can not send emails via AWS

Beginner

Posts: 4 Points: 3 Rating: 6 Authority: 0 Joined: 03 November 2022

17 January 2026 19:54:41

TheBat: v12 or v8
LInux Mint + Wine 11 + PlayOnLinux

What is the problem and how to ocnfigure to use correct cetificate?

>1/17/2026, 11:11:53: IMAP - Certificate S/N: CD7AC4A2EA6D967E, algorithm: RSA (2048 bits), issued from 10/18/2016 3:10:46 PM to 10/16/2026 3:10:46 PM, for 1 host(s): mint.
>1/17/2026, 11:11:53: IMAP - Owner: "mint".
>1/17/2026, 11:11:53: IMAP - This certificate is self-issued.
1/17/2026, 11:11:53: IMAP - TLS handshake complete
1/17/2026, 11:11:53: IMAP - Connected to IMAP server (mint)
1/17/2026, 11:11:53: IMAP - Authenticating (user: "kes", method: "LOGIN")...
1/17/2026, 11:11:53: IMAP - IMAP server authentication OK, server says "Logged in"
1/17/2026, 11:42:40: SEND - sending mail message(s) - 1 message(s) in queue
1/17/2026, 11:42:40: SEND - Connecting to SMTP server email-smtp.eu-west-1.amazonaws.com on port 587
1/17/2026, 11:42:40: SEND - Initiating TLS handshake
>1/17/2026, 11:42:40: SEND - Certificate S/N: 077784B840C10C1D04A4F37EE6602BAB, algorithm: RSA (2048 bits), issued from 12/29/2025 to 12/16/2026 11:59:59 PM, for 5 host(s): email-smtp.eu-west-1.amazonaws.com, email-smtp-fips.eu-west-1.api.aws, email-smtp.eu-west-1.api.aws, email-smtp-fips.eu-west-1.amazonaws.com, *.email-smtp.eu-west-1.vpce.amazonaws.com.
>1/17/2026, 11:42:40: SEND - Owner: "email-smtp.eu-west-1.amazonaws.com".
>1/17/2026, 11:42:40: SEND - Issuer: "US", "Amazon", "Amazon RSA 2048 M01". Valid from 8/23/2022 10:21:28 PM to 8/23/2030 10:21:28 PM.
>1/17/2026, 11:42:40: SEND - Issuer: "US", "Amazon", "Amazon Root CA 1". Valid from 5/25/2015 12:00:00 PM to 12/31/2037 1:00:00 AM. The issuer of this certificate chain was not found!
>1/17/2026, 11:42:40: SEND - Missing issuer: "US", "Arizona", "Scottsdale", "Starfield Technologies, Inc.", "Starfield Services Root Certificate Authority - G2".
!1/17/2026, 11:42:40: SEND - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
!1/17/2026, 11:43:00: SEND - The server has aborted the connection
1/17/2026, 11:43:00: SEND - connection finished - 0 message(s) sent
1/17/2026, 11:43:00: SEND - Some messages were not sent - check the log for details
1/17/2026, 12:50:32: SEND - sending mail message(s) - 1 message(s) in queue
1/17/2026, 12:50:32: SEND - Connecting to SMTP server email-smtp.eu-west-1.amazonaws.com on port 587
1/17/2026, 12:50:33: SEND - Initiating TLS handshake
>1/17/2026, 12:50:33: SEND - Certificate S/N: 077784B840C10C1D04A4F37EE6602BAB, algorithm: RSA (2048 bits), issued from 12/29/2025 to 12/16/2026 11:59:59 PM, for 5 host(s): email-smtp.eu-west-1.amazonaws.com, email-smtp-fips.eu-west-1.api.aws, email-smtp.eu-west-1.api.aws, email-smtp-fips.eu-west-1.amazonaws.com, *.email-smtp.eu-west-1.vpce.amazonaws.com.
>1/17/2026, 12:50:33: SEND - Owner: "email-smtp.eu-west-1.amazonaws.com".
>1/17/2026, 12:50:33: SEND - Issuer: "US", "Amazon", "Amazon RSA 2048 M01". Valid from 8/23/2022 10:21:28 PM to 8/23/2030 10:21:28 PM.
>1/17/2026, 12:50:33: SEND - Issuer: "US", "Amazon", "Amazon Root CA 1". Valid from 5/25/2015 12:00:00 PM to 12/31/2037 1:00:00 AM. The issuer of this certificate chain was not found!
>1/17/2026, 12:50:33: SEND - Missing issuer: "US", "Arizona", "Scottsdale", "Starfield Technologies, Inc.", "Starfield Services Root Certificate Authority - G2".
!1/17/2026, 12:50:33: SEND - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
!1/17/2026, 12:50:45: SEND - Server reports TLS error: Cancelled by user.
!1/17/2026, 12:50:46: SEND - The server has aborted the connection
1/17/2026, 12:50:46: SEND - connection finished - 0 message(s) sent
1/17/2026, 12:50:46: SEND - Some messages were not sent - check the log for details

