This article will cover leveraging Amazon Simple Email Service (SES) in concert with Postfix and Stunnel as a solution for sending email at scale.
Postfix is a open source mail transfer agent (MTA) that is widely used. Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service. Amazon SES is a cost-effective outbound-only email-sending service built on the reliable and scalable infrastructure that Amazon.com has developed to serve its own customer base.
Combining these solutions together creates a flexible and powerful outbound email solution.
Step 0
Time Matters! Make sure you have NTP installed otherwise do the following:
sudo apt-get update
sudo ntpdate pool.ntp.org
sudo apt-get install ntp
Step 1
Setup AWS SES by doing these steps:
Step 2
Install Stunnel
sudo apt-get update
sudo apt-get install stunnel
Configure stunnel.conf (In this case we are using us-west-2 (Oregon)
cd /etc/stunnel/
sudo vim stunnel.conf
[smtp-tls-wrapper]
accept = 127.0.0.1:1125
client = yes
connect = email-smtp.us-west-2.amazonaws.com:465
Enable Stunnel
cd /etc/default
sudo vim stunnel4
# /etc/default/stunnel
# Julien LEMOINE
# September 2003
# Change to one to enable stunnel automatic startup
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
# Change to one to enable ppp restart scripts
PPP_RESTART=0
Start Stunnel
sudo service stunnel4 restart
Step 3
Install Postfix if it isn’t already
*NOTE Select “Internet Site” and Enter “yourdomain.com” when prompted.
sudo apt-get update
sudo apt-get install postfix
cd /etc/postfix
Configure sender_dependent_relayhost with the sender email address
*Make sure your email addressed being relayed matches what application is sending it.
sudo vim sender_dependent_relayhost
user@yourdomain.com 127.0.0.1:1125
Make your sender_dependent_relayhost.db file
sudo postmap /etc/postfix/sender_dependent_relayhost
Configure /etc/postfix/password with your SES SMTP credentials
sudo vim /etc/postfix/password
127.0.0.1:1125 [SMTP Username]:[SMTP Password]
Set Permissions of /etc/postfix/password
sudo chown root:root /etc/postfix/password
sudo chmod 600 /etc/postfix/password
Make your password.db file
sudo postmap /etc/postfix/password
sudo vim /etc/postfix/main.cf
Configure with these lines /etc/postfix/main.cf:
*You can clear out the default configurations in this file and add the below
*Make sure you put your domain in the myhostname field
myhostname = yourhostnamehere
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =
mydestination = localhost
inet_protocols = ipv4
inet_interfaces = all
Reload PostFix:
sudo postfix reload
Test your new outbound mail system:
sudo apt-get install mailutils
echo "TEST" | mail -s subject whateveremail@gmail.com
The email should be received to whateveremail@gmail.com from youremail@yourdomain.com via amazonses.com
Things to note when configuring this outbound email system.
- Make sure the relay address matches the email your app is sending from
- Make sure you don’t have any firewall rules blocking port 1125
- Make sure you use the correct SMTP credentials from AWS SES
Happy email sending!