Me
Back
· 4 Min read

Amazon SES on Ubuntu x64 EC2 Instance

Post

.<TAB>aws-email:%1

If you understood what that title meant, then this article is for you.

Unsatisfied with share server hosting, I’ve been transitioning my website to AWS for the past two weeks are so, and I’ve learned a lot in the process. One big hurdle is getting email working on these EC2 servers; since Amazon pretty much blocked sendmail (ie. spamming in the cloud), the route forward is to use Amazon Simple Email Service, something which I found out is anything but simple during setup. So I’m putting up a guide on how to add it to your EC2 machines.

  1. Signup for the service here then download all the Amazon SES scripts here. Extract and upload scripts to your AMI (I prefer /opt/third-party/amazon/ses).
  2. Create a symbolic link for perl to find SES.pm:
sudo ln -s /opt/third-party/amazon/ses/SES.pm /usr/lib/perl5/SES.pm
  1. Change permissions on the perl scripts for execution:
sudo chmod +x ses-*
  1. Check to see if you have all the required perl modules installed. If you get an error, then you need to apt-get it:
perl -e 'use Crypt::SSLeay'
perl -e 'use Digest::SHA'
perl -e 'use Bundle::LWP'
perl -e 'use LWP::Protocol::https'
perl -e 'use MIME::Base64'
perl -e 'use Crypt::SSLeay'
perl -e 'use XML::LibXML'

I installed libxml-libxml-perl from apt (the only one that is missing). I also went ahead and installed libssl-dev (due to step 5). 5. I removed libcrypt-ssleay-perl since it’s incompatible with the current amazon script. The only current way to get the updated version is through CPAN since the last time the maintainer updated this package was in 2009. ugh. 6. Add the updated perl module via CPAN:

perl -MCPAN -e 'install LWP::Protocol::https'

This command will take a while to work as it has a lot of dependencies. 7. Create a file called aws-credentials and place this in its contents:

AWSAccessKeyId=<access key found in account profile>
AWSSecretKey=<secret key found in account profile>

Be sure to change permissions on this file so only you can see it (sudo chmod 0400 aws-credentials). 8. Run a test to see if everything works:

sudo ./ses-get-stats.pl -k aws-credentials -s

If you get nothing, then that just means there’s nothing to report. It’s working. 9. You can try sending an email to yourself by first verifying your email first, then sending a message:

sudo ./ses-verify-email-address.pl -v [email protected] -k aws-credentials
sudo ./ses-send-email.pl -s "testing" -f [email protected] [email protected] -k aws-credentials

Press enter and start typing your message. Once complete, Press Ctrl+D to end and send. You should see an email to your inbox. 10. Finally, to make everything play nice with sendmail, go ahead and add this to the end of the file (/etc/mail/sendmail.cf):

Maws-email, P=/opt/third-party/amazon/ses/ses-send-email.pl, F=mDFMuXn, U=mail, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, A=ses-send-email.pl -r -k /opt/third-party/amazon/ses/aws-credentials -e https://email.us-east-1.amazonaws.com -f $f $u

Also add this to the file. Apparently, ubuntu’s sendmail is not configured to read from the mailertable:

Kaccess hash -T /etc/mail/access
...
# Mailer table (overriding domains) Kmailertable hash -o /etc/mail/mailertable ...
# Configuration version number

Customize if needed. Then create a /etc/mail/mailertable file if it doesn’t exist and add this:

.<TAB>aws-email:%1

Note that it’s a “.” followed by a tab, then “aws-email:%1”. Save and build the mailertable database:

sudo makemap hash /etc/mail/mailertable < /etc/mail/mailertable

Restart sendmail and test:

sudo sendmail -bv [email protected]

You should see a deliverable message if it’s successful.