Use Postfix With AWS SES or Gmail

  • Works on Centos, Amazon Linux and Ubuntu
  • Execute all steps on root account

Before you start:

Generate your SMTP username and password on AWS SES; Gmail, will need App password
Verify the domain and email addresses
Check if your certificate exists
- Centos or Amazon Linux: */etc/pki/tls/certs/ca-bundle.crt*
- Ubuntu: */etc/ssl/certs/ca-certificates.crt*
This tutorial was made for us-east region, just change the endpoint for other regions

Installation

  • Centos or Amazon Linux
$ yum install postfix mailx cyrus-sasl cyrus-sasl-plain cyrus-sasl-lib cyrus-imapd cyrus-imapd-utils
  • Ubuntu
$ apt-get install postfix mailutils libsasl2–2 ca-certificates libsasl2-modules

Edit the postfix configuration with SMTP settings and insert this lines on the botton of the /etc/postfix/main.cf file (On Ubuntu, just change the *.crt* directory)

  • Gmail
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587
  • AWS SES
relayhost = email-smtp.us-east-1.amazonaws.com:25
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

Create the sasl_passwd file with SMTP username and password

  • Gmail
$ touch /etc/postfix/sasl_passwd
$ cat << EOF >/etc/postfix/sasl_passwd
[smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD
EOF
  • AWS SES
$ touch /etc/postfix/sasl_passwd
$ cat << EOF >/etc/postfix/sasl_passwd
email-smtp.us-east-1.amazonaws.com:25 SMTP_USERNAME:SMTP_PASSWORD
ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 SMTP_USERNAME:SMTP_PASSWORD
EOF

Change the permission and generate the password file for postfix

sudo chmod 400 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

Restart postfix

service postfix restart

Check if email are sent

You can check your log for more information ( /var/log/maillog )
  • Gmail
echo “Test mail from postfix” | mail -s “Test Postfix” you@example.com
  • AWS SES
sendmail -f from@example.com to@example.com
From: from@example.com
Subject: Test
This email was sent through Amazon SES!
.
Cool, It’s done (I hope so)

If you have some question or update about this procedure, please contact me.

See ya!