Amazon SES SMTP Outbound Email Configuration with SSMTP on Debian

Configure SSMTP to send emails via Amazon SES.

Before We Begin

This article assumes you already have the following:

  1. AWS SES account configured for production access.
  2. A verified AWS SES sender (i.e. [email protected]).
  3. An IAM user’s credentials with at least the following permissions set:
{ "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:CreateAccessKey",
        "iam:CreateUser",
        "iam:PutUserPolicy"
      ],
      "Resource": [ "*" ]
    }]
}

Installation (Debian Wheezy)

Install awscli:

# apt-get install python2.7 python-pip
# pip install awscli

Configuration

Configure awscli if using for the first time:

$ aws configure
AWS Access Key ID [****************1234]: 
AWS Secret Access Key [****************ABCD]: 
Default region name [eu-west-1]: 
Default output format [text]: json

Create a SES user policy:

$ cat > ./sespolicy.json EOL
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ses:SendRawEmail",
      "Resource": "*"
    }
  ]
}
EOL

Create a new IAM user for SES:

$ aws iam create-user --user-name SES-USER
{
    "User": {
        "UserName": "SES-USER", 
        "Path": "/", 
        "CreateDate": "2014-10-14T14:52:34.455Z", 
        "UserId": "AIDAJ33BKAWUSF2MVOD3Q", 
        "Arn": "arn:aws:iam::297649722856:user/SES-USER"
    }
}

Add a SES policy:

$ aws iam put-user-policy --user-name SES-USER --policy-name SESPOLICY --policy-document file://sespolicy.json

Create access keys:

$ aws iam create-access-key --user-name SES-USER
{
    "AccessKey": {
        "UserName": "SES-USER", 
        "Status": "Active", 
        "CreateDate": "2014-10-14T14:53:00.375Z", 
        "SecretAccessKey": "Fu923JvUYN6MeMg5h5fc9WlTGQMhSPt6La6X755t", 
        "AccessKeyId": "AKIAJWOBYL2QRQQUVFXQ"
    }
}

Obtaining Amazon SES SMTP Credentials by Converting AWS Credentials (in BASH)

Script requires OpenSSL.

# apt-get install openssl

Generate SES SMTP credentials from AWS SecretAccessKey:

$ cat ./ses-smtp-conv.sh
#!/bin/bash
# written by Tomas Nevar (www.lisenet.com)
# 14/10/2014 (dd/mm/yy)
# copyleft free software
#
# Many thanks to: 
# http://blog.celingest.com/en/2014/02/12/new-ses-endpoints-creating-ses-credentials-iam-users/

# Check for OpenSSL installation, exit if not present
type openssl >/dev/null 2>&1 || { echo >&2 "I require OpenSSL, but it's not installed. Aborting."; exit 1; };

# If you want to provide the AWS keys below rather than supplying on a CLI,
# you can do so and comment out everything in between dashes (#---)
#IAMUSER="";
#IAMSECRET="";

#--------------------------------------------
IAMUSER="$1";
IAMSECRET="$2";

if [ "$#" -ne "2" ];then
  echo "Usage: ./ses-smtp-conv.sh  ";
  echo "Alternatively, you can put the AWS keys in the script.";
  exit 1
fi
#--------------------------------------------

# You do not need to modify anything below this line
MSG="SendRawEmail";
VerInBytes="2";
VerInBytes=$(printf \\$(printf '%03o' "$VerInBytes"));

SignInBytes=$(echo -n "$MSG" | openssl dgst -sha256 -hmac "$IAMSECRET" -binary);
SignAndVer=""$VerInBytes""$SignInBytes"";
SmtpPass=$(echo -n "$SignAndVer"|base64);

echo "SMTP User: ""$IAMUSER";
echo "SMTP Pass: ""$SmtpPass";

exit 0
$ ./ses-smtp-conv.sh
SMTP User: AKIAJWOBYL2QRQQUVFXQ
SMTP Pass: AqXIiv3i1pvh0eL3bTx5Sgg6aLQgF9pPBcyBpake/c0C

Note: you can also obtain Amazon SES SMTP credentials by using the Amazon SES console.

Configuring SSMTP and Sending a Test email

Install SSMTP and heirloom-mailx (an intelligent mail processing system):

# apt-get install ssmtp heirloom-mailx
# cat > /etc/ssmtp/ssmtp.conf EOL
[email protected]
mailhub=email-smtp.us-east-1.amazonaws.com:465
AuthUser=AKIAJWOBYL2QRQQUVFXQ
AuthPass=AqXIiv3i1pvh0eL3bTx5Sgg6aLQgF9pPBcyBpake/c0C
UseTLS=YES
AuthMethod=LOGIN
FromLineOverride=YES
EOL
$ echo test | mail -v -s "testing ssmtp setup" -r [email protected] [email protected]
[<-] 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-871993721 qbd1g98DBizYgNNflWpP [->] EHLO debian
[<-] 250 Ok [->] AUTH LOGIN
[<-] 334 VXNlcm5hbWU6 [->] QUtJQUpXT0JZTDJRUlFRVVZGWFE=
[<-] 334 UGFzc3dvcmQ6
[<-] 235 Authentication successful. [->] MAIL FROM:<[email protected]>
[<-] 250 Ok [->] RCPT TO:<[email protected]>
[<-] 250 Ok [->] DATA
[<-] 354 End data with .
[->] Received: by debian (sSMTP sendmail emulation); Tue, 14 Oct 2014 15:56:04 +0100
[->] Date: Tue, 14 Oct 2014 15:56:04 +0100
[->] From: [email protected]
[->] To: [email protected]
[->] Subject: testing ssmtp setup
[->] Message-ID: <[email protected]>
[->] User-Agent: Heirloom mailx 12.5 6/20/10
[->] MIME-Version: 1.0
[->] Content-Type: text/plain; charset=us-ascii
[->] Content-Transfer-Encoding: 7bit
[->] 
[->] test
[->] .
[<-] 250 Ok 000001490f28b40a-8a1ff40b-53e7-4213-a277-b7256887725a-000000 [->] QUIT
[<-] 221 Bye

Leave a Reply

Your email address will not be published. Required fields are marked *