Configuration of Amazon SES Service with Postfix

Amazon Simple Email Service (SES)

Amazon SES

Before starting with SES implementation process below things should follow to work SES service smoothly.

  • You have to uninstalled Sendmail service.
  • You have to installed Postfix.
  • You are able to successfully send an email using Postfix without Amazon SES from server.
  • You have to verified your "From" address and if your account is still in the sandbox, you have also verified your "To" addresses. For more information Verifying Email Addresses in Amazon SES. [http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html]

Login your aws account and go to "Services->SES".

Once your in SES, you will have to  choose region for SES implementation from below three regions. Currently AWS provide SES service in below Three regions only.

  • US East (N. Virginia)
  • US West (Oregon)
  • EU (Ireland)

After you selecting region, it will gives you Identity Management page.

In navigation bar, click on "Domains option" to verify our domain names for which we are going to use SES Service.

Now click on "Verify New Domain" button and pop up will come to put your domain name under the box and "tick" on generate "DKIM" settings. Click on "verify this domain".

aws-ses

After clicked on verify button you will get the all domain records that you should download on your system.

Add all these record in your DNS once you add the record your SES domain got verified.

aws-ses-records

Amazon ses configuration has been done on AWS console.

Now we start configuration of postfix with Amazon ses.

Before start configuration follow below things :

  • Remove sendmail service.
  • Install Postfix service.

  • Install libsasl2-dev package if not installed.

Integrating AWS SES with Postfix :

Step 1 :

After installing postfix service, open the main.cf file which is usually resides under "/etx/postfix/".

Note : 

We are implementing SES in Virginia region so we used "email-smtp.us-east-1.amazonaws.com" in relayhost. If you want to use a different region, replace all instances of email-smtp.us-west-2.amazonaws.com in these instructions with the SMTP endpoint of the desired region.

For a list of SMTP endpoints, see "Regions and Amazon SES". http://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html

vim /etc/postfix/main.cf

       relayhost = [email-smtp.us-east-1.amazonaws.com]:25

       smtp_sasl_auth_enable = yes

       smtp_sasl_security_options = noanonymous

       smtp_sasl_password_maps =           

       hash:/etc/postfix/sasl_passwd

       smtp_use_tls = yes

       smtp_tls_security_level = encrypt

       smtp_tls_note_starttls_offer = yes

save and close the main.cf file.

Note : Before making any changes to any conf file make sure you backup of those files.

Step 2 : Now open your master.cf file which also in same folder where main.cf file reside.

vim /etc/postfix/master.conf

#comment out the below line by placing # in fron of that line like

-o smtp_fallback_relay=

if this line is not available in master.conf file leave it as it is.

save and close the master.cf file.

Step 3 : Now open "/etc/postfix/sasl_passwd" file and if file is not available then create it and add below entry in this file.

vim /etc/postfix/sasl_passwd

email-smtp.us-east-1.amazonaws.com:25 AWS_ACCESS_KEY:AWS_SECRET_KEY

Save and close the file.

For AWS_Access_key and AWS_Secret_key you need to generate smtp credentials on Amazon.

So go to the "SMPT Settings" and click on "Create My SMTP Credentials". it will generate credentials for you. Make sure you save these credentials save somewhere and also download the credentials on your system.

screen3-ses

In the content pane, click Create My SMTP Credentials.

In the Create User for SMTP dialog box, you will see that an SMTP user name has been filled in for you. You can accept this suggested user name or enter a different one. To proceed, click Create.

aws-ses-4

Click Show User SMTP Credentials.

Your SMTP credentials will be displayed on the screen; copy them and store them in a safe place. You can also click Download Credentials to download a file that contains your credentials.

aws-ses-5

You will get the credentials like below,

SMTP Username : AKIAI2UF2E6HR

SMTP Password :  ApzSV6JYWBIVciHfQb34nIHJtbRCWqf


Use this credentials in sasl_passwd file.

Step 4 : At the command prompt, run the following command to create a hashmap database file containing your SMTP credentials.

  • postmap hash:/etc/postfix/sasl_passwd

Step 5 : Now change the Owner and permission of files for security reasons because these files are not in encrypted format so we should protect them as much as possible.

  • chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
  • chmod 0600     /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Step 6 : We need to provide the path of CA Certificate which is use to verify the Amazon SES server certificate. You can use the self-signed certificate or use default certificate path.

Here we are using default ca certificate path.

  • postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'


Step 7: After finished updating the configuration, stop and start postfix service by terminal,

  • /etc/init.d/postfix stop
  • /etc/init.d/postfix start
  • /etc/init.d/postfix status

Step 8 : Send test email by using following command at a terminal, press enter after each line. Note one thing you have to use "from" email address which was verified by Amazon SES. and use "To" address on which you want to send the mail.

sendmail -f from@example.com to@example.com

From: from@example.com

Subject: Test

This email was sent through Amazon SES!

. {Quit}

Step 9 : Check your inbox for email. if mail was not delivered then check into your spam directory or check log file "/var/log/mail.log" for errors.

For example, you will get an "Email address not verified" error if you have not verified the "From" address that follows "-f" on the command line.

I hope you guys like the above article if you have any doubts or queries then comment down below under the comment box.

AWS more post :

Latest Comments
  1. Manoj Suryavanshi September 11, 2016
  2. Rajput October 25, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *