Amazon Simple Email Service
Developer Guide (API Version 2010-12-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Integrating Amazon SES with Sendmail

Sendmail was released in the early 1980s, and has been continuously improved ever since. It is a very flexible and configurable MTA, and it has a large installed base. For information about Sendmail, go to http://www.sendmail.com/sm/open_source/.

The following instructions show you how to configure Sendmail to send email through Amazon SES using two ways to encrypt the connection: STARTTLS and a secure tunnel.

These instructions were tested on a 64-bit Amazon EC2 instance using the following Amazon Machine Image (AMI):

  • Amazon Linux AMI 2012.09 (ami-1624987f), which runs Linux 3.2

For more information about AMIs, see Amazon Machine Images (AMIs).

Prerequisites

Before you perform one of the following procedures, verify the following:

  • The Sendmail package is installed on your computer, and you are able to successfully send an email using Sendmail without Amazon SES.

    Tip

    To see if a package is installed on a computer running Red Hat Linux, type rpm -qa | grep <package>, where <package> is the package name. To see if a package is installed on a computer running Ubuntu Linux, type dpkg -s <package>.

  • In addition to the Sendmail package, the following packages are installed on your computer: sendmail-cf and m4.

  • You have verified your "From" address and, if you do not yet have production access, you have also verified your "To" addresses. For more information, see Verifying Email Addresses in Amazon SES.

  • (Optional) If you are sending email through Amazon SES from an Amazon EC2 instance, you may need to assign an Elastic IP Address to your Amazon EC2 instance for the receiving ISP to accept your email. For more information, see Amazon EC2 Elastic IP Addresses.

  • (Optional) If you are sending email through Amazon SES from an Amazon EC2 instance, you can fill out a Request to Remove Email Sending Limitations to remove the additional sending limit restrictions that are applied to port 25 by default.

To configure Sendmail to send email through the Amazon SES endpoint in US East (N. Virginia) using STARTTLS

  1. Create or edit a file called /etc/mail/authinfo. Add the following line to the file, where:

    • U:root—Do not modify.

    • I:USERNAME—Replace with the Amazon SES username you obtained using the instructions in Obtaining Your Amazon SES SMTP Credentials. This is NOT the same as your AWS Access Key ID.

    • P:PASSWORD—Replace with the Amazon SES password you obtained using the instructions in Obtaining Your Amazon SES SMTP Credentials. This is NOT the same as your AWS Secret Key.

    • M:LOGIN—Replace with the method of authentication to use. For example, PLAIN, DIGEST-MD5, etc.

    AuthInfo:email-smtp.us-east-1.amazonaws.com "U:root" "I:USERNAME" "P:PASSWORD" "M:LOGIN"

    If Sendmail cannot authenticate with the Amazon SES SMTP endpoint because the hostname does not match, try adding the additional line specified in Amazon SES SMTP Issues.

  2. Save the authinfo file.

  3. At a command prompt, type the following command to generate /etc/mail/authinfo.db:

    sudo makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo

  4. Open the /etc/mail/access file and include support for relaying to the Amazon SES SMTP endpoint by adding the following line. If Sendmail cannot authenticate with the Amazon SES SMTP endpoint because the hostname does not match, try adding the additional line specified in Amazon SES SMTP Issues.

    Connect:email-smtp.us-east-1.amazonaws.com RELAY

    Save the file.

  5. At a command prompt, type the following command to regenerate /etc/mail/access.db:

    sudo makemap hash /etc/mail/access.db < /etc/mail/access

  6. Save a back-up copy of /etc/mail/sendmail.mc and /etc/mail/sendmail.cf.

  7. Add the following group of lines to the /etc/mail/sendmail.mc file before any MAILER() definitions. If you add a FEATURE() line after a MAILER() definition, when you run m4 in a subsequent step, you will get the following error: "ERROR: FEATURE() should be before MAILER().":

    Important

    Be sure to use the ` character and the apostrophe exactly as shown.

    define(`SMART_HOST', `email-smtp.us-east-1.amazonaws.com')dnl
    define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl
    define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
    FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
    MASQUERADE_AS(`YOUR_DOMAIN')dnl
    FEATURE(masquerade_envelope)dnl
    FEATURE(masquerade_entire_domain)dnl
  8. In the text you just added to sendmail.mc, in the line that starts with MASQUERADE_AS, replace YOUR_DOMAIN with the domain name from which you are sending your email. By adding this masquerade, you are making email from this host appear to be sent from your domain. Otherwise, the email will appear as if the email is being sent from the host name of the mail server, and you may get an "Email address not verified" error when you try to send an email.

  9. Save the sendmail.mc file.

  10. At a command prompt, type the following command to make sendmail.cf writeable:

    sudo chmod 666 /etc/mail/sendmail.cf

  11. At a command prompt, type the following command to regenerate sendmail.cf:

    sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

    Note

    If you encounter errors such as "Command not found" and "No such file or directory," make sure you have installed the m4 and sendmail-cf packages as specified in the prerequisites section above.

