Postfix mail relay via Amazon Simple Email Service (SES)


AllCloud Blog:
Cloud Insights and Innovation

Amazon SES does not use the STARTTLS extension of the SMTP protocol and uses instead an encrypted connection from the very beginning. That’s why we have to tunnel all the traffic through an encrypted connection.

A. Configure the encrypted tunnel

1. Install stunnel

yum install stunnel

2. Configure it, Add the lines below in /etc/stunnel/stunnel.conf and make sure it starts properly:

[smtp-tls-wrapper]
accept = 127.0.0.1:1125
client = yes
connect = email-smtp.us-east-1.amazonaws.com:465

3. Make it start automatically at boot:

chkconfig –add stunnel
chkconfig stunnel on

B. Configure Postfix to relay email through Amazon SES via the encrypted tunnel

1. Add this line to /etc/postfix/password:

127.0.0.1:1125

2. Fix the permissions on /etc/postfix/password

chown root:root /etc/postfix/password
chmod 600 /etc/postfix/password

3. Generate the hashfile with this command:

postmap /etc/postfix/password

4. Add these lines to /etc/postfix/main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

And make sure these variables are set like this:

relayhost = 127.0.0.1:1125
inet_interfaces = all
mynetworks = 0.0.0.0/0

Lahav Savir

Founder and CTO, Cloud Platforms

Read more posts by Lahav Savir

Copyright 2021 | AllCloud | All Rights Reserved