Setup Amazon SES with Postfix

Visits: 2687

BE SURE!!! to back up your ec2 as an image  from in the AWS Web UI console.

The Best way to have a completely secure Postfix server tnat can use ses, is to install our simple to install EC2 including Roundcube WebMail. Check it out AWS Marketplace: Mail Server on Linux Postfix using MySQL for tons of users (amazon.com)

 

create useless sasl file for those who want AWS SES · Issue #4 · montgomery-auber/postfix-containerized (github.com)

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html?icmpid=docs_ses_console

sudo postconf -e “relayhost = [email-smtp.us-west-2.amazonaws.com]:587” \
“smtp_sasl_auth_enable = yes” \
“smtp_sasl_security_options = noanonymous” \
“smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd” \
“smtp_use_tls = yes” \
“smtp_tls_security_level = encrypt” \
“smtp_tls_note_starttls_offer = yes”

Lines got connect using postconf

In a text editor, open the file /etc/postfix/sasl_passwd. If the file doesn’t already exist, create it.

Add the following line to /etc/postfix/sasl_passwd:

[email-smtp.us-west-2.amazonaws.com]:587 SMTPUSERNAME:SMTPPASSWORD

At a command prompt, type the following command to create a hashmap database file containing your SMTP credentials:

sudo postmap hash:/etc/postfix/sasl_passwd

 

email-smtp.us-east-2.amazonaws.com

SMTP Username:
LongNAME
SMTP Password:
CONFUSINGPassword

Add the following line to /etc/postfix/sasl_passwd:

email-smtp.us-west-2.amazonaws.com:587 LONGSECRET

 

The postconf command was combining the last line of the previous main.cf with one of the lines in the command below. This is because the main.cf did not have a line ending at the end of the file.

docker exec -it postfix postconf -e “relayhost = email-smtp.us-east-2.amazonaws.com:587” \
“smtp_sasl_auth_enable = yes” \
“smtp_sasl_security_options = noanonymous” \
“smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd” \
“smtp_use_tls = yes” \
“smtp_tls_security_level = encrypt” \
“smtp_tls_note_starttls_offer = yes” ### THis line got smushed by postconf

 

The smushed line looked like this

smtpd_tls_auth_only = yessmtp_tls_note_starttls_offer = yes

the first half of the line is not part of the postconf command

Ask permission

You need to request from AWS to allow you to send emails via SES. They apporve you as long as it’s clear that you wont send spam.

Quota details – Sending quota | AWS Service Quotas (amazon.com)

 

It is best to use SES to send emails, however the server is setup to send emails too.

In order to send email via SES you need to get permission as well as to add the addresses and domains.

See:

Integrating Amazon SES with Postfix – Amazon Simple Email Service

 

when running postconf the last line without line ending gets combined with one of the lines in the postconf command
“`

docker exec -it postfix postconf -e \
“relayhost = email-smtp.us-east-1.amazonaws.com:587” \
“smtp_sasl_auth_enable = yes” \
“smtp_sasl_security_options = noanonymous” \
“smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd” \
“smtp_use_tls = yes” \
“smtp_tls_security_level = encrypt” \
“smtp_tls_note_starttls_offer = yes”

“`

the above would end up looking like

`
smtpd_tls_auth_only = yes
inet_protocols = ipv4smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
relayhost = email-smtp.us-east-1.amazonaws.com:587
smtp_sasl_auth_enable = yes
`
The line starting with inet_protocols got combined

 

See – Add line ending to the end of /etc/postfix/main.cf · Issue #3 · montgomery-auber/postfix-containerized (github.com)

 

 

The line starting with inet_protocols got combined

The solution was to add the last line to the postconf command , then it worked.

```

docker exec -it postfix postconf -e \
"inet_protocols = ipv4"  \
 "relayhost = email-smtp.us-east-1.amazonaws.com:587" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes" 

Instructions to add aws ses support to postfix, based on:
http://www.postfix.org/SASL_README.html

To make this possible, Postfix supports per-sender SASL passwords and per-sender relay hosts. In the example below, the Postfix SMTP client will search the SASL password file by sender address before it searches that same file by destination. Likewise, the Postfix trivial-rewrite(8) daemon will search the per-sender relayhost file, and use the default relayhost setting only as a final resort.

/etc/postfix/main.cf:
    smtp_sender_dependent_authentication = yes
    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    relayhost = [mail.isp.example]
    # Alternative form:
    # relayhost = [mail.isp.example]:submission
/etc/postfix/sasl_passwd:
    # Per-sender authentication; see also /etc/postfix/sender_relay.
    user1@example.com               username1:password1
    user2@example.net               username2:password2
    # Login information for the default relayhost.
    [mail.isp.example]              username:password
    # Alternative form:
    # [mail.isp.example]:submission username:password
/etc/postfix/sender_relay:
    # Per-sender provider; see also /etc/postfix/sasl_passwd.
    user1@example.com               [mail.example.com]:submission
    user2@example.net               [mail.example.net]

http://www.postfix.org/postconf.5.html
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html