Wiki
Clone wikisftpgateway-public / Configuring Postfix with SES
Status: Draft -- the following instructions work, but only when both sender and recipient are verified email addresses. This is because SES is placed in sandbox mode, until you submit a ticket to AWS to remove restrictions.
EC2 public IP addresses are gray-listed, and your user creation emails will often end up in spam, or blocked by the mail server.
This wiki page shows you how to integrate your EC2 instance with SES, so that your emails get delivered.
This is how it works:
- You start with an existing work email or gmail address.
- You grant SES the ability to "Send As" this address
- The EC2 instance generates an email with your email address in the
From
field - SES relays this email to the recipient
Instructions
Allow SES to spoof your email address
Within the AWS console, navigate to SES > Email addresses
Click Verify new email address
Type in your email address
Check your email, and click the link
Create an IAM user with SMTP credentials
Within the AWS console, navigate to SES > SMTP Settings
Click Create my SMTP Credentials
Click Create
Click Show User SMTP Security Credentials
Save the SMTP credentials, which look something like this:
- SMTP Username: AKIAI6QMGPHX5K54S6NQ
- SMTP Password: ApwWh+sIN5AhkMZzvNBdEltXw9ATAf47/C3LSfqPCaD1
Note: SMTP credentials are not the same as IAM access keys.
Within EC2
Elevate your privileges to root
sudo su
Replace sendmail
with postfix
yum remove sendmail -y yum install postfix -y
postfix
is much easier to configure.
Edit the main
config file
vi /etc/postfix/main.cf
Append the following lines to the end of the file:
relayhost = [email-smtp.us-east-1.amazonaws.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes smtp_generic_maps = hash:/etc/postfix/generic
Note: In the first line, change the region us-east-1
to an appropriate value
Edit the master
config file
vi /etc/postfix/master.cf
Comment out line 39:
# -o smtp_fallback_relay=
Create the sasl_password
file
vi /etc/postfix/sasl_passwd
Enter the following:
[email-smtp.us-east-1.amazonaws.com]:587 AKIAI6QMGPHX5K54S6NQ:ApwWh+sIN5AhkMZzvNBdEltXw9ATAf47/C3LSfqPCaD1
Make sure you change the region us-east-1
, along with the SMTP credentials.
Edit the generic
file
vi /etc/postfix/generic
Enter the following:
root@ip-172-31-15-89.localdomain robert.chen@thorntech.com
Make sure you change the IP address. You can type hostname
, or refer to your command prompt.
Also, replace the email address with the one you verified earlier.
Run these commands to apply your changes
postmap hash:/etc/postfix/sasl_passwd chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db postmap /etc/postfix/generic postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt' postfix start postfix reload
Test
Try sending a new key, using addsftpuser
. If all goes well, it would have been sent via amazonses.com
.
Troubleshooting
If you are not receiving email, check this log file:
/var/log/maillog
If you make any changes to the generic file, you have to re-run postmap /etc/postfix/generic
.
And any changes in general will require a postfix reload
.
Updated