First step is to have a verified domain in the AWS SES. To verify a domain navigate to SES console click on Domains then click on Verify a New Domain mention the domain name, check the Generate DKIM Settings and click on Verify this Domain. SES will generate a set of DNS records TXT and CNAME. You need to add these records to your DNS provider. After you have added these records to your DNS SES will auto detects and verifies your domain and if you use Route53 domain can be verified quickly otherwise it may take some time.

Creating an SMTP User

After the domain is verified the next step is to create an SMTP user which will be used by Postfix to authenticate against SES and send emails.
Navigate to AWS SES click on SMTP Settings on left side of window.
Note down Server Name and Port details.
Click on Create my SMTP Credentials.
Give SMTP user a Name otherwise default name will be applied and click Create.
It will create the user and it’s credentials click Download Credentials.
Download and keep these credentials in a safe place.

That is all we need to do from the AWS Console. Next step is to configure the Ubuntu machine on premises or EC2 the config is same.

Configure Postfix with SES on Ubuntu.

Install Postfix by running the following command, mailutils allows us to send emails from linux command line and good for testing.

$ sudo apt install postfix mailutils -y

Choose mail server configuration type as: Internet Site
Choose System Mail Name as default, hostname.
After that it will install the Postfix and configuration files can be found in /etc/postfix

Creating sasl_passwd file to store SES endpoint and SMTP user details.
I prefer to use 587 port as sometimes 25 may create issues.

ses-endpoint:port smtp-user:smtp-user-password

Creating Canonical file. Hostname to domain mapping.

@hostname @verified_domain_name

Creating Virtual file. Local username mapping with hostname, mention all the users that will be sending emails in following format.

@user_name user_name@hostname

Creating hash for above 3 files. Use the following command

sudo postmap hash:/etc/postfix/sasl_passwd
sudo postmap hash:/etc/postfix/canonical
sudo postmap hash:/etc/postfix/virtual

/etc/postfix/main.cf is the configuration file we will edit next so you can take it’s backup first.

Edit/Add the following lines to the main.cf file.

relayhost = ses-endpoint:port
virtual_alias_maps = hash:/etc/postfix/virtual
sender_canonical_maps = hash:/etc/postfix/canonical
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Save the main.cf file and restart the Postfix service.

$ sudo service postfix restart

Once Postfix is restarted it will load all of the configuration and is ready to send emails.

If your account is new and you are facing following error in /var/log/mail.log while sending emails, it is because your SES account is in sanbox mode and you can send emails only to verified email addresses.

you can raise a Service limit increase support ticket in your AWS account to get out of the Sandbox environment.