Amazon Simple Email Service (SES) is a hosted cloud-based email service to send and receive email using your email addresses and domains. Typically SES is used for sending bulk email or routing emails without hosting MTA. One can use the CLI or server-side programming languages such as PHP or Python to transfer an email via SES. This quick tutorial will show you how to route all outgoing emails with Postfix and Amazon AWS SES on Red Hat Enterprise Linux (RHEL) or CentOS version 8.

Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements CentOS/Red Hat Enterprise Linux (RHEL) 8
Est. reading time 5 mintues
Before getting started with Amazon SES and Postfix, make sure to sign up for an Amazon AWS account, including SES. You need to verify your email address and other settings. Make sure you create a user for SES access and download credentials too.

Sending Emails with Postfix and Amazon SES on RHEL/CentOS 8

The step-by-step procedure is as follow:

Deleting sendmail from your RHEL/CentOS 8

Open the terminal and then excute the following dnf command/yum command. For remote RHEL/CentOS 8 server, login using the ssh command:
ssh vivek@ec2-cloud-server-ip
Delete it:
sudo dnf remove sendmail

Installing psotfix on RHEL/CentOS 8

Postfix is an open-source and free mail transfer agent (MTA) that routes and delivers electronic mail. It is easy to configure and very well accepted in the industry. Install it:
sudo dnf install postfix
# older RHEL/CentOS 7.x
sudo yum install postfix

How to install Postfix and Amazon AWS SES on RHEL or CentOS 8 Linux

Adding SASL authentication

Amazon AWS SES needs SALS (Simple Authentication and Security Layer) for adding authentication and security support to connection-based protocols. Hence, add the support by typing the command:
sudo dnf install cyrus-sasl-plain
# RHEL/CentOS v7.x#
sudo yum install cyrus-sasl-plain

How to send emails with Postfix and Amazon AWS SES on RHEL CentOS 8

Configuring postfix for Amazon SES in RHEL / CentOS 8

This tutorial aims to route all emails using Postfix as outgoing MTA. Therefore we are going to configure Postfix as a smarthost. Type Linux command to set environment variable named SES_ZONE as per your config using the export command:

# West (Oregon) SES ZONE. Set this as per your ZONE #
export SES_ZONE="email-smtp.us-west-2.amazonaws.com"

Run Postfix configuration utility called postconf to set up Postfix server to use Amazon AWS SES on your RHEL or CentOS 8 cloud server:

sudo postconf -e "relayhost = [${SES_ZONE}]:587" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes"
RHEL or CentOS 8 integrating Amazon SES with Postfix SMTP

Configuring Postfix Amazon SES USERNAME and PASSWORD

Edit the /etc/postfix/sasl_passwd using a text editor such as vim command/nano command, enter:
sudo vim /etc/postfix/sasl_passwd
# easy to use text editor #
sudo nano /etc/postfix/sasl_passwd

Append (replace SMTP_USER and SMTP_PASSWORD as provided by AWS IMA/SES console API) the following line:

[email-smtp.us-west-2.amazonaws.com]:587 SMTP_USER:SMTP_PASSWORD

Save and close the file. Next, secure file using the chmod command (see How To Use chmod and chown Command in Linux)and then create a new database by running the postmap command:
sudo chmod -v 0600 /etc/postfix/sasl_passwd
sudo postmap -v hash:/etc/postfix/sasl_passwd
ls -lZ /etc/postfix/sasl_passwd*

Postfix RHEL CentOS 8 Amazon SES configuration

Setting up TLS certificate path

Postfix server need to locate the TLS CA certificate. Hence, to verify the Amazon SES server certificate, type:
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt'

Enabling Postfix server

So far, so good. We set up Postfix to use Amazon SES as a smarthost for routing all emails. It is time to start the Postfix server. Therefore, to enable the service, run the following systemctl command:
sudo systemctl enable postfix
sudo systemctl start postfix
sudo systemctl status postfix

Starting and enabling Postfix on RHEL or CentOS 8 server

How to test integration of Amazon AWS SES with Postfix on your RHEL and CentOS 8 server

