bbrodriges/gist:1844867

## gistfile1.txt
Integrating nullmailer with Amazon Simple Email Service (SES)

Sometime you need just to allow system tools (i.e. cron) to send mail to the hostmaster. Setting up (and maintaining) a smtp server like sendmail, Postfix or Exim is too much. What you need is nullmailer, a sendmail/qmail/etc replacement MTA for hosts which relay to a fixed set of smart relays.

Here are some notes about how to setup nullmailer to use Amazon SES (Simple Email Service). This guide applies to Ubuntu boxes, but you can easily adapt it to other Linux flavors.

I assume that you already know how to setup an Amazon Simple Email Service account and how to test it in the sandbox . This means that you have signed the service, verified and tested at least a couple of e-mail address using Amazon Management Console facility. If this is not your case, please refer to this guide.

To begin, you will need to set up a secure tunnel using stunnel package. In the following procedure, we use port 2525 as your stunnel port. If you are using a different port, modify the settings that you actually use accordingly.

First install stunnel package.

sudo apt-get install stunnel
Edit /etc/default/stunnel4, change ENABLED=0 to ENABLED=1

Edit /etc/stunnel/stunnel.conf as shown in the example below:

sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[smtp-tls-wrapper]
accept = 2525
connect = email-smtp.us-east-1.amazonaws.com:465

Start up stunnel

sudo /etc/init.d/stunnel4 start

Verify that the Amazon smtp tunnel is listening on the local server.

netstat -an | grep -iw LISTEN
tcp 0 0 0.0.0.0:2525 0.0.0.0:* LISTEN

Now install and configure nullmailer package

sudo apt-get -y install nullmailer

Edit /etc/nullmailer/adminaddr . It should contain just a line with your verified Amazon SES address. This address will be used to dispatch to an external address,  mails adressed to local user (i.e. root@localhost): nullmailer ignores /etc/aliases.

Edit /etc/nullmailer/remotes and replace all with the following line, replacing USERNAME and PASSWORD with your SES SMTP user name and password:

localhost smtp --port=2525 --user=USERNAME --pass=PASSWORD

Now test the configuration:

sendmail -f "senderverifiedaddress" -F "YOUR FULL NAME" destinationfiedaddress
From: senderverifiedaddress
To: destinationfiedaddress

Body ot the message..
<ctrl-d>

Remember always to include To: destination in the header of the message because the sendmail emulation (installed by nullmailer), when the message has no To or Cc fields, appends to the message header the field: Cc: recipient list not shown: ; this seams hurting Amazon SES smtp interface (smtp: Failed: 554 Transaction failed: User name is missing: 'recipient list not shown: ;').

Remember that, according with SES rules, the sender must be a verified address. The destination could be unverified only if production access is enabled for your SES account.

You can set the nullmailer "From" address via environment variables .

Usually you can set environment variables in the crontab.

NULLMAILER_USER=webmaster
NULLMAILER_HOST=host.example.com
NULLMAILER_NAME="Mr Cron"

5 0 * * * /usr/local/bin/daily.sh
Check for errors in /var/logs/mail.* syslog files. For debuging purpose,  you can also edit messages in /var/spool/nullmailer/queue.
	Integrating nullmailer with Amazon Simple Email Service (SES)

	Sometime you need just to allow system tools (i.e. cron) to send mail to the hostmaster. Setting up (and maintaining) a smtp server like sendmail, Postfix or Exim is too much. What you need is nullmailer, a sendmail/qmail/etc replacement MTA for hosts which relay to a fixed set of smart relays.

	Here are some notes about how to setup nullmailer to use Amazon SES (Simple Email Service). This guide applies to Ubuntu boxes, but you can easily adapt it to other Linux flavors.

	I assume that you already know how to setup an Amazon Simple Email Service account and how to test it in the sandbox . This means that you have signed the service, verified and tested at least a couple of e-mail address using Amazon Management Console facility. If this is not your case, please refer to this guide.

	To begin, you will need to set up a secure tunnel using stunnel package. In the following procedure, we use port 2525 as your stunnel port. If you are using a different port, modify the settings that you actually use accordingly.

	First install stunnel package.

	sudo apt-get install stunnel
	Edit /etc/default/stunnel4, change ENABLED=0 to ENABLED=1

	Edit /etc/stunnel/stunnel.conf as shown in the example below:

	sslVersion = SSLv3
	chroot = /var/lib/stunnel4/
	setuid = stunnel4
	setgid = stunnel4
	pid = /stunnel4.pid
	socket = l:TCP_NODELAY=1
	socket = r:TCP_NODELAY=1
	client = yes
	[smtp-tls-wrapper]
	accept = 2525
	connect = email-smtp.us-east-1.amazonaws.com:465

	Start up stunnel

	sudo /etc/init.d/stunnel4 start

	Verify that the Amazon smtp tunnel is listening on the local server.

	netstat -an \| grep -iw LISTEN
	tcp 0 0 0.0.0.0:2525 0.0.0.0:* LISTEN

	Now install and configure nullmailer package

	sudo apt-get -y install nullmailer

	Edit /etc/nullmailer/adminaddr . It should contain just a line with your verified Amazon SES address. This address will be used to dispatch to an external address, mails adressed to local user (i.e. root@localhost): nullmailer ignores /etc/aliases.

	Edit /etc/nullmailer/remotes and replace all with the following line, replacing USERNAME and PASSWORD with your SES SMTP user name and password:

	localhost smtp --port=2525 --user=USERNAME --pass=PASSWORD

	Now test the configuration:

	sendmail -f "senderverifiedaddress" -F "YOUR FULL NAME" destinationfiedaddress
	From: senderverifiedaddress
	To: destinationfiedaddress

	Body ot the message..
	<ctrl-d>

	Remember always to include To: destination in the header of the message because the sendmail emulation (installed by nullmailer), when the message has no To or Cc fields, appends to the message header the field: Cc: recipient list not shown: ; this seams hurting Amazon SES smtp interface (smtp: Failed: 554 Transaction failed: User name is missing: 'recipient list not shown: ;').

	Remember that, according with SES rules, the sender must be a verified address. The destination could be unverified only if production access is enabled for your SES account.

	You can set the nullmailer "From" address via environment variables .

	Usually you can set environment variables in the crontab.

	NULLMAILER_USER=webmaster
	NULLMAILER_HOST=host.example.com
	NULLMAILER_NAME="Mr Cron"

	5 0 * * * /usr/local/bin/daily.sh
	Check for errors in /var/logs/mail.* syslog files. For debuging purpose, you can also edit messages in /var/spool/nullmailer/queue.