This article will cover leveraging Amazon Simple Email Service (SES) in concert with Postfix and Stunnel as a solution for sending email at scale.
Postfix is a open source mail transfer agent (MTA) that is widely used. Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service. Amazon SES is a cost-effective outbound-only email-sending service built on the reliable and scalable infrastructure that Amazon.com has developed to serve its own customer base.
Combining these solutions together creates a flexible and powerful outbound email solution.
Time Matters! Make sure you have NTP installed otherwise do the following:
sudo apt-get update sudo ntpdate pool.ntp.org sudo apt-get install ntp
Setup AWS SES by doing these steps:
sudo apt-get update sudo apt-get install stunnel
Configure stunnel.conf (In this case we are using us-west-2 (Oregon)
cd /etc/stunnel/ sudo vim stunnel.conf
[smtp-tls-wrapper] accept = 127.0.0.1:1125 client = yes connect = email-smtp.us-west-2.amazonaws.com:465
cd /etc/default sudo vim stunnel4
# /etc/default/stunnel # Julien LEMOINE <firstname.lastname@example.org> # September 2003 # Change to one to enable stunnel automatic startup ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0
sudo service stunnel4 restart
Install Postfix if it isn’t already
*NOTE Select “Internet Site” and Enter “yourdomain.com” when prompted.
sudo apt-get update sudo apt-get install postfix cd /etc/postfix
Configure sender_dependent_relayhost with the sender email address
*Make sure your email addressed being relayed matches what application is sending it.
sudo vim sender_dependent_relayhost
Make your sender_dependent_relayhost.db file
sudo postmap /etc/postfix/sender_dependent_relayhost
Configure /etc/postfix/password with your SES SMTP credentials
sudo vim /etc/postfix/password
127.0.0.1:1125 [SMTP Username]:[SMTP Password]
Set Permissions of /etc/postfix/password
sudo chown root:root /etc/postfix/password sudo chmod 600 /etc/postfix/password
Make your password.db file
sudo postmap /etc/postfix/password
sudo vim /etc/postfix/main.cf
Configure with these lines /etc/postfix/main.cf:
*You can clear out the default configurations in this file and add the below
*Make sure you put your domain in the myhostname field
myhostname = yourhostnamehere sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/password smtp_sasl_security_options = mydestination = localhost inet_protocols = ipv4 inet_interfaces = all
sudo postfix reload
Test your new outbound mail system:
sudo apt-get install mailutils echo "TEST" | mail -s subject email@example.com
The email should be received to firstname.lastname@example.org from email@example.com via amazonses.com
Things to note when configuring this outbound email system.
- Make sure the relay address matches the email your app is sending from
- Make sure you don’t have any firewall rules blocking port 1125
- Make sure you use the correct SMTP credentials from AWS SES
Happy email sending!