Amazon SES does not use the STARTTLS extension of the SMTP protocol and uses instead an encrypted connection from the very beginning. That’s why we have to tunnel all the traffic through an encrypted connection.
A. Configure the encrypted tunnel
1. Install stunnel
yum install stunnel
2. Configure it, Add the lines below in /etc/stunnel/stunnel.conf and make sure it starts properly:
[smtp-tls-wrapper]
accept = 127.0.0.1:1125
client = yes
connect = email-smtp.us-east-1.amazonaws.com:465
accept = 127.0.0.1:1125
client = yes
connect = email-smtp.us-east-1.amazonaws.com:465
3. Make it start automatically at boot:
chkconfig –add stunnel
chkconfig stunnel on
chkconfig stunnel on
B. Configure Postfix to relay email through Amazon SES via the encrypted tunnel
1. Add this line to /etc/postfix/password:
127.0.0.1:1125
2. Fix the permissions on /etc/postfix/password
chown root:root /etc/postfix/password
chmod 600 /etc/postfix/password
chmod 600 /etc/postfix/password
3. Generate the hashfile with this command:
postmap /etc/postfix/password
4. Add these lines to /etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =
And make sure these variables are set like this:
relayhost = 127.0.0.1:1125
inet_interfaces = all
mynetworks = 0.0.0.0/0
inet_interfaces = all
mynetworks = 0.0.0.0/0