- Able to send email with
opensslcommand: https://docs.aws.amazon.com/ses/latest/dg/send-email-smtp-client-command-line.html#send-email-using-openssl
Last active
November 27, 2023 05:20
-
-
Save devlinjunker/82352b766afd594c2c98986c1740a476 to your computer and use it in GitHub Desktop.
Setting up Sending Email from EC2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Changes to EC2 Instance to enable sending email |
From https://saturncloud.io/blog/how-to-send-mail-using-amazon-ec2-instance/
- Create user
email2in AWS: https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/users - Create
smtp_credentials_generate.pyon server in~/email/(from https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html) - Get SES_PASS from
python3 smtp_credentials_generate.py <SECRET_KEY_FROM_AWS> us-east-2 - Install postfix
sudo yum install postfix - Add lines at end of
/etc/postfix/main.cf:
relayhost = email-smtp.us-east-2.amazonaws.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
- Create
/etc/postfix/sasl_passwdwith:
email-smtp.us-east-2.amazonaws.com:587 <SES_USER_KEY_ID>:<SMTP_SES_PASS>
- Change permissions:
sudo chmod 600 /etc/postfix/sasl_passwd - Update postfix:
sudo postmap /etc/postfix/sasl_passwd - Restart postfix:
sudo service postfix restart - Attempt to test:
echo "This is a test email" | sudo sendmail -s "Test Email" devlin.junker@gmail.com
Still not working....
11/26/2023 - I FIGURED IT OUT
- Need to use AWS Key ID as username in
sasl_passwd!!!!
Following Instructions from https://docs.aws.amazon.com/ses/latest/dg/send-email-sendmail.html
- Create Amazon SES Domain Identity: https://us-east-2.console.aws.amazon.com/ses/home?region=us-east-2#/verified-identities
- Verify Domain Ownership with CNAME DNS Records
- Create Amazon SES Email Identity (with my email address)
- Verify Email Ownership with Link in Email
- Create Amazon User (
Email User) at https://us-east-1.console.aws.amazon.com/iamv2/home#/users - Download
Email UserCredential File - Create /etc/mail/authinfo with
AuthInfo:email-smtp.us-east-2.amazonaws.com "U:root" "I:smtpUsername" "P:smtpPassword" "M:PLAIN"- With Credentails from above File
- Run
sudo sh -c 'makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo'to create authinfo.db - Update /etc/mail/access file:
sudo sh -c 'echo "Connect:email-smtp.us-east-2.amazonaws.com RELAY" >> /etc/mail/access'sudo sh -c 'makemap hash /etc/mail/access.db < /etc/mail/access'
- Create Backups:
sudo sh -c 'cp /etc/mail/sendmail.cf /etc/mail/sendmail_cf.backup && cp /etc/mail/sendmail.mc /etc/mail/sendmail_mc.backup' - Add to top of /etc/mail/sendmail.mc
define(`SMART_HOST', `email-smtp.us-east-2.amazonaws.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
MASQUERADE_AS(`dev-junk.com')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
- Make Sendmail cf file writeable:
sudo chmod 666 /etc/mail/sendmail.cf - Install
sendmail-cf:sudo yum install sendmail-cf - Regenerate Sendmail cf:
sudo sh -c 'm4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf' - Reset Permissions on Sendmail cf file:
sudo chmod 644 /etc/mail/sendmail.cf - Restart Sendmail Server:
sudo service sendmail restart - Attempted test email:
/usr/sbin/sendmail -vf test@dev-junk.com devlin.junker@gmail.com - Attempted to telnet to SMTP Server:
telnet email-smtp.us-east-2.amazonaws.com 25 - Requested Removal of Restricted Port 25: https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request
- Opened Outbound port 25 on AWS Security Group
Following https://weldon.whipple.org/sendmail/starttlstut.html
- On AWS EC2 (AMI) cd to
/etc/pki - Create
serialandindex.txtfiles inCA/with:echo "01" > serial; cp /dev/null index.txt - Copy Default
openssl.cnf:cp /etc/pki/tls/openssl.cnf /etc/pki/CA/ - Modify
openssl.confdir= ./`[ policy_match ].stateOrProvinceName=optional[ policy_match ].organizationalUnitName=match[ policy_match ].commonName=optional[ req_distinguished_name ].commonName=Common Name (eg, host/domain name)
- Create Certificate Authority:
sudo openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 1825 -config openssl.cnf
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:.
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:Dev Junk CA
- Create Sendmail Certificate:
sudo openssl req -nodes -new -x509 -keyout email.pem -out email.pem -days 365 -config openssl.cnf
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:.
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:Dev Junk Sendmail
Organizational Unit Name (eg, section) []:
Common Name (eg, host/domain name) []:dev-junk.com
Email Address []:devlin.junker@gmail.com
- Sign Certificates:
sudo openssl x509 -x509toreq -in email.pem -signkey email.pem -out tmp.pemsudo openssl ca -config openssl.cnf -policy policy_anything -out email-cert.pem -infiles tmp.pem
- Clean up:
sudo rm tmp.pem - Copy Files to /etc/mail/certs:
sudo cp cacert.pem /etc/mail/certs/cacert.pem
sudo cp email-cert.pem /etc/mail/certs/email-cert.pem
sudo cp email.pem /etc/mail/certs/email-key.pem
10 Create hashed Symbolic Link
cd /etc/mail/certs
sudo ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem`.0
- Make sure certificates have correct permissions:
sudo chmod go-r /etc/mail/certs/email-key.pem; sudo chmod go-r /etc/mail/certs/email-cert.pem - Attempted to sendmail:
/usr/sbin/sendmail -vf test@dev-junk.com devlin.junker@gmail.com
Still not coming through... seems like this was uneccessary
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment