From a4d5f5aab1b2a1b732ff2d674b792ce160748314 Mon Sep 17 00:00:00 2001 From: Son NK Date: Fri, 31 Jan 2020 23:54:51 +0700 Subject: [PATCH] Move SES doc to a separate page --- README.md | 51 ------------------------------------------- docs/ses.md | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 51 deletions(-) create mode 100644 docs/ses.md diff --git a/README.md b/README.md index f4c36945..ace27f57 100644 --- a/README.md +++ b/README.md @@ -531,57 +531,6 @@ please go to the database, table "users" and set "lifetime" column to "1" or "TR You don't have to pay anything to SimpleLogin to use all its features. You could make a donation to SimpleLogin on our Patreon page at https://www.patreon.com/simplelogin if you wish though. -## Integrating with Amazon SES - -If you're self hosting, here is the method I used to route emails through Amazon's SES service. For me, when hosting on AWS the public IP is widely blacklisted for abuse. If you have an SES account, you are whitelisted, use TLS, and amazon creates the DKIM records. - -First, I modify the postfix inet protocols to only route via IPv4 - -`vi /etc/postfix/main.cf` and change `inet_protocols = ipv4` - -### Amazon Simple Email Service Console: - -First, verify your domain with SES, and check off "Generate DKIM Records". - - - -I use Route53, so pressing the Use Route53 button will automatically generate my DNS values. If you do not use Route53, you will have to create them on your DNS provider. - -If you do choose route53, this is what generating the record sets looks like - - -Now, in SES we need to generate SMTP Credentials to use. Go to the SMTP settings tab, and create credentails. Also note your server name, port, etc. - - - -Now on your server, run the following (Updating the SMTP DNS address to match what you see in the SMTP settings tab of SES) -``` -sudo postconf -e "relayhost = [email-smtp.us-east-1.amazonaws.com]:587" \ -"smtp_sasl_auth_enable = yes" \ -"smtp_sasl_security_options = noanonymous" \ -"smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \ -"smtp_use_tls = yes" \ -"smtp_tls_security_level = may" \ -"smtp_tls_note_starttls_offer = yes" -``` - -Now let's create `/etc/postfix/sasl_passwd` and inside put your SMTP Setting values; -`[email-smtp.us-east-1.amazonaws.com]:587 SMTPUSERNAME:SMTPPASSWORD` - -Create a hashmap with `sudo postmap hash:/etc/postfix/sasl_passwd` - -Secure the files (optional but recommended) -``` -sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db -sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db -``` - -For Ubuntu, we point postfix to the CA Certs; -`sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'` - -Then restart postfix `sudo systemctl restart postfix` and you should see the mail in `/var/log/mail.log` and in your alias emails routed through Amazons servers! - - ## Contributing All work on SimpleLogin happens directly on GitHub. diff --git a/docs/ses.md b/docs/ses.md new file mode 100644 index 00000000..e90c87de --- /dev/null +++ b/docs/ses.md @@ -0,0 +1,62 @@ +Contribution from https://github.com/havedill/ + +## Integrating with Amazon SES + +If you're self hosting, here is the method I used to route emails through Amazon's SES service. + +For me, when hosting on AWS the public IP is widely blacklisted for abuse. If you have an SES account, you are whitelisted, use TLS, and amazon creates the DKIM records. + +First, I modify the postfix inet protocols to only route via IPv4: in `/etc/postfix/main.cf`, change `inet_protocols = ipv4` + +### Amazon Simple Email Service Console: + +First, verify your domain with SES, and check off "Generate DKIM Records". + + + +I use Route53, so pressing the Use Route53 button will automatically generate my DNS values. If you do not use Route53, you will have to create them on your DNS provider. + +If you do choose route53, this is what generating the record sets looks like + + +Now, in SES we need to generate SMTP Credentials to use. Go to the SMTP settings tab, and create credentails. Also note your server name, port, etc. + + + +Now on your server, run the following (Updating the SMTP DNS address to match what you see in the SMTP settings tab of SES) +``` +sudo postconf -e "relayhost = [email-smtp.us-east-1.amazonaws.com]:587" \ +"smtp_sasl_auth_enable = yes" \ +"smtp_sasl_security_options = noanonymous" \ +"smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \ +"smtp_use_tls = yes" \ +"smtp_tls_security_level = may" \ +"smtp_tls_note_starttls_offer = yes" +``` + +Now let's create `/etc/postfix/sasl_passwd` and inside put your SMTP Setting values; +`[email-smtp.us-east-1.amazonaws.com]:587 SMTPUSERNAME:SMTPPASSWORD` + +Create a hashmap with `sudo postmap hash:/etc/postfix/sasl_passwd` + +Secure the files (optional but recommended) +``` +sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db +sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db +``` + +For Ubuntu, we point postfix to the CA Certs; + +```bash +sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' +``` + +Then restart postfix + +```bash +sudo systemctl restart postfix +``` + +and you should see the mail in `/var/log/mail.log` and in your alias emails routed through Amazons servers! + + \ No newline at end of file