Eugen Konkov

Beginner

Posts: 4 Points: 3 Rating: 6 Authority: 0 Joined: 03 November 2022

17 January 2026 20:03:07

I switched to use MS CryptoAPI, now TLS connection is Ok, but sending still fails

1/17/2026, 12:58:35: SEND - sending mail message(s) - 1 message(s) in queue
1/17/2026, 12:58:35: SEND - Connecting to SMTP server email-smtp.eu-west-1.amazonaws.com on port 587
1/17/2026, 12:58:36: SEND - Initiating TLS handshake
>1/17/2026, 12:58:36: SEND - Certificate S/N: 077784B840C10C1D04A4F37EE6602BAB, algorithm: RSA (2048 bits), issued from 12/29/2025 to 12/16/2026 11:59:59 PM, for 5 host(s): email-smtp.eu-west-1.amazonaws.com, email-smtp-fips.eu-west-1.api.aws, email-smtp.eu-west-1.api.aws, email-smtp-fips.eu-west-1.amazonaws.com, *.email-smtp.eu-west-1.vpce.amazonaws.com.
>1/17/2026, 12:58:36: SEND - Owner: email-smtp.eu-west-1.amazonaws.com.
>1/17/2026, 12:58:36: SEND - Issuer: US, Amazon, Amazon RSA 2048 M01.
1/17/2026, 12:58:37: SEND - TLS handshake complete
1/17/2026, 12:58:37: SEND - connected to SMTP server
1/17/2026, 12:58:37: SEND - authenticating (login)...
1/17/2026, 12:58:37: SEND - sending message to virtualrecruiter@procomservices.com
!1/17/2026, 12:59:37: SEND - Connect failed. Connection timed out

It is no matter is his MS CryptoAPI or custom with imported AWS bundle.
https://imgur.com/a/xnCTErA

Eugen Konkov Beginner Posts: 4 Points: 3 Rating: 6 Authority: 0 Joined: 03 November 2022	#3 0 17 January 2026 20:11:18 https://imgur.com/a/QO8JJXB

Miloš Radovanović

Guru

Posts: 569 Points: 1024 Rating: 8645 Authority: 8805 Joined: 30 September 2021

17 January 2026 20:52:03

I don't use AWS for e-mail, but looking at the documentation (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.Certif...) it seems you made the mistake of registering all (intermediate) CA certificates with TB, instead of one root certificate, appropriate for your region. I suggest you remove all AWS certificates from the TB Address Book, identify the correct root one (using the above link as a guide), and register it under Trusted Root CA in the Address Book.

In all the years of using TB, I never needed to register any intermediate certificates.

Daniel van Rooijen Administrator Posts: 1464 Points: 4398 Rating: 3992 Authority: 4068 Joined: 04 September 2003	#5 0 18 January 2026 02:51:40 1) I just sent a test message to that virtualrecruiter@procomservices.com address and it went out without a glitch. I don't know why it gave you a time-out, Eugen. Could it be a temporary problem on their end? 2) Your self-signed certificate seems to have a date issue: It's valid from 10/18/2016 to 10/16/2026. 3) As for the initial failed TLS handshake, could it have something to do with the circumstance, that AWS is no longer having its certificates cross-signed by GoDaddy's Starfield Services? Maybe your SMTP server "email-smtp.eu-west-1.amazonaws.com" still has an old certificate and The Bat isn't accepting it because the cross-signed authority is missing? See: https://aws.amazon.com/blogs/security/acm-will-no-longer-cross-sign-certificates-with-starfield-class-2-starting-august-2024/ 4) Either way, your switching to the Microsoft Crypto-api did seem to solve that problem (maybe it's more lenient), but you still got a time-out after the handshake had been made. Unfortunately, the logs do not seem to offer further information on that. Have you enabled 'Verbose Logging' in Account Properties \| Options, and Sending protocol logging under Account Properties \| Transport \| Protocol Logging? One would think that the time-out is not certificate related because it occurred after the handshake had been completed, but then again, maybe the SMTP server that presented a botched certificate to you, ran into similar problems when it contacted procomservices.com (or its host) to deliver your message. Of course, my interpretation may be way off - I'm not too knowledgeable about transport issues. I volunteer as a moderator to help keep the forum tidy. I do not work for Ritlabs SRL.

Products

Support

News

Company

Community