Configure SSMTP to send emails via Amazon SES.
Before We Begin
This article assumes you already have the following:
- AWS SES account configured for production access.
- A verified AWS SES sender (i.e. [email protected]).
- An IAM user’s credentials with at least the following permissions set:
{ "Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:CreateUser",
"iam:PutUserPolicy"
],
"Resource": [ "*" ]
}]
}
Installation (Debian Wheezy)
Install awscli:
# apt-get install python2.7 python-pip # pip install awscli
Configuration
Configure awscli if using for the first time:
$ aws configure AWS Access Key ID [****************1234]: AWS Secret Access Key [****************ABCD]: Default region name [eu-west-1]: Default output format [text]: json
Create a SES user policy:
$ cat > ./sespolicy.json EOL
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ses:SendRawEmail",
"Resource": "*"
}
]
}
EOL
Create a new IAM user for SES:
$ aws iam create-user --user-name SES-USER
{
"User": {
"UserName": "SES-USER",
"Path": "/",
"CreateDate": "2014-10-14T14:52:34.455Z",
"UserId": "AIDAJ33BKAWUSF2MVOD3Q",
"Arn": "arn:aws:iam::297649722856:user/SES-USER"
}
}
Add a SES policy:
$ aws iam put-user-policy --user-name SES-USER --policy-name SESPOLICY --policy-document file://sespolicy.json
Create access keys:
$ aws iam create-access-key --user-name SES-USER
{
"AccessKey": {
"UserName": "SES-USER",
"Status": "Active",
"CreateDate": "2014-10-14T14:53:00.375Z",
"SecretAccessKey": "Fu923JvUYN6MeMg5h5fc9WlTGQMhSPt6La6X755t",
"AccessKeyId": "AKIAJWOBYL2QRQQUVFXQ"
}
}
Obtaining Amazon SES SMTP Credentials by Converting AWS Credentials (in BASH)
Script requires OpenSSL.
# apt-get install openssl
Generate SES SMTP credentials from AWS SecretAccessKey:
$ cat ./ses-smtp-conv.sh
#!/bin/bash
# written by Tomas (www.lisenet.com)
# 14/10/2014 (dd/mm/yy)
# copyleft free software
#
# Many thanks to:
# http://blog.celingest.com/en/2014/02/12/new-ses-endpoints-creating-ses-credentials-iam-users/
# Check for OpenSSL installation, exit if not present
type openssl >/dev/null 2>&1 || { echo >&2 "I require OpenSSL, but it's not installed. Aborting."; exit 1; };
# If you want to provide the AWS keys below rather than supplying on a CLI,
# you can do so and comment out everything in between dashes (#---)
#IAMUSER="";
#IAMSECRET="";
#--------------------------------------------
IAMUSER="$1";
IAMSECRET="$2";
if [ "$#" -ne "2" ];then
echo "Usage: ./ses-smtp-conv.sh ";
echo "Alternatively, you can put the AWS keys in the script.";
exit 1
fi
#--------------------------------------------
# You do not need to modify anything below this line
MSG="SendRawEmail";
VerInBytes="2";
VerInBytes=$(printf \\$(printf '%03o' "$VerInBytes"));
SignInBytes=$(echo -n "$MSG" | openssl dgst -sha256 -hmac "$IAMSECRET" -binary);
SignAndVer=""$VerInBytes""$SignInBytes"";
SmtpPass=$(echo -n "$SignAndVer"|base64);
echo "SMTP User: ""$IAMUSER";
echo "SMTP Pass: ""$SmtpPass";
exit 0
$ ./ses-smtp-conv.sh SMTP User: AKIAJWOBYL2QRQQUVFXQ SMTP Pass: AqXIiv3i1pvh0eL3bTx5Sgg6aLQgF9pPBcyBpake/c0C
Note: you can also obtain Amazon SES SMTP credentials by using the Amazon SES console.
Configuring SSMTP and Sending a Test email
Install SSMTP and heirloom-mailx (an intelligent mail processing system):
# apt-get install ssmtp heirloom-mailx
# cat > /etc/ssmtp/ssmtp.conf EOL [email protected] mailhub=email-smtp.us-east-1.amazonaws.com:465 AuthUser=AKIAJWOBYL2QRQQUVFXQ AuthPass=AqXIiv3i1pvh0eL3bTx5Sgg6aLQgF9pPBcyBpake/c0C UseTLS=YES AuthMethod=LOGIN FromLineOverride=YES EOL
$ echo test | mail -v -s "testing ssmtp setup" -r [email protected] [email protected] [<-] 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-871993721 qbd1g98DBizYgNNflWpP [->] EHLO debian [<-] 250 Ok [->] AUTH LOGIN [<-] 334 VXNlcm5hbWU6 [->] QUtJQUpXT0JZTDJRUlFRVVZGWFE= [<-] 334 UGFzc3dvcmQ6 [<-] 235 Authentication successful. [->] MAIL FROM:<[email protected]> [<-] 250 Ok [->] RCPT TO:<[email protected]> [<-] 250 Ok [->] DATA [<-] 354 End data with . [->] Received: by debian (sSMTP sendmail emulation); Tue, 14 Oct 2014 15:56:04 +0100 [->] Date: Tue, 14 Oct 2014 15:56:04 +0100 [->] From: [email protected] [->] To: [email protected] [->] Subject: testing ssmtp setup [->] Message-ID: <543d3984.hSR4l1twBhlkXO4Q%[email protected]> [->] User-Agent: Heirloom mailx 12.5 6/20/10 [->] MIME-Version: 1.0 [->] Content-Type: text/plain; charset=us-ascii [->] Content-Transfer-Encoding: 7bit [->] [->] test [->] . [<-] 250 Ok 000001490f28b40a-8a1ff40b-53e7-4213-a277-b7256887725a-000000 [->] QUIT [<-] 221 Bye