Amazon SES and Ubuntu Server: A howto

August 22, 2011

Amazon SES or Simple Email Service makes the sending of emails straightforward from EC2 instances, without some of the complexities which occur - blacklisting of EC2 IPs, etc. if you try to use an EC2 instance as a mailserver in its own right.

I've put some pointers for setup here, which I learnt from my initial experiences. Pre-Oneriric systems have a slightly more complex setup due to package availability, but I have covered both Pre-Oneiric and Oneiric+ here.

Firstly you need to download the SES scripts from here in order to send email and to register email addresses, query quotas etc. Once downloaded, I installed them to /usr/local/lib/amazonaws. This is different from the path suggested in the README document, but is more 'Ubuntu-esque' and helps me keep things tidy. I had to link SES.pm to the /usr/local/lib/site_perl/ directory, for the scripts to be able to find them.

The Getting Started Guide covers much of the initial setup. I put the credentials file in the /usr/local/lib/amazonaws directory. You can pass the credentials file to the scripts with the -k option at runtime.

Ubuntu Oneiric (or later)

You can use the apt package libnet-ssleay-perl, rather than installing prerequisites from CPAN.

sudo apt-get install libnet-ssleay-perl libxml-libxml-perl libssl-dev build-essential

Pre-Oneiric (Natty or older)

Apt does not contain a suitable package for you unfortunately, and therefore the individual dependencies need to be fetched from CPAN. You'll need LWP::Protocol::https and Crypt::SSLeay.

sudo apt-get install libxml-libxml-perl libssl-dev build-essential
perl -MCPAN -e 'install LWP::Protocol::https'
perl -MCPAN -e 'install Crypt::SSLeay'

The apt packages are required to build the dependencies of the CPAN modules - these have quite a few.

Remaining setup (any Ubuntu)

The following registers a sending address with SES. All sending address require registration with Amazon. Application for production access then lifts some of the sending caps you will have applied on your account.

ses-verify-email-address.pl -k aws-credentials -v [email protected]

Finally, in order to make things play nice with postfix, you need to install postfix as a 'satellite' system, and then add the following transport to master.cf:

aws-email  unix  -       n       n       -       -       pipe
  flags=R user=aws argv=/usr/local/bin/ses-send-email.pl -r -k /usr/local/lib/amazonaws/aws-credentials -e https://email.us-east-1.amazonaws.com -f ${sender} ${recipient}

And then set the default transport in postfix's main.cf to aws-email:

default_transport = aws-email

And then you need to restart postfix, and you should be ready to roll!

You may require some additional setup if you want to be able to use services which send mail between users using their own email addresses (without the requirement of verifying every sending address). I covered this in a second post which went over the specifics of this setup.