Amazon SES relay from EC2 instance with postfix on Debian can't send email

Question

I have been asked to do some system admin and to move a legacy PHP web application to an Amazon EC2 instance running Debian. I have done this, and emails are successfully being sent from postfix.

Concern was expressed by the previous system admin that the server was not using an email relay, and a request to use SES seemed straight forward. I have implemented a mail relay using Mailgun from a Rackspace instance, and though not trivial, I got this done in a couple of hours.

I have not found the SES process quite so simple, and I suspect this is because I am unfamiliar with using certificates.

Initially I set up the service using the instructions here http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html

• Elastic IP set up for server
• Credentials created for SMTP server
• Created IAM user and got a username and password for SMTP at email-smtp.us-west-2.amazonaws.com
• I created an /etc/postfix/sasl_passwd file with

[email-smtp.us-west-2.amazonaws.com]:25 USERNAME:PASSWORD

• I then ran

  postmap hash:/etc/postfix/sasl_passwd

to create the sasl_passwd.db

• /etc/postfix/master.cf did not have smtp_fallback_relay in it

• I created a certificate by installing apt-get install sasl2-bin and

  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

and pointing postfix to this in my main.cf (at the end of this post).

I am using sendmail to send an email via Python

SENDMAIL = "/usr/sbin/sendmail" # sendmail location

FROM = "[email protected]"
#TO = ["[email protected]", "[email protected]"]
TO = ["[email protected]"]

SUBJECT = "Artog SMTP server is working!"

TEXT = "Sending emails on the TIQ webserver is working"

# Prepare actual message

message = """\
From: %s
To: %s
Subject: %s

%s
""" % (FROM, ", ".join(TO), SUBJECT, TEXT)

# Send the mail

import os

p = os.popen("%s -f %s -t -i" % (SENDMAIL, FROM), "w")
p.write(message)
status = p.close()
if status:
    print "Sendmail exit status", stat

but I keep getting a time out error on sending:

Feb 26 03:18:19 lamp postfix/error[23414]: 5DE3240508: to=<[email protected]>, relay=none, delay=0.02, delays=0.02/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to email-smtp.us-west-2.amazonaws.com[54.187.123.10]:25: Connection timed out

I can connect via port 25

root@lamp /home/www# telnet email-smtp.us-west-2.amazonaws.com 25
Trying 54.149.142.243...
Connected to ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com.
Escape character is '^]'.
220 email-smtp.amazonaws.com ESMTP

My main.cf file is

myhostname              = travelinsurancequotes.com.au
mydomain                = travelinsurancequotes.com.au
inet_interfaces = all

mynetworks_style        = host
local_destination_recipient_limit       = 300
local_destination_concurrency_limit     = 5
recipient_delimiter=+

smtpd_banner            = $myhostname

smtpd_sasl_auth_enable          = yes
smtp_sasl_mechanism_filter = plain
smtpd_sasl_local_domain         = $myhostname
broken_sasl_auth_clients        = yes
smtpd_helo_required             = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/sslcerts/server.key
smtpd_tls_cert_file = /etc/postfix/sslcerts/server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

relayhost = [email-smtp.us-west-2.amazonaws.com]:25
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Answer 1

AWS EC2 has some sort of limit on mail being sent ..

I had that error, and Amazon Support told me to fill this form out to remove the limit.

https://aws.amazon.com/forms/ec2-email-limit-rdns-request

I hope this helps