Post fix install and configure with AWS SES

What are we going to do?:

  • Uninstall Sendmail, if it’s already installed on your system. The procedure for completing this step varies depending on the operating system you use.

  • Install Postfix. The procedure for completing this step varies depending on the operating system you use.

  • Install libsasl2-modules packages

  • Create a config file for MTA

  • Configure Postfix with Amazon SES through postfix command

  • Setup SES username and password for MTA in sasl_passwd file

  • Start and reload postfix

  • Send a test mail

Step 1: Uninstall Sendmail (if installed)

sudo apt --purge remove sendmail

Step 2: Install Postfix

sudo apt update
sudo apt install postfix

Step 3: Install libsasl2-modules packages

sudo apt install libsasl2-modules

Step 4: Create a config file for MTA

Debian/Ubuntu Linux user type the following cp command to create a new default config file for your MTA:

$ sudo cp -v -i /etc/postfix/main.cf{.proto,}
'/etc/postfix/main.cf.proto' -> '/etc/postfix/main.cf'

Step 5: Configure Postfix with Amazon SES through postfix command

sudo postconf -e "relayhost = [email-smtp.us-west-2.amazonaws.com]:587" \ "smtp_sasl_auth_enable = yes" \ "smtp_sasl_security_options = noanonymous" \ "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \ "smtp_use_tls = yes" \ "smtp_tls_security_level = encrypt" \ "smtp_tls_note_starttls_offer = yes"

Note: If you use Amazon SES in an AWS Region other than US West (Oregon), replace email-smtp.us-west-2.amazonaws.com in the preceding command with the SMTP endpoint of the appropriate region. For more information, see Regions and Amazon SES.

Step 6: Setup SES username and password for MTA in sasl_passwd file with an editor

[smtp-endpoint]:587 

Edit the main.cf file in /etc/postfix/main.cf and comment the following words:

  • setgid_group

  • sendmail_path

  • mailq_path

  • newaliases_path

  • manpage_directory

  • sample_directory

  • readme_directory

  • html_directory

Update the ownership and permissions of the following files:

$ sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
$ sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Tell Postfix where to find the CA certificate (needed to verify the Amazon SES server certificate). The command you use in this step varies based on your operating system.

If you use Ubuntu or a related distribution, type the following command:

sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'

Step 7: Restart and reload postfix

sudo postfix start; sudo postfix reload

Step 8: Send a test mail to check if the postfix works properly as expected

echo "This is a test email." \
| mail -r [email protected] 'AWS SES test' [email protected]

If all worked properly you can verify the mail logs in :

/var/log/mail.log

Thanks……