Friday, October 13, 2017

Sending email using Amazon SES with POSTFIX for Ubuntu Server

Amazon SES (simple email service) is a good, cheap and reliable service from Amazon. Amazon SES is part of Amazon AWS family of services.  With Amazon SES you will be able to send up to millions of email reliably.

Every Ubuntu server will need to send email to anyone in the world. Having a good reliable email server than you can rely on to relay your email is a must.

Please follow the steps below to configure your ubuntu server to be able to send email via Amazon SES while using Postfix.

PRE-REQUISITES

  1. An active Amazon AWS account
  2. Activate your Amazon SES service
    1. Verify your domain
    2. Verify the email addresses you will be sending from (or your recipient will reply to)

STEP 1

Creating SMTP credential.

Go to 'STMP Settings' in the SES left menu bar.

Click on the button 'Create my STMP Credentials'

STEP 2

Download the 'credentials.csv' file to your computer and open it

STEP 3

Make sure postfix, mailutils are installed on your server.

type the following command in your terminal:

sudo apt-get install postfix mailutils
if you have not installed postfix yet, it may ask you the following question (see screenshot below), make sure to answer with 'Satellite System'.

 

STEP 4

Using your ubuntu server's text editor (nano), edit the postfix main.cf configuration file, type in the command below:
nano /etc/postfix/main.cf
then enter the following content into main.cf and erase everything else:
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

STEP 5

Using nano again, we will edit the username + password credential file for postfix, type in the command below:
nano /etc/postfix/sasl_password
then enter the following content into sasl_password and erase everything else:
email-smtp.us-east-1.amazonaws.com:25 {your_smtp_username}:{your_smtp_password}

STEP 6 

The postfix password credential file sasl_password must be secured because it contains your Amazon SMTP credential in plain text. Type in the next few commands to secure it.

sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 0600 /etc/postfix/sasl_passwd

STEP 7

Next, we need to create the hashmap database from the Amazon SES credential file we have just edited. Then we need to secure the hashmap database file as well.

sudo postmap hash:/etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd.db

STEP 8

Next we need to set Postifx to use our SSL certificate, then restart postfix to use our new configurations.
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
sudo service postfix restart

STEP 9 

Lastly we need to test by sending email to anyone, so that we can be sure our new postfix server configuration via Amazon SES is working.

echo testing | mail -s "this is our test message" -a "From: you@yourdomain.com" user@domain.com

SUMMARY 

Hopefully the steps above helped you get your server sending email via Amazon SES.

If you have any comment or question, please drop me a comment. Thanks



Posted by at No comments:

Monday, October 2, 2017

Fix NO_PUBKEY issue in Ubuntu Server

This how to will show you how to fix NO_PUBKEY error message like this:

W: GPG error: http://archive.ubuntu.com trusty-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://security.ubuntu.com trusty-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.canonical.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
I got the errors above while doing 'apt-get update' command.

The error messages means apt-get update was trying to download the missing GPG keys (as mentioned in the original error message) from the Ubuntu GPG keyserver. But somehow it failed. So we will try to download (import) those GPG keys manually.

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 40976EAF437D05B5
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3B4FE6ACC0B21F32

The output of the above commands should look like this:

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.cDJgiBrsSm --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 40976EAF437D05B5
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: key 437D05B5: public key "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>" imported
gpg: Total number processed: 1
gpg: imported: 1

After successfully imported the GPG Keys you should now be able to continue with 'apt-get update' without any error.

Hope this helps someone. :-)
Posted by at No comments:
Subscribe to: Posts (Atom)