amazon-web-servicesamazon-sespostfix-mta

PHP + PostFix + Amazon SES + Multiple Domains (transports)


I've decided to post this here and not on serverfault, as the community there is to small and nearly 80% of my questions are unanswered...

So I've got my sever with 3 domains: x.com, y.com and z.com. x.com relays internally, y.com relays internally, and z.com SHOULD relay through amazon SES.

Right now, x and y.com mail correctly internally, but I need z.com to relay through SES.

So, my config so far in main.cf:

sender_dependent_relayhost_maps = hash:/etc/postfix/sender_transport domainz_sasl_auth_enable = yes domainz_sasl_security_options = noanonymous domainz_sasl_password_maps = hash:/etc/postfix/sas2_passwd domainz_use_tls = yes domainz_tls_security_level = encrypt domainz_tls_note_starttls_offer = yes domainz_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

and in my master.cf, I've appended a unix channel above the default smtp:

domainz unix - - n - 1 smtp smtp inet n - n - - smtpd

and in my sender_transport I have

@domainZ.com domainz: 1. Where do I enter the ses smtp of "email-smtp.us-east-1.amazonaws.com". I assume we need to hit "domainz:" so we can pass the correct sasl data to it. 2. Keep in mind that this is mail going out from the server, not in, so that's why I didn't set a transport_map. This is the error I'm getting when pushing out mail from @domainz: "status=bounced (Host or domain name not found. Name service error for name=domainz type=AAAA: Host not found)"; so before we can even get to amazon's SES host, I'm having an issue at the transport level that I can't seem to figure out.

Thanks, Mike


Solution

  • After nearly 24 hours of trying to solve this, I finally figured it out. I hope this helps whomever is looking to use this same method and doesn't have to go through the pain I just went through!

    So in my example above, domain x + y relayed through virtual aliases. For z we must use a transport, in this case it was a sender_dependent_relayhost_maps transport, so I can grab the sender and relay them through amazon SES.

    In main.cf, regardless of smtp/unix-socket, we straight up use SES standards:

    smtp_sasl_auth_enable=yes
    smtp_sasl_security_options=noanonymous
    smtp_sasl_password_maps=hash:/etc/postfix/sas
    smtp_use_tls=yes
    smtp_tls_security_level=encrypt
    smtp_tls_note_starttls_offer=yes
    smtp_tls_CAfile=/etc/ssl/certs/ca-bundle.crt
    

    In sender_dependent_relayhost_maps we use:

    @domainz.com   [email-smtp.us-east-1.amazonaws.com]:25
    

    The smtp_sasl_password_maps file stores the matching relay's user:key.

    And that's it!