Running An SMTP Server On An EC2 Instance

How to configure a SMTP server with letsencrypt on an amazon EC2 instance.

10452 views
d

By. Jacob

Edited: 2020-12-09 13:01

Configuring the SMTP server is actually not as hard as people make it out to be. After installing the POSTFIX SMTP server, you should even be able to send e-mail with the default configuration. They will likely go into the spam folder though, but there are ways to avoid this.

I eventually managed reach my own gmail inbox, somehow, without having my e-mails end up in the spam folder. Possibly because I also created a subdomain to send e-mail from (smtp.mydomain.com), and added a DNS A record pointing to my EC2 instance for the subdomain. I also pointed the SMTP client to my letsencrypt certificate, to encrypt outgoing messages. This is very easy once you have setup letsencrypt for your website, and if your SMTP server is running on the same instance as your web server. Simply add something like the below to your /etc/postfix/main.cf file:

# TESTING LETSENCRYPT---start
smtp_use_tls=yes
smtp_tls_loglevel=1
smtp_tls_security_level=may
smtp_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
# TESTING LETSENCRYPT---end

You will also have a smtpd equivalent of the above. smtpd is used when connecting to your SMTP server from the outside. But since you will be connecting from localhost, there is no need to think about smtpd for now. smtp is the "client" part used when communicating with other servers, and when sending encrypted e-mails. You can easily, and freely, setup the latter if you have configured letsencrypt.

Additionally, to avoid ending up in the spam folder, you can also add a SPF DNS record in the DNS settings for your domain. This record is of type "TXT", and will allow the subdomain pointing to your EC2-hosted SMTP server to send e-mail on behalf your domain. The record should look like the below:

"v=spf1 ip4:52.71.13.209 -all"

Warning.: The above could disallow certain services when using common shared hosts. Before you continue, you may want to check your shared hosting providers documentation on spf records.

Apparently, by having the SPF record you may lower the chance that an e-mail you send will be rejected as spam by the receiving mail server.

The ip4 part is optional, but when used, should match the IP address of the SMTP server.

For the most part, it does not seem to matter that the myhostname in /etc/postfix/main.cf is not the same as what you specify in your DNS records for your subdomain. I left my own as "localhost", and when I look in the "e-mail source" of sent e-mail, the server identifies itself as localhost on the EC2 IP address rather than smtp.mydomain.com. However, some servers will reject your e-mail if you are not using the fully qualified hostname. The error might look something like:

...said: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname (in reply to RCPT TO command)

You can test that your server is able to send e-mail with the following command:

echo "This is the body of the e-mail." | mail -s "This is the subject" -aFrom:Jacob\<[email protected]\> [email protected]

Limits on sending mail for EC2 instances

If you are wondering what the default limits are on sending e-mail via EC2 instances, then you are not alone. I have spent hours trying to find out what the exact limits are, and eventually found out that the information is not public. At least not when I checked the FAQ:

Q: Are there any limitations in sending email from EC2 instances?

Yes. In order to maintain the quality of EC2 addresses for sending email, we enforce default limits on the amount of email that can be sent from EC2 accounts. If you wish to send larger amounts of email from EC2, you can apply to have these limits removed from your account by filling out this form.

The question is, however, how many e-mails can we send before running into said limits? Certain CMS systems have the option to send e-mails in smaller batches, which can somewhat help avoid limits. However, ideally we would want to have no limits on sending out e-mails. Or, we would at least want a significantly higher limit than needed in order to send a newsletter, to all subscribers, in one batch.

I don't have the exact numbers, but after having spent hours experimenting with POSTFIX, I finally found out that the limit is quite low. Possibly, the reason it is so low, is to allow for some experimentation, while at the same time preventing EC2 instances from being used to send spam. The limit must be in the range of 1-20 e-mails per hour, and is likely even lower than this.

Check queued e-mails on the server

The problem with the limits is that there will be nothing indicating that some of your e-mails are not getting sent. However, you can check the queued e-mails by typing mailq in the terminal, after having SSH'ed into your server.

POSTFIX will keep messages in the deferred queue for 5 days by default, and doing that time, it will automatically attempt to send the message again until it either succeeds or the message expires in the deferred queue.

The parameters to control the queue timings can be seen in the below table, you can add them to your configuration file (/etc/postfix/main.cf) to change the defaults.

ParameterDescription
maximal_backoff_timeThe minimum time between attempts to deliver a deferred message. The default is 300s.
maximal_backoff_timeThe maximum time between attempts to deliver a deferred message. The default is 4000s.
queue_run_delayShould be smaller or equal to minimal_backoff_time. This is the time between deferred queue scans.
maximal_queue_lifetimeThis is the maximum time messages will be kept in the queue system. The default is 5 days.

Links

  1. Postfix Configuration Parameters - postfix.org

Tell us what you think:

  1. In this article I will explain how to enable a swapfile on small instances, and why it might be useful, even if you do have enough physical memory.
  2. With some network configurations, TLS/SSL might break when relaunching an EC2 instance from an AMI backup.
  3. How to have multiple public IPs with one AWS EC2 Instance
  4. If you suddenly can not connect to your server in the cloud for no apparent reason, it may be because it is running out of physical memory. In this article, I will discuss a few solutions to this problem.

More in: AWS