You will need:
- An Ubuntu installation(I have tested this on 11.10 but I am sure it works for older versions too)
- An AWS account(There is a free tier version you can use for test more info about how to set it up here http://br0sk.blogspot.com/2012/02/how-to-get-ubuntu-1110-server-up-and.html ).
- You need access to your DNS setting for your domain and the interface you use has to support TXT records.
- You need a registered domain name like mydomain.com.
 |
| This image is taken from the Gmail help system |
In order for me to get this running I had to gather information in a few different places. Amazon has a few good help articles but they will not take you all the way. Here is how I got it running.
Setting up the SES account
1. I assume you already have signed up for AWS and can log in to your account. Now go to the SES tab. In order for you to be able to actually send an email through SES you need to verify the email address for the user you are going to send the emails from. If you are using a standard Ubuntu AMI image that would probably be the user ubuntu@mydomain.com. Now verify that email address according to http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/InitialSetup.EmailVerification.html. While you are at it you can request production access for your SES account so that you can send emails from and to anybody http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/InitialSetup.Customer.html.
2. You will get an email coming in to the email address you are trying to verify. Just click the link in the email to acknowledge that you really want this address to be verified.
3. Create your SMTP credentials like this http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SMTP.Credentials.html.
Save the credentials in a safe password system. If you lose them you will have to recreate them.Setup Linux to send email via SES using postfix
4. Install postfix in sattelite mode. It doesn't really matter what settings you chose during the installation we will overwrite the config file soon.
Run;
sudo apt-get install postfix
Follow the instructions.
6. Now follow these instructions http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SMTP.MTAs.Postfix.html to setup Postfix. Use the STARTTLS based alternative. This is the new way of connecting to SES. The old way demands that you set up a secure tunnel using stunnel. It can still be used but adds an extra layer of complexity.
I had to add this at the end of the main.cf file to get it working properly. If this is not done it will look like you are trying to send an email from your Amazon assigned DNS name and if you haven't verified that address it will not work.
myhostname=mydomain.com
Make sure to add this line as well. It forces emails to your own domain to be delivered through SES. If this is not added Postfix will try to deliver the emails locally bypassing SES(thanks to Ratzai Yaghoub for pointing this out).
This row basically tells Postfix that there are no domains available for local delivery.
mydestination =
Setting up the DNS changes
9. Now the same thing but for sender ID: http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SenderID.html
Setting up DKIM
10. And now the most important one DKIM. This is the entry that will remove the "via" message in Gmail.
This is the guide to follow for that: http://www.pmabox.com/blog/47-sign-emails-with-opendkim-postfix-in-ubuntu-1004-64x
11. When all is done add this to the end of the file /etc/opendkim.conf
OmitHeaders "."
SignHeaders "."Here's why https://forums.aws.amazon.com/thread.jspa?threadID=66252
12. Restart Postfix and you should be ready to go if your DNS changes for DKIM has come through. Do also make sure you restart OpenDKIM afeter making the changes.
sudo /etc/init.d/opendkim restart
sudo /etc/init.d/postfix restart
Final Thoughts
I don't know about you but I don't really think that SES(Simple Email Service) deserves to use the word simple just yet. It would be great if it came with a way of easily get the DKIM signing straight from the service.
Still perfoming the steps above should give you maximum email delivery rates. You can check that in the AWS control panel https://console.aws.amazon.com/ses/home.
Thanks goes out to the people who wrote the articles referenced in the blog post.
8. Now we need add the proper TXT records to our DNS. Let's start with SPF. Follow this description: http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SPF.html
9. Now the same thing but for sender ID: http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SenderID.html
Setting up DKIM
10. And now the most important one DKIM. This is the entry that will remove the "via" message in Gmail.
This is the guide to follow for that: http://www.pmabox.com/blog/47-sign-emails-with-opendkim-postfix-in-ubuntu-1004-64x
11. When all is done add this to the end of the file /etc/opendkim.conf
OmitHeaders "."
SignHeaders "."Here's why https://forums.aws.amazon.com/thread.jspa?threadID=66252
12. Restart Postfix and you should be ready to go if your DNS changes for DKIM has come through. Do also make sure you restart OpenDKIM afeter making the changes.
sudo /etc/init.d/opendkim restart
sudo /etc/init.d/postfix restart
Final Thoughts
I don't know about you but I don't really think that SES(Simple Email Service) deserves to use the word simple just yet. It would be great if it came with a way of easily get the DKIM signing straight from the service.
Still perfoming the steps above should give you maximum email delivery rates. You can check that in the AWS control panel https://console.aws.amazon.com/ses/home.
Thanks goes out to the people who wrote the articles referenced in the blog post.
This comment has been removed by the author.
ReplyDeleteI found a solution :D
ReplyDeleteA little search around http://www.postfix.org/LOCAL_RECIPIENT_README.html helped me.
I added this line to man.cf and now i can send mails to users on my own domain
local_recipient_maps =
The Blogger comments are very flaky today. I got your last comment to my email but it was not published here so I include your last comment here:
Delete-------------------------------------------
Hi John,
I think my first comment was deleted in a mysterious way. I can't seem to find it, but I mentioned that it was a great tutorial and was the first one i found after realising that Amazon Simple Email wasn't that simple! I really hope they will incorporate these things in their service in the feature by working together with the major e-mail providers such as Google and Hotmail
Two thing worth mentioning adding to your post, which I used two hours to find out Doh!, is:
1. You should NOT add your Amazon SMTP credentials when you try to contact your Postfix server from an SMTP client, these are saved in the postfix password DB, I realized that after a lot of frustration.
2. You can't test the Postfix server by telnetting into localhost and send a test mail, because of the lack of TLS support, this little info could also have saved me an hour of error searching :-)
Regarding the problems with sending e-emails to domain user, my fix didn't help :(
I just tried to send an e-mail to a domain user, but unfortunately theres is still problems with sending it. When i look in the postfix logfile this is what i see for all local reciepents:
Mar 27 17:01:08 vps postfix/local[32132]: B8C2C2BFB8: to=, relay=local, delay=0.11, delays=0.06/0.03/0/0.02, dsn=5.1.1, status=bounced (unknown user: "ray")
Somehow it doesn't use the Amazon SMTP as a relay (relay=local) when sending to local users. Still haven't figured out a solution to this problem.
-------------------------------------------
I have now figured out how to force Postfix not to deliver the emails locally.
Try adding this row to your main.cf file.
mydestination =
It tells Postfix that the there is no domain to attempt local delivery for.
I just tested this and my emails are coming through just fine.
Your solution works perfectly! Thanks.
DeleteI had actually commented out that row in my main.cf file, but I guess it had to be there, just empty.
Hi Ratzai,
ReplyDeleteGood catch! I forgot to add that, I never actually tested local delivery but you are right it should be added.
Did you find any other problems with the tutorial or was it quite easy to work your way through it?
I will add this fix to the blog post.
Many thanks
Thank you so much for this. Save me days of figuring how to DKIM sign.
ReplyDeleteThat's why I wrote this blog post. You are most welcome :-)
DeleteEmail delivery rates can vary dramatically depending on your email configuration, the type of software you are using, and the servers that you are sending your mail from.
ReplyDeleteEmail Delivery Service