How to configure a Postfix, Stunnel, and Amazon Simple Email Service (SES) on Ubuntu 14.04

September 28, 2015

This article will cover leveraging Amazon Simple Email Service (SES) in concert with Postfix and Stunnel as a solution for sending email at scale.

Postfix is a open source mail transfer agent (MTA) that is widely used. Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service. Amazon SES is a cost-effective outbound-only email-sending service built on the reliable and scalable infrastructure that Amazon.com has developed to serve its own customer base.

Combining these solutions together creates a flexible and powerful outbound email solution.

Step 0
Time Matters! Make sure you have NTP installed otherwise do the following:

sudo apt-get update
 
sudo ntpdate pool.ntp.org
 
sudo apt-get install ntp

Step 1
Setup AWS SES by doing these steps:

Step 2
Install Stunnel

sudo apt-get update
sudo apt-get install stunnel

Configure stunnel.conf (In this case we are using us-west-2 (Oregon)

cd /etc/stunnel/
sudo vim stunnel.conf
[smtp-tls-wrapper]
accept = 127.0.0.1:1125
client = yes
connect = email-smtp.us-west-2.amazonaws.com:465

Enable Stunnel

cd /etc/default
sudo vim stunnel4
# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003
 
# Change to one to enable stunnel automatic startup
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
 
# Change to one to enable ppp restart scripts
PPP_RESTART=0

Start Stunnel

sudo service stunnel4 restart

Step 3
Install Postfix if it isn’t already
*NOTE Select “Internet Site” and Enter “yourdomain.com” when prompted.

sudo apt-get update
sudo apt-get install postfix
cd /etc/postfix

Configure sender_dependent_relayhost with the sender email address
*Make sure your email addressed being relayed matches what application is sending it.

sudo vim sender_dependent_relayhost
user@yourdomain.com	127.0.0.1:1125

Make your sender_dependent_relayhost.db file

sudo postmap /etc/postfix/sender_dependent_relayhost

Configure /etc/postfix/password with your SES SMTP credentials

sudo vim /etc/postfix/password
127.0.0.1:1125 [SMTP Username]:[SMTP Password]

Set Permissions of /etc/postfix/password

sudo chown root:root /etc/postfix/password
sudo chmod 600 /etc/postfix/password

Make your password.db file

sudo postmap /etc/postfix/password
sudo vim /etc/postfix/main.cf

Configure with these lines /etc/postfix/main.cf:
*You can clear out the default configurations in this file and add the below
*Make sure you put your domain in the myhostname field

myhostname = yourhostnamehere
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =
mydestination = localhost 
inet_protocols = ipv4
inet_interfaces = all

Reload PostFix:

sudo postfix reload

Test your new outbound mail system:

sudo apt-get install mailutils
echo "TEST" | mail -s subject whateveremail@gmail.com

The email should be received to whateveremail@gmail.com from youremail@yourdomain.com via amazonses.com

Things to note when configuring this outbound email system.

  • Make sure the relay address matches the email your app is sending from
  • Make sure you don’t have any firewall rules blocking port 1125
  • Make sure you use the correct SMTP credentials from AWS SES

Happy email sending!

Comments are closed.