Recently I had a requirement to provide a which sent from a server should be reached in user INBOX. certain emails were not been go through the Google App email list. As far as I can see that, the application uses standalone smtp installed on the hosted server which ip/network was not been added in spf list. So this email should have low IP reputation and hence will not be reached on users INBOX all the time. In this scenario, I has to configure a relay server which will be using authorized network/ip sources.
First step
1. Create SMTP users in Amazon SES account. See the following screen,
2. Modify the Postfix main configuration file
Now you need to install certain SASL packages for enabling postfix sasl authentication mechanism.
#yum install postfix
Then add the following lines at the bottom of the postfix main configuration file (/etc/postfix/main.cf) file.
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_sasl_mechanism_filter = PLAIN LOGIN
smtp_generic_maps = hash:/etc/postfix/generic
relayhost : This is the hostname which postfix push the emails. This will be different based on your SES regional choice.
smtp_sasl_password_maps : This is the file where we put the Amazon SES credentails. Pls note this is not the Access Key and Access ID.
Note: You should create a new user within the Amazon SES settings window itself. Otherwise this IAM account will not be honored.
smtp_generic_maps : This is one of the important settings since each of SES account has to verified the from header domain name and email address. So that you can not impersonate the emails. By default if you send an email from console, FROM address will be root@finaconn-web01.localdomain. So that Amazon will not permit to send such emails where FROM field was not verified.
3. Creating SASL password file
Grab your Amazon smtp server name, user and password from the first step and create a file and arrange the data in a below manner
smtphost:587 username:password
email-smtp.us-east-1.amazonaws.com:587 AKIAIBLAAAAAJCA:Alae0CZMzINNNNNNEEEEEAAmYv/pUa
create postfix maping database
4. Rewrite FROM address of local domain name to authorized domain name.
Create a file (/etc/postfix/generic) and put all the possible values to be falls on “FROM email header ” which is attaching to each email.
root@fc-web04 notifications@mydomain.com
* notifications@mydomain.com
root@web04.localdomain web04-notifications@mydomain.com
root@web03.mydomain.com web03-notifications@mydomain.com
root@web05.localdomain web05-notifications@mydomain.com
Restart postfix service,
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@web04 ~]#
Now you are completed the configuration for sending email from your local postfix smtp server. which is relaying emails with Amazon SES account.
Now it’s the time to configure your server to become the hub of sending outbound emails from all your local email servers. You have to do two things on this server
On Master Outbound Host end
a. Set mysqdomain nane to your domain name (mydomain = mydomain.com)
b. Set this value to all (inet_interfaces = all)
c. Set mynetworks to send emails (mynetworks = 192.168.10.0/24, 127.0.0.0/8). Mostly you have to uncoment the line and edit as needed.
d. Restart your postfix server to become a good relay Master Host.
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@web04 ~]# netstat -nlp | grep ":25"
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3038/master
[root@web04 ~]#
[root@web04 ~]#
Now the postfix is listening to all the network interface.
6. Config. changes on Relay host End
The only thing what you have to do is, to uncomment the line relayhost and add your new server IP in /etc/postfix/main.cf file.
service postfix restart
Moral of the story : It has been observed that Amazon SES is a lazy email server as we can not send bulk mail easily and should have some delay around 30 – 90 sec delay got in email response. Also I found Amazon documentation of the same purpose was a buggy one. Will not work for me 🙁
Leave a Reply