One of the challenges of running web servers “in the cloud” is that they can have somewhat random IP addresses assigned to them. This can be an advantage if you’re a spammer intent on renting an IP address for a few hours to blast a few thousand emails from. As a result, many of the IP addresses associated with Amazon’s EC2 instances are already flagged as spam-generators, even though the actual spam generator has moved on. So how can we send legitimate email from out web server if it’s been flagged around the world as a spammer? The answer is to use Amazon’s Simple Email Service (SES) to send the actual mail. Below I’ll show you how to configure Postfix (a popular MTA on linux servers) to use Amazon’s SES.
I’ve cribbed much of this document from other sources on the Internet. I’ll post some useful links at the bottom that were used as sources.
I’ll assume you’re using Ubuntu as a server, since that’s what I use. If not, you should be able to find the required packages in your distribution of choice.
We’ll need the following packages. If installing postfix prompts for a type of server, choose “Internet with Smarthost” and set the smarthost to localhost.
apt-get install postfix
apt-get install libsasl2-2
apt-get install libsasl2-modules
apt-get install ca-certificates
Next we’ll want to configure Postfix. Edit your /etc/postfix/main.cf file and set the following options:
relayhost = email-smtp.us-east-1.amazonaws.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/postfix/cacert.pem
For the next step, you’ll need the username and password hashes that Amazon provides you when you configure a new SMTP sending account. They’ll look something like this:
Now create the sasl_passwd file in /etc/postfix with the following format:
chmod it to 0400 and run the following command to create the username database for postfix:
Next well create the postfix certificate. Just run this command:
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem
Now you should be able to restart postfix and send email. Note that your From: address on any outgoing mail still needs to be verified by Amazon before it can be used, and you’ll still be subject to all the same TOS agreements that you would when using their other interfaces.
I hope you’ve found this useful.
By the way since Amazon SES now support STARTTLS, we did not have to use stunnel in this guide.
And now to test your setup, do the follow:
apt-get install mailutils Your machine should now have the ability to send email from the command line. Test it. echo "test" | mail email@example.com
That’s All Folks!