First step is to have a verified domain in the AWS SES. To verify a domain navigate to SES console click on Domains then click on Verify a New Domain mention the domain name, check the Generate DKIM Settings and click on Verify this Domain. SES will generate a set of DNS records TXT and CNAME. You need to add these records to your DNS provider. After you have added these records to your DNS SES will auto detects and verifies your domain and if you use Route53 domain can be verified quickly otherwise it may take some time.
Creating an SMTP User
After the domain is verified the next step is to create an SMTP user which will be used by Postfix to authenticate against SES and send emails.
Navigate to AWS SES click on SMTP Settings on left side of window.
Note down Server Name and Port details.
Click on Create my SMTP Credentials.
Give SMTP user a Name otherwise default name will be applied and click Create.
It will create the user and it’s credentials click Download Credentials.
Download and keep these credentials in a safe place.
That is all we need to do from the AWS Console. Next step is to configure the Ubuntu machine on premises or EC2 the config is same.
Configure Postfix with SES on Ubuntu.
Install Postfix by running the following command, mailutils allows us to send emails from linux command line and good for testing.
$ sudo apt install postfix mailutils -y
Choose mail server configuration type as: Internet Site
Choose System Mail Name as default, hostname.
After that it will install the Postfix and configuration files can be found in /etc/postfix
Creating sasl_passwd file to store SES endpoint and SMTP user details.
I prefer to use 587 port as sometimes 25 may create issues.
Creating Canonical file. Hostname to domain mapping.
Creating Virtual file. Local username mapping with hostname, mention all the users that will be sending emails in following format.
Creating hash for above 3 files. Use the following command
sudo postmap hash:/etc/postfix/sasl_passwd sudo postmap hash:/etc/postfix/canonical sudo postmap hash:/etc/postfix/virtual
/etc/postfix/main.cf is the configuration file we will edit next so you can take it’s backup first.
Edit/Add the following lines to the main.cf file.
relayhost = ses-endpoint:port virtual_alias_maps = hash:/etc/postfix/virtual sender_canonical_maps = hash:/etc/postfix/canonical smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Save the main.cf file and restart the Postfix service.
$ sudo service postfix restart
Once Postfix is restarted it will load all of the configuration and is ready to send emails.
If your account is new and you are facing following error in /var/log/mail.log while sending emails, it is because your SES account is in sanbox mode and you can send emails only to verified email addresses.
you can raise a Service limit increase support ticket in your AWS account to get out of the Sandbox environment.