Pages

01/04/2019

Configuring Sendmail to use Amazon's Simple Email Service (SES)



Well it's been around 6 months since I last made a blog post - turns out babies are pretty time consuming.

I hate email server configuration with a passion so I offload what I can to Amazon's Simple Email Service or SES for short. This is a quick post guiding you how to get Sendmail to work with SES.

Disclaimer: I am by no means an email expert. The configuration below is working, but may not be optimal. Use at your own risk. That said, most of the configuration below was lifted straight from the AWS Docs so you'd hope that it would be reasonable.

Image result for amazon ses icon



First off you need to sudo:
sudo su -





Then install sendmail and some other utilities:
apt-get install sendmail mailutils sendmail-bin sendmail-cf


Edit the authinfo file:
vim /etc/mail/authinfo





Add the following:
AuthInfo:ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com "U:root" "I:[YOUR_USERNAME]" "[YOUR_PASSWORD]" "M:PLAIN"


Run the following:
sudo makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo 


Edit the access file:
vim /etc/mail/access






Add the following line at the end:
Connect:ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com RELAY





Run the following:
makemap hash /etc/mail/access.db < /etc/mail/access



Backup the config files:
cp /etc/mail/sendmail.mc ~/
cp /etc/mail/sendmail.cf ~/



Edit sendmail.mc and add the following before any mailer definitions. Remember to update your domain:
define(`SMART_HOST', `ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
MASQUERADE_AS(`[YOUR DOMAIN]')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl


Change the permissions on sendmail.cf:
chmod 666 /etc/mail/sendmail.cf


Convert the mc file into a cf file:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf


Reset the permissions on sendmail.cf:
chmod 644 /etc/mail/sendmail.cf


Edit your hosts file:
vim /etc/hosts


Ensure it contains the hostname and the FQDN like below:
127.0.0.1 sendmail-01.marrold.co.uk sendmail-01
::1       sendmail-01.marrold.co.uk sendmail-01



Restart sendmail:
systemctl restart sendmail


You've not configured sendmail to relay emails via Amazon SES. To test it you can run the following command. Remember to update the from and to addresses. You must send from a domain that's been whitelisted in SES:
/usr/sbin/sendmail -f from@example.com to@example.com


Enter the body of the email then press Ctrl+D. It should arrive at its destination shortly after! If it doesn't check your spam folder. Keep in mind that you may also need to configure SPF or DKIM for your domain to avoid emails getting detected as spam.

No comments:

Post a comment