The rule must be in an active rule set to apply to your emails.
Additionally, view the receipt rule in the Amazon SES console, and review the following settings:
- Enabled: Confirm that this option is selected. The receipt rule must be turned on for it to apply to your emails.
- Require TLS: If this option is selected, then Amazon SES rejects inbound emails if they aren't encrypted by TLS.
- Recipient: You can enter a single email identity or an email domain. Or, you can leave the field blank so that the rule applies to all your verified domains. If you set a single email identity as the recipient, then confirm that the identity receives the emails that you want to store on Amazon S3. Emails received by any other identity aren't sent to Amazon S3. Additionally, if you set the recipient as an email domain or all of your verified domains, then review your other active receipt rules to confirm that your rules don't overlap.
Note: Amazon SES runs receipt rules based on the order that you configured on the rule set.
- Object key prefix: If you set an object key prefix, then make sure to check this prefix within your S3 bucket to find the inbound emails.
S3 bucket permissions
To send inbound emails to the S3 bucket, you must grant Amazon SES the necessary permissions on the bucket policy.
Review the bucket policy to confirm that Amazon SES has permissions for s3:PutObject. Additionally, modify any "Effect": "Deny" statements in the bucket policy that deny Amazon SES permissions for s3:PutObject explicitly.
Encryption
To encrypt your inbound emails with AWS Key Management Service (AWS KMS), select your encryption key in the steps to create the Amazon SES receipt rule. You must grant Amazon SES the necessary permissions on the key policy.
IP address filter for Amazon SES email receiving
If you set an IP address filter for inbound emails to Amazon SES, then confirm that your inbound emails are from IP addresses that are allowed by your filter.
Email file size
To store an inbound email in an S3 bucket, the file size of the email (including headers) must be 40 MB or smaller.
Related information
Setting up Amazon SES email receiving
Giving permissions to Amazon SES for email receiving
Creating receipt rules console walkthrough
Recipient-based control using receipt rules