  12. At a command prompt, type the following command to reset the permissions of sendmail.cf to read only:

    sudo chmod 644 /etc/mail/sendmail.cf

  13. At a command prompt, type the following command to restart Sendmail:

    sudo /etc/init.d/sendmail restart

  14. Send a test email by doing the following:

    1. At a command prompt, type the following. Note that you should replace from@example.com with your "From" email address, which you must have verified with Amazon SES. Replace to@example.com with your "To" address. If you have not yet applied for production access, the "To" address must also be verified.

      sudo /usr/sbin/sendmail -f from@example.com to@example.com

    2. Press <Enter>. Type the body of the message, pressing <Enter> after each line.

    3. When you are finished typing the email, press CTRL+D to send the email.

  15. Check the recipient email's client for the email. If you cannot find the email, check the Junk box in the recipient's email client. If you still cannot find the email, look at the Sendmail log on the mail server. The log is typically in /var/spool/mail/<user>.

To configure Sendmail to send email through Amazon SES using a secure tunnel

  1. To begin, you will need to set up a secure tunnel as described in Setting Up a Secure Tunnel to Connect to Amazon SES. In the following procedure, we use port 2525 as your stunnel port. If you are using a different port, modify the settings that you actually use accordingly.

  2. Create or edit a file called /etc/mail/authinfo. Add the following lines to the file, where:

    • U:root—Do not modify.

    • I:USERNAME—Replace with the Amazon SES username you obtained using the instructions in Obtaining Your Amazon SES SMTP Credentials. This is NOT the same as your AWS Access Key ID.

    • P:PASSWORD—Replace with the Amazon SES password you obtained using the instructions in Obtaining Your Amazon SES SMTP Credentials. This is NOT the same as your AWS Secret Key.

    • M:LOGIN—Replace with the method of authentication to use. For example, PLAIN, DIGEST-MD5, etc.

    AuthInfo:127.0.0.1 "U:root" "I:USERNAME" "P:PASSWORD" "M:LOGIN"
  3. Save the authinfo file.

  4. At a command prompt, type the following command:

    sudo makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo

  5. Open the /etc/mail/access file to ensure that relaying is allowed for 127.0.0.1. This is the default behavior. If relaying is not allowed for localhost, open your /etc/hosts file and add another hostname pointing to 127.0.0.1.

  6. If you modified /etc/mail/access in the last step, at a command prompt, type the following command to regenerate /etc/mail/access.db:

    sudo makemap hash /etc/mail/access.db < /etc/mail/access

  7. Open the /etc/mail/sendmail.mc file and add the following group of lines before any MAILER() definitions. If you add a FEATURE() line after a MAILER() definition, when you run m4 in a subsequent step, you will get the following error: "ERROR: FEATURE() should be before MAILER().":

    Important

    Be sure to use the ` character and the apostrophe exactly as shown.

    FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
    define(`SMART_HOST', `[127.0.0.1]')dnl
    define(`RELAY_MAILER_ARGS', `TCP $h 2525')dnl
    define(`ESMTP_MAILER_ARGS', `TCP $h 2525')dnl
    MASQUERADE_AS(`YOUR_DOMAIN')dnl
    FEATURE(masquerade_envelope)dnl
    FEATURE(masquerade_entire_domain)dnl
  8. In the text you just added to sendmail.mc, in the line that starts with MASQUERADE_AS, replace YOUR_DOMAIN with the domain name from which you are sending your email. By adding this masquerade, you are making email from this host appear to be sent from your domain. Otherwise, the email will appear as if the email is being sent from the host name of the mail server, and you may get an "Email address not verified" error when you try to send an email.

    Also, if you found in Step 5 that relaying was not allowed for 127.0.0.1, change the `SMART_HOST' line you added to sendmail.mc to use the hostname that you entered in the /etc/hosts file. That is:

    define(`SMART_HOST', `hostname')dnl
  9. Save and close the sendmail.mc file.

  10. At a command prompt, type the following command to make sendmail.cf writeable:

    sudo chmod 666 /etc/mail/sendmail.cf

  11. At a command prompt, type the following command to regenerate sendmail.cf:

    sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

    Note

    If you encounter errors such as "Command not found" and "No such file or directory," make sure you have installed the m4 and sendmail-cf packages as specified in the prerequisites section above.

  12. At a command prompt, type the following command to reset the permissions of sendmail.cf to read only:

    sudo chmod 644 /etc/mail/sendmail.cf

  13. At a command prompt, type the following command to restart Sendmail:

    sudo /etc/init.d/sendmail restart

  14. Send a test email by doing the following:

    1. At a command prompt, type the following. Note that you should replace from@example.com with your "From" email address, which you must have verified with Amazon SES. Replace to@example.com with your "To" address. If you have not yet applied for production access, the "To" address must also be verified.

      sudo /usr/sbin/sendmail -f from@example.com to@example.com

    2. Press <Enter>. Type the body of the message, pressing <Enter> after each line.

    3. When you are finished typing the email, press CTRL+D to send the email.

  15. Check the recipient email's client for the email. If you cannot find the email, check the Junk box in the recipient's email client. If you still cannot find the email, look at the Sendmail log on the email sending computer. The log is typically in /var/spool/mail/<user>.