Integrating Amazon SES with Postfix (relayhost)

1.Prerequisites

Before you complete the procedures in this section, you have to perform the following tasks:

  • Uninstall Sendmail, if it’s already installed on your system. The procedure for completing this step varies depending on the operating system you use.
  • Install Postfix. The procedure for completing this step varies depending on the operating system you use.
  • Install a SASL authentication package. The procedure for completing this step varies depending on the operating system you use. For example, if you use a RedHat-based system, you should install the cyrus-sasl-plain package. If you use a Debian- or Ubuntu-based system, you should install the libsasl2-modules package.
  • Verify an email address or domain to use for sending email. For more information, see Verifying email addresses in Amazon SES.

If your account is still in the sandbox, you can only send email to verified email addresses. For more information, see Moving out of the Amazon SES sandbox.

2.Configuring Postfix

Complete the following procedures to configure your mail server to send email through Amazon SES using Postfix.

To configure Postfix

  • At the command line, type the following command:

sudo postconf -e “relayhost = [email-smtp.us-west-2.amazonaws.com]:587″ \

“smtp_sasl_auth_enable = yes” \

“smtp_sasl_security_options = noanonymous” \

“smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd” \

“smtp_use_tls = yes” \

“smtp_tls_security_level = encrypt” \

“smtp_tls_note_starttls_offer = yes”

Note
If you use Amazon SES in an AWS Region other than US West (Oregon), replace email-smtp.us-west-2.amazonaws.com in the preceding command with the SMTP endpoint of the appropriate region. For more information, see Regions and Amazon SES.

  • In a text editor, open the file /etc/postfix/master.cf. Search for the following entry:

-o smtp_fallback_relay=

If you find this entry, comment it out by placing a # (hash) character at the beginning of the line. Save and close the file.
Otherwise, if this entry isn’t present, proceed to the next step.

  • In a text editor, open the file /etc/postfix/sasl_passwd. If the file doesn’t already exist, create it.
  • Add the following line to /etc/postfix/sasl_passwd:

[email-smtp.us-west-2.amazonaws.com]:587 SMTPUSERNAME:SMTPPASSWORD

Note
Replace SMTPUSERNAME and SMTPPASSWORD with your SMTP username and password, respectively. Your SMTP user name and password aren’t the same as your AWS access key ID and secret access key. For more information about credentials, see Obtaining your Amazon SES SMTP credentials.
If you use Amazon SES in an AWS Region other than US West (Oregon), replace email-smtp.us-west-2.amazonaws.com in the example above with the SMTP endpoint of the appropriate region. For more information, see Regions and Amazon SES.
Save and close sasl_passwd.

  • At a command prompt, type the following command to create a hashmap database file containing your SMTP credentials:

sudo postmap hash:/etc/postfix/sasl_passwd

  • (Optional) The /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db files you created in the previous steps aren’t encrypted. Because these files contain your SMTP credentials, we recommend that you modify the files’ ownership and permissions in order to restrict access to them. To restrict access to these files:
    1. At a command prompt, type the following command to change the ownership of the files:
    2. sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
    3. At a command prompt, type the following command to change the permissions of the files so that only the root user can read or write to them:
    4. sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

. Tell Postfix where to find the CA certificate (needed to verify the Amazon SES server    certificate). The command you use in this step varies based on your operating system.

sudo postconf -e ‘smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt’  

After you generate the certificate, type the following command:

sudo postconf -e ‘smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt’

  • Type the following command to start the Postfix server (or to reload the configuration settings if the server is already running):

sudo postfix start; sudo postfix reload

  • Send a test email by typing the following at a command line, pressing Enter after each line. Replace sender@example.com with your From email address. The From address has to be verified for use with Amazon SES. Replace recipient@example.com with the destination address. If your account is still in the sandbox, the recipient address also has to be verified. Finally, the final line of the message has to contain a single period (.) with no other content.

sendmail -f sender@example.com recipient@example.com

From: Sender Name <sender@example.com>

Subject: Amazon SES Test                

This message was sent using Amazon SES.

  • Check the mailbox associated with the recipient address. If the email doesn’t arrive, check your junk mail folder. If you still can’t locate the email, check the mail log on the system that you used to send the email (typically located at /var/log/maillog) for more information.

Leave a Reply

Your email address will not be published. Required fields are marked *