Relay Email via Amazon SES

4

Issue

I’d like to relay all my Ubuntu 22.04 email through Amazon SES.

FYI

Use at your own risk. Like seriously, do some research prior to implementing any of this into your own environment. Consider factors like costs, scalability, etc.

Solution

To relay all your email through Amazon SES (Simple Email Service) on an Ubuntu 22.04 server, you will need to:

  1. Set up an Amazon SES account and verify your email/domain.
  2. Install and configure Postfix to relay email through SES.
  3. Ensure proper authentication and security configurations.

Here are the detailed steps:

1. Set up Amazon SES

Sign up for AWS and SES

  1. Sign in to AWS: If you don’t already have an AWS account, create one at AWS Sign-Up.
  2. Navigate to SES: Go to the SES dashboard in the AWS Management Console.

Verify Email/Domain

  1. Verify an Email Address:
    • Go to the SES console.
    • In the left pane, click “Email Addresses”.
    • Click “Verify a New Email Address”.
    • Enter your email address and click “Verify This Email Address”.
    • Check your email and follow the verification link.
  2. Verify a Domain (recommended for sending from multiple addresses):
    • Go to the SES console.
    • In the left pane, click “Domains”.
    • Click “Verify a New Domain”.
    • Enter your domain name.
    • Follow the instructions to add a DNS record to your domain’s DNS settings.

Obtain SMTP Credentials

  1. Create SMTP Credentials:
    • Go to the SES console.
    • In the left pane, click “SMTP Settings”.
    • Click “Create My SMTP Credentials”.
    • Follow the prompts to create a new IAM user with SES permissions.
    • Download or copy the SMTP credentials (SMTP username and password).

2. Install and Configure Postfix

Install Postfix

Open a terminal on your Ubuntu server and install Postfix:

sudo apt update
sudo apt install postfix

During installation, choose “Internet Site” and set the system mail name to your domain name (e.g., example.com).

Configure Postfix

Edit the Postfix configuration file:

sudo nano /etc/postfix/main.cf

Add or modify the following lines to configure Postfix to use Amazon SES as a relay host:

relayhost = [email-smtp.us-east-1.amazonaws.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes

Replace email-smtp.us-east-1.amazonaws.com with the correct SES SMTP endpoint for your region. You can find the list of SMTP endpoints in the Amazon SES documentation.

Create the SASL Password File

Create and edit the SASL password file:

sudo nano /etc/postfix/sasl_passwd

Add the following line, replacing the SMTP endpoint, username, and password with your SES SMTP details:

[email-smtp.us-east-1.amazonaws.com]:587 YOUR_SES_SMTP_USERNAME:YOUR_SES_SMTP_PASSWORD

Secure the file permissions:

sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

Restart Postfix

Restart the Postfix service to apply the changes:

sudo systemctl restart postfix

3. Ensure Proper Authentication and Security

SPF and DKIM

  1. SPF: Add an SPF record to your DNS to authorize Amazon SES to send emails on behalf of your domain. Example SPF record:
   v=spf1 include:amazonses.com ~all
  1. DKIM: Enable DKIM in the SES console for your domain to sign your emails. Follow the instructions in the SES console to add the necessary DNS records.

Testing

Send a test email to ensure everything is configured correctly:

echo "Test email body" | mail -s "Test email subject" your-email@example.com

Check the recipient’s inbox and the /var/log/mail.log file on your server for any errors.

Summary

  1. Sign up for Amazon SES and verify your email or domain.
  2. Install and configure Postfix to relay through SES.
  3. Ensure SPF and DKIM are properly set up.

This setup ensures your emails are securely relayed through Amazon SES, leveraging its robust infrastructure.

Disclaimer

The information provided in this blog post is for educational and informational purposes only. The steps and instructions are based on personal experience and research, and are intended to help users configure email relaying through Amazon SES on Ubuntu 22.04.

No Warranty: The author and publisher make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the information, products, services, or related graphics contained in this blog post for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

Limitation of Liability: In no event will the author or publisher be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this blog post.

External Links: Through this blog post, you are able to link to other websites which are not under the control of the author. We have no control over the nature, content, and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

By using the information in this blog post, you agree to the terms of this disclaimer. If you do not agree to these terms, please do not use the information provided.

Discover more from Jorge Saldívar

Subscribe now to keep reading and get access to the full archive.

Continue reading