Use the sendmail command as follows to send test email (replace domain and email IDs as per your config):

sendmail -f webmaster@cyberciti.biz webmaster@nixcraft.com
From: Vivek Gite <webmaster@cyberciti.biz>
Subject: RHEL 8 - Postfix email server test
This message was sent using Amazon SES on my RHEL 8 server that hosts Python app.
If a problem can be solved, there's no need to worry about it. If it cannot be solved, worrying will do no good.
🐧
.
RHEL and CentOS 8 postfix AWS test command

Sending a test email from my RHEL 8 server

And voila:
Send a test email

SES Email header

Message ID	<0101017820ddfff5-949db56a-5354-4636-8b23-7a8000abef3c-000000@us-west-2.amazonses.com>
Created at:	Thu, Mar 11, 2021 at 4:08 PM (Delivered after 1 second)
From:	Vivek Gite <webmaster@cyberciti.biz>
To:	Webmaster <webmaster@nixcraft.com>
Subject:	RHEL 8 - Postfix email server test
SPF:	PASS with IP 54.240.27.116 Learn more
DKIM:	'PASS' with domain cyberciti.biz Learn more
DMARC:	'PASS' Learn more

Make sure you set up the correct SPF, DKIM, and DMARC for your domain. Otherwise, email delivery is going to be a nightmare regardless of the clean IP address and routing provided by AWS SES.

Postfix log file

Use the grep command or tail command to see /var/log/maillog file:
sudo tail -f /var/log/maillog)
sudo grep ‘something’ /var/log/maillog
Other option is to run the journalctl command:
sudo journalctl -u postfix
Here is a sample email server log:

Mar 11 05:31:44 nixcraft-rhel8 postfix/qmgr[13370]: AC9F11F4B1: from=<webmaster@cyberciti.biz>, size=532, nrcpt=1 (queue active)
Mar 11 05:31:44 nixcraft-rhel8 postfix/qmgr[13370]: 6A9161F4BA: from=<webmaster@cyberciti.biz>, size=304, nrcpt=1 (queue active)
Mar 11 05:31:44 nixcraft-rhel8 postfix/smtp[13721]: fatal: valid hostname or network address required in server description: []:587
Mar 11 05:31:44 nixcraft-rhel8 postfix/smtp[13722]: fatal: valid hostname or network address required in server description: []:587
Mar 11 05:31:45 nixcraft-rhel8 postfix/qmgr[13370]: warning: private/smtp socket: malformed response
Mar 11 05:31:45 nixcraft-rhel8 postfix/qmgr[13370]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
Mar 11 05:31:45 nixcraft-rhel8 postfix/master[13368]: warning: process /usr/libexec/postfix/smtp pid 13721 exit status 1

Typically, it would be best if you fixed all errors before emails can be routed again.

A note about RHEL 8/CentOS system generated emails

Usually, system-generated emails sent from the following address will be rejected by AWS SES as they are from unauthenticated domain/email address:
root@your-hostname
root@your-hostname-domain-dot-com
root@nixcraft-rhel8

We can fix this problem, see my page “Postfix masquerading or changing outgoing SMTP email or mail address” for more information.

Summing up

In this tutorial, we learned how to use Postfix MTA with the Amazon SES cloud service when running the Red Hat Enterprise Linux (RHEL) 8 server.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 3 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
3 comments… add one
  • Paul Verreth Mar 12, 2021 @ 17:59

    Dear Vivek.

    What’s the use of this setup?

    Postfix can send the mails directly to the mail servers (MX) of the recipients, can’t it?

    Kind regards.

    • 🐧 Vivek Gite Mar 12, 2021 @ 21:20

      AWS SES has a higher rate of email deliveries as compared to Postfix routing email. Useful for email markating. Hence, this page. I hope this helps.

    • Abdi Duarte Mar 15, 2021 @ 11:04

      I work for newspapers and online portals. We send over 300k+ email notifications daily to alert our email subscribers about breaking news. Trust me, and we tried everything from our Postfix to other cloud providers. Nothing comes to close AWS SES when it comes to delivering email correctly. The cost is also minimal.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum