1. Thorn Technologies Avatar Thorn Technologies
  2. Products
  3. sftpgateway-public

Wiki

Clone wiki

sftpgateway-public / Configuring Postfix with SES

View History

Status: Draft -- the following instructions work, but only when both sender and recipient are verified email addresses. This is because SES is placed in sandbox mode, until you submit a ticket to AWS to remove restrictions.

EC2 public IP addresses are gray-listed, and your user creation emails will often end up in spam, or blocked by the mail server.

This wiki page shows you how to integrate your EC2 instance with SES, so that your emails get delivered.

This is how it works:

  1. You start with an existing work email or gmail address.
  2. You grant SES the ability to "Send As" this address
  3. The EC2 instance generates an email with your email address in the From field
  4. SES relays this email to the recipient

Instructions

Allow SES to spoof your email address

Within the AWS console, navigate to SES > Email addresses

Click Verify new email address

Type in your email address

Check your email, and click the link

Create an IAM user with SMTP credentials

Within the AWS console, navigate to SES > SMTP Settings

Click Create my SMTP Credentials

Click Create

Click Show User SMTP Security Credentials

Save the SMTP credentials, which look something like this:

  • SMTP Username: AKIAI6QMGPHX5K54S6NQ
  • SMTP Password: ApwWh+sIN5AhkMZzvNBdEltXw9ATAf47/C3LSfqPCaD1

Note: SMTP credentials are not the same as IAM access keys.

Within EC2

Elevate your privileges to root

sudo su

Replace sendmail with postfix

yum remove sendmail -y
yum install postfix -y

postfix is much easier to configure.

Edit the main config file

vi /etc/postfix/main.cf

Append the following lines to the end of the file:

relayhost = [email-smtp.us-east-1.amazonaws.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_generic_maps = hash:/etc/postfix/generic

Note: In the first line, change the region us-east-1 to an appropriate value

Edit the master config file

vi /etc/postfix/master.cf

Comment out line 39:

#       -o smtp_fallback_relay=

Create the sasl_password file

vi /etc/postfix/sasl_passwd

Enter the following:

[email-smtp.us-east-1.amazonaws.com]:587 AKIAI6QMGPHX5K54S6NQ:ApwWh+sIN5AhkMZzvNBdEltXw9ATAf47/C3LSfqPCaD1

Make sure you change the region us-east-1, along with the SMTP credentials.

Edit the generic file

vi /etc/postfix/generic

Enter the following:

root@ip-172-31-15-89.localdomain robert.chen@thorntech.com

Make sure you change the IP address. You can type hostname, or refer to your command prompt.

Also, replace the email address with the one you verified earlier.

Run these commands to apply your changes

postmap hash:/etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
postmap /etc/postfix/generic
postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt'
postfix start
postfix reload

Test

Try sending a new key, using addsftpuser. If all goes well, it would have been sent via amazonses.com.

Troubleshooting

If you are not receiving email, check this log file:

/var/log/maillog

If you make any changes to the generic file, you have to re-run postmap /etc/postfix/generic.

And any changes in general will require a postfix reload.

Updated