FreeBSD configure AWS SES with Postfix MTA

Author: Vivek Gite Last updated: August 30, 2020 3 comments

How do I integrate and configure Amazon/AWS SES with Postfix running on my FreeBSD Unix server?

Amazon Simple Email Service (SES) is a hosted email service for you to send and receive email using your email addresses and domains. Typically SES used for sending bulk email or routing emails without hosting MTA with help of cloud servers provided by AWS. We can use Perl/Python/PHP APIs to send an email via SES. In this tutorial we are going to configure FreeBSD server or jail running Postfix to route all outgoing emails via AWS SES.

Tutorial requirements
Operating system/app	FreeBSD with bash
Root privileges required	Yes
Difficulty	Intermediate (rss)
Estimated completion time	10m
Table of contents » Disable sendmail on FreeBSD » Installing postfix on FreeBSD » Configuring postfix for SES » Test postfix » Dealing with FreeBSD generated emails » Conclusion

Procedure to configure AWS SES with Postfix

Before getting started with Amazon SES and Postfix for FreeBSD server, you need to sign up for AWS, including SES. You need to verify your email address and other settings. Make sure you create a user for SES access and download credentials too.

Step 1 – Disable Sendmail if enabled on FreeBSD

We need to use the sysrc command to safely edit system rc files. Let us disable sendmail, run:
## Make sure sendmail service stopped for Postfix ## # service sendmail stop ## Disable sendmail service specific ## # sysrc sendmail_enable="NO" # sysrc sendmail_submit_enable="NO" # sysrcsendmail_outbound_enable="NO" # sysrc sendmail_msp_queue_enable="NO"
Also disable/remove sendmail server service specific cronjobs/tasks:
# vi /etc/periodic.conf
Append/modify as follows:

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

Save and close the file in vim/vi.

Step 2 – Installing postfix

Run the pkg command as follows to install Postfix MTA on FreeBSD Unix cloud server:
# pkg update # pkg upgrade # pkg search postfix ## filter sasl specific postifx package using the grep command ## # pkg search postfix | grep sasl ## Install it ## # pkg install postfix-sasl

Enable postfix at FreeBSD boot time:
# sysrc postfix_enable="YES"

postfix_enable:  -> YES

Make sure Postfix is activated in /usr/local/etc/mail/mailer.conf file as follows. Create a new directory using the mkdir command:
# mkdir -p /usr/local/etc/mail
Install the file using the install command:
# install -m 0644 /usr/local/share/postfix/mailer.conf.postfix /usr/local/etc/mail/mailer.conf

Step 3 – Configuring postfix for Amazon SES

Let us see how to configure Postfix as outgoing MTA using a smarthost based upon Amazon SES for FreeBSD. First, set SES zone:

# I am using US West (Oregon) 
# Feel free to replace MTA as per your AWS region 
SES_MTA="email-smtp.us-west-2.amazonaws.com"

Next run the postconf command to configure Postfix with Amazon SES:

postconf -e "relayhost = [${SES_MTA}]:587" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes"

Set up Amazon/AWS SES USERNAME and PASSWORD for Postfix MTA

Edit the /usr/local/etc/postfix/sasl_passwd using a text editor such as NA command/vim command, enter:
# vim /usr/local/etc/postfix/sasl_passwd
Append (replace SMTP_USER and SMTP_PASSWORD as provided by AWS IAM/SES):
[email-smtp.us-west-2.amazonaws.com]:587 SMTP_USER:SMTP_PASSWORD
Save and close the file. First secure file using the chmod command and then create a new database:
# chmod -v 0600 /usr/local/etc/postfix/sasl_passwd /usr/local/etc/postfix/sasl_passw
At a Linux/Unix shell prompt, type the following postmap command to create a hashmap database for MTA credentials:
# postmap -v hash:/usr/local/etc/postfix/sasl_passwd

postmap: name_mask: ipv4
postmap: name_mask: host
postmap: inet_addr_local: configured 3 IPv4 addresses
postmap: been_here: 127.0.0.1/32: 0
postmap: been_here: 192.168.2.236/32: 0
postmap: been_here: 10.8.0.2/32: 0
postmap: mynetworks_core: 127.0.0.1/32 192.168.2.236/32 10.8.0.2/32 
postmap: open hash /usr/local/etc/postfix/sasl_passwd
postmap: Compiled against Berkeley DB version 1

Configure CA certificate path for verification

Postfix server need to locate the CA certificate. Hence, to verify the Amazon SES server certificate, run:
# postconf -e 'smtp_tls_CAfile = /etc/ssl/cert.pem'

Start Postfix service

Use the service command:
# service postfix start # service postfix status

postfix is running as pid 15935.

See Postfix log file

Use the cat command/tail command:
# tail -f /var/log/maillog

Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: name_mask: host
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: inet_addr_local: configured 3 IPv4 addresses
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: been_here: 127.0.0.1/32: 0
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: been_here: 192.168.2.236/32: 0
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: been_here: 10.8.0.2/32: 0
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: mynetworks_core: 127.0.0.1/32 192.168.2.236/32 10.8.0.2/32 
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: open hash /usr/local/etc/postfix/sasl_passwd
Aug 30 16:04:13 rsnapshot postfix/postmap[15781]: Compiled against Berkeley DB version 1
Aug 30 16:08:46 rsnapshot postfix/postfix-script[15933]: starting the Postfix mail system
Aug 30 16:08:46 rsnapshot postfix/master[15935]: daemon started -- version 3.5.4, configuration /usr/local/etc/postfix

Step 4 – Test integration of Amazon SES with Postfix on FreeBSD server

Use the sendmail command as follows:
sendmail -f webmaster@cyberciti.biz webmaster@nixcraft.com From: Vivek Gite <webmaster@cyberciti.biz> Subject: Postfix email server integration with Amazon SES This message was sent using Amazon SES on my FreeBSD Unix server I hope this works out 👿 .

Here is my test email:

AWS SES with Postfix headers

Original Message

Message ID	<010101743efcd00e-462dbed6-5015-48bf-b74d-1f65305d7914-000000@us-west-2.amazonses.com>
Created at:	Sun, Aug 30, 2020 at 4:19 PM (Delivered after 1 second)
From:	Vivek Gite <webmaster@cyberciti.biz>
To:	webmaster@nixcraft.com
Subject:	Postfix email server integration with Amazon SES
SPF:	PASS with IP 54.240.27.116 Learn more
DKIM:	'PASS' with domain cyberciti.biz Learn more
DMARC:	'PASS' Learn more

Make sure you set up correct SPF, DKIM and DMARC.

A note about system generated emails

Typically system-generated emails sent from the following address will be rejected by AWS SES as they are from unauthenticated domain/email address. For example:
root@your-hostname root@your-hostname-domain-dot-com @freebsd-hostname.localdomain
To fix this problem, see my page “Postfix masquerading or changing outgoing SMTP email or mail address” for more information.

Conclusion

In this tutorial, we learned how to use Postfix MTA with Amazon SES cloud service running on FreeBSD Unix operating systems. I tested instructions on a FreeBSD 11.x/12.x server that send many emails per day using Amazon SES with a high amount of email delivery rates. Please see SES docs here for more info.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:

RSS feed or Weekly email newsletter
Share to Twitter • Facebook • 3 comments... add one ↓

UP NEXT

Category	List of Unix and Linux commands
File Management	cat
Firewall	CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04