This article will cover leveraging Amazon Simple Email Service (SES) in concert with Postfix and Stunnel as a solution for sending email at scale.
Postfix is a open source mail transfer agent (MTA) that is widely used. Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service. Amazon SES is a cost-effective outbound-only email-sending service built on the reliable and scalable infrastructure that Amazon.com has developed to serve its own customer base.
Combining these solutions together creates a flexible and powerful outbound email solution.
Step 0
Time Matters! Make sure you have NTP installed otherwise do the following:
sudo apt-get update sudo ntpdate pool.ntp.org sudo apt-get install ntp |
Step 1
Setup AWS SES by doing these steps:
Step 2
Install Stunnel
sudo apt-get update sudo apt-get install stunnel |
Configure stunnel.conf (In this case we are using us-west-2 (Oregon)
cd /etc/stunnel/ sudo vim stunnel.conf |
[smtp-tls-wrapper] accept = 127.0.0.1:1125 client = yes connect = email-smtp.us-west-2.amazonaws.com:465 |
Enable Stunnel
cd /etc/default sudo vim stunnel4 |
# /etc/default/stunnel # Julien LEMOINE <speedblue@debian.org> # September 2003 # Change to one to enable stunnel automatic startup ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0 |
Start Stunnel
sudo service stunnel4 restart |
Step 3
Install Postfix if it isn’t already
*NOTE Select “Internet Site” and Enter “yourdomain.com” when prompted.
sudo apt-get update sudo apt-get install postfix cd /etc/postfix |
Configure sender_dependent_relayhost with the sender email address
*Make sure your email addressed being relayed matches what application is sending it.
sudo vim sender_dependent_relayhost |
user@yourdomain.com 127.0.0.1:1125 |
Make your sender_dependent_relayhost.db file
sudo postmap /etc/postfix/sender_dependent_relayhost |
Configure /etc/postfix/password with your SES SMTP credentials
sudo vim /etc/postfix/password |
127.0.0.1:1125 [SMTP Username]:[SMTP Password] |
Set Permissions of /etc/postfix/password
sudo chown root:root /etc/postfix/password sudo chmod 600 /etc/postfix/password |
Make your password.db file
sudo postmap /etc/postfix/password |
sudo vim /etc/postfix/main.cf |
Configure with these lines /etc/postfix/main.cf:
*You can clear out the default configurations in this file and add the below
*Make sure you put your domain in the myhostname field
myhostname = yourhostnamehere sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/password smtp_sasl_security_options = mydestination = localhost inet_protocols = ipv4 inet_interfaces = all |
Reload PostFix:
sudo postfix reload |
Test your new outbound mail system:
sudo apt-get install mailutils echo "TEST" | mail -s subject whateveremail@gmail.com |
The email should be received to whateveremail@gmail.com from youremail@yourdomain.com via amazonses.com
Things to note when configuring this outbound email system.
- Make sure the relay address matches the email your app is sending from
- Make sure you don’t have any firewall rules blocking port 1125
- Make sure you use the correct SMTP credentials from AWS SES
Happy email sending!