Menu
Amazon Simple Email Service
Developer Guide

Integrating Amazon SES with Postfix

Postfix is an alternative to the widely used Sendmail Message Transfer Agent (MTA). For information about Postfix, go to http://www.postfix.org. The procedures in this topic will work with most Linux distributions, as well as most recent versions of macOS.

Prerequisites

Before you perform the following procedure, you must perform the following tasks:

  • Uninstall Sendmail, if it is already installed on your system. The procedures for completing this step will vary based on your operating system.

  • Install Postfix. The procedures for completing this step will vary based on your operating system.

  • Verify your "From" address. If your account is still in the sandbox, you must also verify all of the addresses you want to send to. For more information, see Verifying Email Addresses in Amazon SES.

  • (Optional) If you are sending email through Amazon SES from an Amazon EC2 instance, you may need to assign an Elastic IP Address to your Amazon EC2 instance for the receiving ISP to accept your email. For more information, see Amazon EC2 Elastic IP Addresses.

Part 1: Setting Up a Secure Tunnel to Connect to Amazon SES

The Amazon SES SMTP endpoint requires that all connections be encrypted using Transport Layer Security (TLS).

To set up a secure tunnel using stunnel

  1. Download and install stunnel. For information, go to http://www.stunnel.org.

  2. If you are using Ubuntu Linux, stunnel may require a certificate. To generate the certificate, go to the /etc/stunnel directory. At a command prompt, type the following command:

    Copy
    sudo openssl req -new -out mail.pem -keyout mail.pem -nodes -x509 -days 365
  3. Open or create a file called /etc/stunnel/stunnel.conf.

  4. To configure the secure tunnel, add the following lines to stunnel.conf. For the accept line, specify a port number that is outside the range of reserved ports and is not currently being used. This example uses port 2525 for this purpose.

    These instructions assume that you want to use Amazon SES in the US West (Oregon) AWS Region. If you want to use a different region, replace the instance of email-smtp.us-west-2.amazonaws.com in these instructions with the SMTP endpoint of the desired region. For a list of SMTP endpoints, see Regions and Amazon SES.

    Copy
    [smtp-tls-wrapper] accept = 2525 client = yes connect = email-smtp.us-west-2.amazonaws.com:465 delay = yes
  5. If you are using stunnel version 4.36 or lower, add the following line to stunnel.conf:

    Copy
    sslVersion = TLSv1
  6. If you are using Ubuntu Linux, add the following line to stunnel.conf:

    Copy
    cert = /etc/stunnel/mail.pem
  7. Save stunnel.conf.

  8. At a command prompt, type the following command to start stunnel:

    Copy
    sudo stunnel /etc/stunnel/stunnel.conf
  9. At a command prompt, type the following command to verify that the tunnel has been created. This example uses port 2525; if you are using a different port number, modify the command accordingly.

    Copy
    telnet localhost 2525

    If stunnel is properly configured, you should see output similar to the following:

    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 email-smtp.amazonaws.com ESMTP SimpleEmailService-2370111491 pIEXAMPLEZK8tnKOfuqt0

Part 2: Configuring Postfix

To configure integration using a secure tunnel

  1. In a text editor, open the file /etc/postfix/main.cf.

  2. Add the following lines to main.cf:

    Copy
    relayhost = 127.0.0.1:2525 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_security_level = may smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    Save and close main.cf.

  3. In a text editor, open the file /etc/postfix/master.cf.

  4. In master.cf, locate the line that consists of the following text: -o smtp_fallback_relay=

    Place a number sign (#) at the beginning of the line to comment it out. Save and close master.cf.

  5. In a text editor, open the file /etc/postfix/sasl_passwd. If the file does not already exist, create it. Add the following line to the file, replacing USERNAME and PASSWORD with your SMTP user name and password.

    Important

    Use your SMTP user name and password, not your AWS access key ID and secret access key. Your SMTP credentials and your AWS credentials are not the same. For information about how to obtain your SMTP credentials, see Obtaining Your Amazon SES SMTP Credentials.

    Copy
    127.0.0.1:2525 USERNAME:PASSWORD

    Save and close sasl_passwd.

  6. At a command prompt, type the following command to create a database file that contains your SMTP credentials.

    Copy
    sudo postmap hash:/etc/postfix/sasl_passwd
  7. (Optional) The /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db files you created in the previous steps are not encrypted. Because these files contain your SMTP credentials, it is a good idea to use the following commands to change the owner to root and set permissions to restrict access to the files as much as possible.

    Copy
    sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
    Copy
    sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
  8. When you have finished updating the configuration, stop and start Postfix by typing the following commands:

    Copy
    sudo postfix stop
    Copy
    sudo postfix start
  9. Start a sendmail session by typing the following command:

    Copy
    sendmail -f from@example.com to@example.com

    Note

    Replace from@example.com with the sender's email address, and replace to@example.com with the recipient's address. The sender address must be verified in Amazon SES; if your account is still in the sandbox, the recipient address must also be verified.

  10. Type the following commands, pressing Enter after each line. Note that the final line contains a single period with no other content.

    Copy
    From: from@example.com Subject: Test This email was sent from Amazon SES using Postfix. .

    Note

    Replace from@example.com with the sender's email address.

  11. Check your inbox for the email. If the message was not delivered, check your system's mail log for errors. On most systems, the mail log is located at /var/log/maillog.

Advanced Usage Example

After you configure Postfix and confirm that it is working, you can send more sophisticated emails. This example shows how to send an email that uses a configuration set, and that uses MIME-multipart encoding to send both a plaintext and an HTML version of the message. It also includes a link tag, which can be used for categorizing click events. Finally, the content of the email is specified in an external file, so that you do not have to manually type the commands in the Postfix session.

To send a multipart MIME email using Postfix

  1. In a text editor, create a new file called mime-email.txt.

  2. In the text file, paste the following content, replacing the values in red with the appropriate values for your account:

    Copy
    X-SES-CONFIGURATION-SET:ConfigSet From:Sender Name <sender@example.com> Subject:Amazon SES Test MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="XBoundary" --XBoundary Content-Type: text/plain; charset=UTF-8 Sample Text Content --XBoundary Content-Type: text/html; charset=UTF-8 <html> <head> </head> <body> <h1>Amazon SES Test</h1> <p>This message was sent from Amazon SES using the SMTP interface.</p> <p>For more information, see <a ses:tags="samplekey0:samplevalue0;samplekey1:samplevalue1;" href="http://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp.html"> Using the Amazon SES SMTP Interface to Send Email</a> in the <em>Amazon SES Developer Guide</em>.</p> </body> </html> --XBoundary--

    Save and close the file.

  3. At the command line, type the following command:

    Copy
    sendmail recipient@example.com < mime-email.txt

    If the command runs successfully, it exits without providing any output.

  4. Check your inbox for the email. If the message was not delivered, check your system's mail log.

For technical discussions about various Amazon SES topics, visit the Amazon SES Blog. To browse and post questions, go to the Amazon SES Forum.