Postfix mail relay via Amazon Simple Email Service (SES)

Amazon SES does not use the STARTTLS extension of the SMTP protocol and uses instead an encrypted connection from the very beginning. That’s why we have to tunnel all the traffic through an encrypted connection.

Steps:

A. Configure the encrypted tunnel

1. Install stunnel

yum install stunnel

2. Configure it
Add the lines below in /etc/stunnel/stunnel.conf and make sure it starts properly:

[smtp-tls-wrapper] accept = 127.0.0.1:1125
client = yes
connect = email-smtp.us-east-1.amazonaws.com:465

3. Make it start automatically at boot:

chkconfig --add stunnel
chkconfig stunnel on
B. Configure Postfix to relay email through Amazon SES via the encrypted tunnel

1. Add this line to /etc/postfix/password:

127.0.0.1:1125 :

2. Fix the permissions on /etc/postfix/password

chown root:root /etc/postfix/password
chmod 600 /etc/postfix/password

3. Generate the hashfile with this command:

postmap /etc/postfix/password
4. Add these lines to /etc/postfix/main.cf:
 
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/password
 smtp_sasl_security_options =

And make sure these variables are set like this:

relayhost = 127.0.0.1:1125
inet_interfaces = all
mynetworks = 0.0.0.0/0

Author:

There is no additional info about this author.

Leave a Reply

Your email address will not be published. Required fields are marked *

*


1 × = nine

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>