I am trying to send email from Keycloak in my EC2 container using SES. I want to add role-based permission for sending mail (I don’t want to use username and password).
For the IAM user I have attached the policy below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:*"
],
"Resource": "*"
}
]
}
And my keycloak configuration is,
When using the port like 465 it shows the error,
2024-08-29 13:23:30,759 ERROR [org.keycloak.services] (executor-thread-335) KC-SERVICES0029: Failed to send email: org.eclipse.angus.mail.smtp.SMTPSendFailedException: 530 Authentication required
at org.eclipse.angus.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2422)
at org.eclipse.angus.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1839)
at org.eclipse.angus.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1316)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:158)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:66)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:277)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:271)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.sendSmtpTestEmail(FreeMarkerEmailTemplateProvider.java:128)
at org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(RealmAdminResource.java:1008)
at org.keycloak.services.resources.admin.RealmAdminResource$quarkusrestinvoker$testSMTPConnection_0bc3cac9c894e7b29eb4c1f2d80a099cba7bdf38.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
org.keycloak.email.EmailException: org.eclipse.angus.mail.smtp.SMTPSendFailedException: 530 Authentication required
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:66)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:277)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:271)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.sendSmtpTestEmail(FreeMarkerEmailTemplateProvider.java:128)
at org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(RealmAdminResource.java:1008)
at org.keycloak.services.resources.admin.RealmAdminResource$quarkusrestinvoker$testSMTPConnection_0bc3cac9c894e7b29eb4c1f2d80a099cba7bdf38.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: org.eclipse.angus.mail.smtp.SMTPSendFailedException: 530 Authentication required
at org.eclipse.angus.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2422)
at org.eclipse.angus.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1839)
at org.eclipse.angus.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1316)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:158)
... 16 more
2024-08-29 13:23:30,762 ERROR [org.keycloak.services.resources.admin.RealmAdminResource] (executor-thread-335) Failed to send email
org.eclipse.angus.mail.smtp.SMTPSendFailedException: 530 Authentication required
When using the port 25 it shows the error,
2024-08-29 14:08:59,599 ERROR [org.keycloak.services] (executor-thread-344) KC-SERVICES0029: Failed to send email: org.eclipse.angus.mail.util.MailConnectException: Couldn't connect to host, port: email-smtp.us-east-1.amazonaws.com, 25; timeout 10000;
nested exception is:
java.net.SocketTimeoutException: Connect timed out
at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2258)
at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:753)
at jakarta.mail.Service.connect(Service.java:342)
at jakarta.mail.Service.connect(Service.java:222)
at jakarta.mail.Service.connect(Service.java:171)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:156)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:66)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:277)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:271)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.sendSmtpTestEmail(FreeMarkerEmailTemplateProvider.java:128)
at org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(RealmAdminResource.java:1008)
at org.keycloak.services.resources.admin.RealmAdminResource$quarkusrestinvoker$testSMTPConnection_0bc3cac9c894e7b29eb4c1f2d80a099cba7bdf38.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
at java.base/java.net.Socket.connect(Socket.java:633)
at org.eclipse.angus.mail.util.SocketFetcher.createSocket(SocketFetcher.java:359)
at org.eclipse.angus.mail.util.SocketFetcher.getSocket(SocketFetcher.java:236)
at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2208)
... 21 more
org.keycloak.email.EmailException: org.eclipse.angus.mail.util.MailConnectException: Couldn't connect to host, port: email-smtp.us-east-1.amazonaws.com, 25; timeout 10000;
nested exception is:
java.net.SocketTimeoutException: Connect timed out
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:66)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:277)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.send(FreeMarkerEmailTemplateProvider.java:271)
at org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.sendSmtpTestEmail(FreeMarkerEmailTemplateProvider.java:128)
at org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(RealmAdminResource.java:1008)
at org.keycloak.services.resources.admin.RealmAdminResource$quarkusrestinvoker$testSMTPConnection_0bc3cac9c894e7b29eb4c1f2d80a099cba7bdf38.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: org.eclipse.angus.mail.util.MailConnectException: Couldn't connect to host, port: email-smtp.us-east-1.amazonaws.com, 25; timeout 10000;
nested exception is:
java.net.SocketTimeoutException: Connect timed out
at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2258)
at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:753)
at jakarta.mail.Service.connect(Service.java:342)
at jakarta.mail.Service.connect(Service.java:222)
at jakarta.mail.Service.connect(Service.java:171)
at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:156)
... 16 more
Caused by: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
at java.base/java.net.Socket.connect(Socket.java:633)
at org.eclipse.angus.mail.util.SocketFetcher.createSocket(SocketFetcher.java:359)
at org.eclipse.angus.mail.util.SocketFetcher.getSocket(SocketFetcher.java:236)
at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2208)
... 21 more
2024-08-29 14:08:59,602 ERROR [org.keycloak.services.resources.admin.RealmAdminResource] (executor-thread-344) Failed to send email
org.eclipse.angus.mail.util.MailConnectException: Couldn't connect to host, port: email-smtp.us-east-1.amazonaws.com, 25; timeout 10000;
nested exception is:
java.net.SocketTimeoutException: Connect timed out
DEBUGING IN PHP
In order to debug this issue in the same EC2, I created another container with PHP(coz I am from PHP background). And used the following code and it worked,
require 'vendor/autoload.php';
use Aws\Ses\SesClient;
use Aws\Exception\AwsException;
// Create an SES client
$SesClient = new SesClient([
'version' => 'latest',
'region' => 'us-east-1', // Change to your region
]);
$sender_email = 'noreply@mydomain.com';
$recipient_emails = ['recipient@example.com'];
$subject = 'SES Test Email';
$body_text = 'Test email body';
$body_html = '<p>Test email body</p>';
try {
$result = $SesClient->sendEmail([
'Source' => $sender_email,
'Destination' => [
'ToAddresses' => $recipient_emails,
],
'Message' => [
'Subject' => [
'Data' => $subject,
'Charset' => 'UTF-8',
],
'Body' => [
'Text' => [
'Data' => $body_text,
'Charset' => 'UTF-8',
],
'Html' => [
'Data' => $body_html,
'Charset' => 'UTF-8',
],
],
],
]);
echo 'Email sent! Message ID: '.$result->get('MessageId')."\n";
} catch (AwsException $e) {
echo $e->getMessage();
echo "\n";
}
So, anyone can help to find out what am i doing wrong here? Tried changing the port number nothing worked.
Technologies used: CloudFront, EKS, egress, traefik