         | Did this page help you? Yes No Tell us about it... |
Integrating Amazon SES with Postfix
Postfix was conceived as an alternative to the widely used Sendmail MTA. It is designed to be fast, easy to administer, and secure.
For information about Postfix, go to http://www.postfix.org.
To configure integration using STARTTLS
On your mail server, open the main.cf file. On many systems, this file resides in the /etc/postfix folder.
Add the following lines to the main.cf file, modifying them to reflect your particular situation, and then save the file.
relayhost = email-smtp.us-east-1.amazonaws.com:25 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yesEdit the /etc/postfix/sasl_passwd file. If the file does not exist, create it. Add the following lines to the file, replacing USERNAME and PASSWORD with your SMTP user name and password.
email-smtp.us-east-1.amazonaws.com:25 USERNAME:PASSWORD ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 USERNAME:PASSWORDSave the sasl_passwd file.
At a command prompt, issue the following command to create an encrypted file containing your SMTP credentials.
sudo postmap hash:/etc/postfix/sasl_passwdRemove the /etc/postfix/sasl_passwd file.
Tell Postfix where to find the CA certificate (needed to verify the SES server certificate).
If running on the Amazon Linux AMI:
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt'If running on Ubuntu Linux:
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
To configure integration using a secure tunnel
To begin, you will need to set up a secure tunnel as described in Setting Up a Secure Tunnel. In the following procedure, we use port 2525 as your stunnel port. If you are using a different port, modify the settings that you actually use accordingly.
On your mail server, open the main.cf file. On many systems, this file resides in the /etc/postfix folder.
Add the following lines to the main.cf file, modifying them to reflect your particular situation, and then save the file.
relayhost = 127.0.0.1:2525 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_security_level = may smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwdEdit the /etc/postfix/sasl_passwd file. If the file does not exist, create it. Add the following line to the file, replacing USERNAME and PASSWORD with your SMTP user name and password.
127.0.0.1:2525 USERNAME:PASSWORD
Save the sasl_passwd file.
At a command prompt, issue the following command to create an encrypted file containing your SMTP credentials.
sudo postmap hash:/etc/postfix/sasl_passwdRemove the /etc/postfix/sasl_passwd file.
When you have finished updating the configuration, restart Postfix. At the command line, type the following command and press ENTER.
sudo /etc/init.d/postfix restart
![[Note]](http://docs.amazonwebservices.com/docs-common/images/note.png) | Note |
|---|---|
This command may not be exactly the same on your particular server. |
When you have completed this procedure, your outgoing email will be sent via the Amazon SES SMTP interface. To verify that this change was successful, send an email message through your Postfix server, and then verify that it arrives at its destination. If the message is not delivered, check your system's mail log for errors. On many systems, the log file is /var/log/mail.log.
