When running Keycloak on an AWS EC2 instance, like my own deployment at keycloak.maksonlee.com, you’ll likely want to enable features like:
- Email verification
- Password reset
- Admin notifications
In this guide, I’ll walk you through configuring Keycloak to send emails using Zoho Mail via SMTP, based on my earlier post:
How to Set Up Free Email with Zoho Mail and Your Custom Domain Using Cloudflare DNS
Prerequisites
- Keycloak is accessible at
https://keycloak.maksonlee.com - You’ve set up Zoho Mail with your custom domain (e.g.,
admin@maksonlee.com) - Your EC2 instance allows outbound traffic on ports
465and587 - You have a Zoho app password for SMTP access (not your main Zoho login)
Configure SMTP in Keycloak Admin Console
- Open your browser and go to:
https://keycloak.maksonlee.com - Log in as an admin and select the target Realm.
- Go to Realm settings → Email.
- Fill in the form as follows:
Template
| Field | Value |
|---|---|
| From | admin@maksonlee.com |
| From display name | Makson Keycloak (optional) |
| Reply to | admin@maksonlee.com (optional) |
| Reply to display name | Makson Support (optional) |
| Envelope from | admin@maksonlee.com (optional) |
Connection & Authentication
| Field | Value |
|---|---|
| Host | smtp.zoho.com |
| Port | 587 |
| Enable SSL | Disabled |
| Enable StartTLS | Enabled |
| Authentication | Enabled |
| Username | admin@maksonlee.com |
| Authentication Type | Password |
| Password | <your Zoho app password> |
- Click Test Connection to confirm that SMTP works.
AWS EC2-Specific Notes
- AWS blocks port 25 by default. Use port 587 with StartTLS for maximum compatibility.
- Ensure your EC2 Security Group allows outbound traffic to:
smtp.zoho.com:587 - You don’t need to open any inbound ports for SMTP.