Project

General

Profile

Actions

Amazon SES for CiviCRM » History » Revision 13

« Previous | Revision 13/19 (diff) | Next »
Jon Goldberg, 05/06/2015 05:37 PM


Amazon SES for CiviCRM

Pre-requisites: DNS access

  • Have client sign up for Amazon AWS, which involves credit cards, identity verification, etc.
  • Ideally, have them click on "SES" at the AWS console, to do the phone verification.
  • Log onto AWS, select SES. Note that you only have sandbox access at this time.
  • Click on "SMTP Settings" on the left, record the server info, generate SMTP credentials and record those too.
  • Click on "Verified Senders: Domains". Click "Verify a new Domain". Enter the client's domain name; also click "Generate DKIM settings".
  • Download these credentials, don't just copy/paste from the screen, because they tend to get cut off.
  • Update the DNS with the verification credentials.
    • NOTE: This will take several hours (3-4?), even after DNS has propagated.
  • Also add your own e-mail address the the verified sender - email address list. This just requires receiving a verification email. You need this because while you're still in sandbox mode, you can only send to verified addresses. Note that if your normal mail account has greylisting, you'll probably want to use an alternate account here, like GMail.

You now have two options for SMTP setup:

SMTP direct from CiviCRM

  • Set up the SMTP Outbound settings in CiviCRM to use the Amazon SMTP server. If you do this, know that STARTTLS isn't supported, so prefix the SMTP server with ssl:// and select a port of 465.
  • Click "Save and Test".
  • You may not see an error on the page - so check the ConfigAndLog log for error messages if necessary.

SMTP relayed through Postfix (recommended)

Postfix will give higher performance on large mailings, and also does a much better job of handling resends, greylisting, etc. This should be implemented wherever possible.

  • Install Postfix.
  • Paste this at the bottom of /etc/postfix/main.cf:
    #jon@palantetech.coop SES setup
    relayhost = email-smtp.us-west-1.amazonaws.com:25
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_use_tls = yes
    smtp_tls_security_level = encrypt
    smtp_tls_note_starttls_offer = yes
    smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
    
    #jon@palantetech.coop rate limiting to 4 messages/second for now
    smtp_destination_rate_delay = 1s
    smtp_destination_concurrency_limit = 4
    
  • Create a file with credentials at /etc/postfix/sasl_passwd in the format:
    email-smtp.us-east-1.amazonaws.com:25 username:password
    
  • Run postmap /etc/postfix/sasl_passwd.

Bounce processing setup

See Set up local bounce processing.

Testing

  • To test bounce processing, set up a test group made up of at least one verified address and a test contact with the e-mail address "".
  • Send a mailing to that group. You can speed up testing by manually running the "Send Scheduled Mailings" and "Fetch Bounces" scheduled jobs.
  • Don't forget to request production access when you're done!

SPECIAL NOTE FOR EC2 INSTANCES

EC2 severely throttles outgoing mail on ports 25/465/587. You need to submit a request to Amazon to have this throttle lifted. This is separate from any user-configurable firewalling! You can do that (and set up PTR) here: https://portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request

Updated by Jon Goldberg over 9 years ago · 13 revisions

Also available in: PDF HTML TXT

Go to top