Configuring server to relay email through Amazon SES (Simple Email Service)
Configuring server to relay email through Amazon SES will provide easy, real-time access to our sending statistics. It has built-in notifications for bounces, complaints, and deliveries which helps us fine-tune our email-sending strategy.
Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail.
Amazon Simple Email Service
Amazon SES is a cost-effective outbound-only email-sending service which is reliable and scalable.. With SES, we can send transactional email, marketing messages, or any other type of high-quality content and we get carged only for what we use.
Demo
In this demo, we will be integrating Amazon’s SES and postfix on a server i.e. all the mails from the server will be sent via the SES server.
To know advantages of using AWS SES, visit this link:
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/throughput-problems.html
Use-Case
Sending a mail from a php application (php script) to the developer side or System Administrator, hence automating the alert in case of success/failure.
SMTP Support for the Amazon Simple Email Service (SES) is very useful. Now we can configure our server to send email through it regardless of what platform our site is built.
There are 3 main things you need to do to configure your Postfix server to relay email through SES:
- Verify a sender email address
- Create an IAM user for SMTP
- Configure your server to use SES.
Prerequisites
Before you perform the following procedures, verify the following:
- You have installed Postfix.
sudo apt-get install postfix
- In case, you have Sendmail installed, it can be uninstalled by:
sudo apt-get remove sendmail apt-get purge sendmail
- You are able to successfully send an email using Postfix without Amazon SES.
- You have verified your “From” address and, if you do not yet have production access, you have also verified your “To” addresses.
For steps to verify a sender & reciever (as in our case, we don’t have Production access).
*In accounts with production access, we just need to verify sender’s email.
1. In the SES section of the AWS Management Console, in Verified Senders click on “Email Addresses”:
2. Then click on the “Verify a New Email Address” button.
3. Enter the Sender’s Email Address and click “Verify This Email Address”.
4. Then you’ll see a confirmation message “Verification Email Sent:
4. Go to that email account and click on the link Amazon will email to you to confirm the address.Click on the verification link to verify the email address.
5. You should see the following screen, with both sender’s and receiver’s Email as verified.
To configure integration with the Amazon SES US East (Virginia) endpoint using STARTTLS
1. On your mail server, go to the /etc/postfix folder and open the main.cf file.
2. Add the following lines to the main.cf file, setting relayhost to the SMTP endpoint of the AWS region we are using.
relayhost = [email-smtp.us-east-1.amazonaws.com]:25 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes
Save and close the main.cf file.
3. Now, open the master.cf file. This file resides in the /etc/postfix folder.
4. Comment out the following line of the master.cf file by putting a # in front of it:
-o smtp_fallback_relay=
Save and close the master.cf file.
5. Edit the /etc/postfix/sasl_passwd file. If the file does not exist, create it. Add the following lines to the file, replacing USERNAME and PASSWORD with your SMTP user name and password. Now this is where it gets confusing, you will want to create a SMTP User from the SES Console at:
https://console.aws.amazon.com/ses/home?#smtp-settings
We will create a user here and be presented with the following Window (not from the IAM Console ):
Go to the services tab (in your AWS Console) and select SES.
Select SMTP Settings from the left pane.
Click on Create My SMTP Credentials.
Enter the user we wish to create (or leave it as default).We have given it a name ses-MyUser
Click on Create
The next screen will look like this:
The SMTP Username & SMTP Password is what we require ( we may download it as well, for future use).
Please NOTE: These credentials are an example and are now invalid, please do not use them.
email-smtp.us-east-1.amazonaws.com:25 USERNAME:PASSWORD ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 USERNAME:PASSWORD
So it would be something like:
email-smtp.us-east-1.amazonaws.com:25 AXXXXXXXXXXXXXXXXXX:AXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 AXXXXXXXXXXXXXXX:AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Important
Use your SMTP user name and password, not your AWS access key ID and secret access key. Your SMTP credentials and your AWS credentials are not the same.
6. Save and close the sasl_passwd file.
7. At a command prompt, issue the following command to create a hashmap database file containing your SMTP credentials.
sudo postmap hash:/etc/postfix/sasl_passwd
8. (Optional but recommended) Remove the /etc/postfix/sasl_passwd file.
9. (Optional but recommended) The /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db files you created in the previous steps are not encrypted. Because these files contain your SMTP credentials, it is a good idea to use the following commands to change the owner to root and set permissions to restrict access to the files as much as possible. (Note that if you deleted /etc/postfix/sasl_passwd in the previous step, you should omit it from the commands below.)
sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
10. Tell Postfix where to find the CA certificate (needed to verify the Amazon SES server certificate). We could also have used a self-signed certificate. We would use default certificates as follows:
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
11. When we have finished updating the configuration, we will stop and start Postfix by typing the following at the command line:
sudo postfix stop sudo postfix start
12. Create a simple php script to send a mail.
<?php
$to = ‘aankitgiri@gmail.com’;
$subject = ‘the subject’;
$message = ‘hello’;
$headers = ‘From: ankit.giri@intelligrape.com’ . “\r\n” .
‘Reply-To: ankit.giri@intelligrape.com’ . “\r\n” .
‘X-Mailer: PHP/’ . phpversion();
mail($to, $subject, $message, $headers);
?>
13. Check your inbox for the email. If the message was not delivered, check your Junk box, and then check your system’s mail log (typically /var/log/maillog) for errors. For example, you will get an “Email address not verified” error if you have not verified the “From” address.
So, now we have successfully configured our server to send mails through Amazon SES. Hope this helps.
This is very innovative and informative also useful Article. Thank you for sharing this Article.
Hi Ankit, I did followed all the steps as mentioned , but somehow even after setting up the relay server, I’m not getting those emails. I checked the logs (/var/log/maillog)as well, and it was success and the count on “send emails” was also increased in AWS SES.
Can you suggest what could be reason? or where can I looks for error, any other specific log
nice blog thankyou! my question is if a user reply to our our register email, so it possible that we can read his email or forward an auto generated email that don’t send email to this mail address message back to mail address.
Hey Anup,
Thanks 🙂 Amazon SES is just a service that provides a fully-managed mail server. So, the mail id “ankit.giri@intelligrape.com” we have used to send the mail will receive the reply mail from the user. Hence, we can read his email and even choose to send an auto-generated mail from our own e-mail account. But this has to be done on the e-mail service provider we are using and not Amzon SES.