Forwarding received mail through AWS SES

[Yasuhiro KIMURA]

Hello,

I use Debian 9 on AWS EC2. If mail is sent directly from EC2 host then
some mail service provider such as Gmail rejects receiving it. So I set up
so that mail is sent through AWS SES with following steps.

1. Obtain SES SMTP credential accoring to following document
   https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
2. Verify domain with SES accoring to following document
   
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domain-procedure.html
3. Move the domain out of SES sandbox accoring to following document
   
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html
4. Set up postfix to following document
   https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html

And postfix is configured so that 'postconf -n' shows as following.

--
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = yes
biff = no
compatibility_level = 2
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
milter_default_action = accept
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = email-smtp.us-east-1.amazonaws.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination 
check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noplaintext,noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_cert_file = /etc/letsencrypt/live/examle.org/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/letsencrypt/live/examle.org/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
--

And with this settings I confirmed that mail is successfully delivered
from the EC2 host to destination that mail is rejected if delivered
directly.

But if I try to forward mail sent from outside to this host by using
~/.forward or something else, then SES rejects such mail with
following log messages.

--
Jan 19 14:53:32 server postfix/smtpd[19403]: connect from 
gate.example.com[10.0.0.1]
Jan 19 14:53:32 server postfix/smtpd[19403]: Anonymous TLS connection 
established from gate.example.com[10.0.0.1]: TLSv1.2 with cipher 
ADH-AES256-GCM-SHA384 (256/256 bits)
Jan 19 14:53:32 server postfix/smtpd[19403]: 629A74F3: 
client=gate.example.com[10.0.0.1]
Jan 19 14:53:32 server postfix/cleanup[19410]: 629A74F3: 
message-id=<20190119055330.77ad850...@mail.example.com>
Jan 19 14:53:36 server postfix/qmgr[16757]: 629A74F3: from=, 
size=1495, nrcpt=1 (queue active)
Jan 19 14:53:36 server postfix/smtpd[19403]: disconnect from 
gate.example.com[10.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 
commands=7
Jan 19 14:53:36 server postfix/local[19411]: 629A74F3: to=, 
relay=local, delay=4.1, delays=4.1/0.01/0/0, dsn=2.0.0, status=sent (delivered 
to maildir)
Jan 19 14:53:36 server postfix/cleanup[19410]: 7FF264F4: 
message-id=<20190119055330.77ad850...@mail.example.com>
Jan 19 14:53:36 server postfix/qmgr[16757]: 7FF264F4: from=, 
size=2199, nrcpt=2 (queue active)
Jan 19 14:53:36 server postfix/local[19411]: 629A74F3: to=, 
relay=local, delay=4.1, delays=4.1/0.01/0/0.01, dsn=2.0.0, status=sent 
(forwarded as 7FF264F4)
Jan 19 14:53:36 server postfix/qmgr[16757]: 629A74F3: removed
Jan 19 14:53:38 server postfix/smtp[19412]: Trusted TLS connection established 
to email-smtp.us-east-1.amazonaws.com[23.23.175.128]:587: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 19 14:53:39 server postfix/smtp[19412]: 7FF264F4: to=, 
orig_to=, 
relay=email-smtp.us-east-1.amazonaws.com[23.23.175.128]:587, delay=2.7, 
delays=0.01/0.02/1.8/0.85, dsn=5.0.0, status=b

Re: Forwarding received mail through AWS SES

[Christos Chatzaras]

AWS EC2 IPs may have low reputation to e-mail providers, so is not recommended 
to send e-mails using these IPs.

Also AWS SES frequently have issues with RBLs. I wouldn't use it if you use 
reliable delivery. It's good for newsletters because it has low cost compared 
to other services and when you don't care if some e-mails are not delivered.

My recommendation is to setup a VPS (from a company that has clean network) 
with multiple IPs if you need to send a lot of messages and use postfix relay 
with randmap to balance the outgoing messages between the IPs.

unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

[Jan P. Kessler]

Hi postfix-users,

today I have the pleasure to update sparc some machines, that haven't
been touched for more than 2.5 years :/

The systems use sunstudio compiler. Openssl, bind, ... went fine but
now, as it comes to postfix, I'm failing. The build scripts are in use
since long time, and worked fine until the last update (postfix 2.11.4).
Now with 3.3.2 the build breaks with the following error:

$ make makefiles CC=/opt/SUNWspro/bin/cc CXX=/opt/SUNWspro/bin/cc  
CCARGS="-DHAS_DB -DUSE_TLS -DHAS_PCRE -DHAS_CDB
-I/opt/custom/libs/bdb/include -I/opt/custom/libs/ssl/include
-I/opt/custom/libs/pcre/include -I/opt/custom/libs/cdb/include"  
AUXLIBS="-R/opt/custom/libs/bdb/lib -R/opt/custom/libs/ssl/lib
-R/opt/custom/libs/pcre/lib -L/opt/custom/libs/bdb/lib
-L/opt/custom/libs/ssl/lib -L/opt/custom/libs/pcre/lib
/opt/custom/libs/cdb/lib/libcdb.a -ldb -lssl -lcrypto -lpcre"

rm -f libexec/post-install && ln -f conf/post-install libexec/post-install
rm -f libexec/postfix-files && ln -f conf/postfix-files
libexec/postfix-files
rm -f libexec/postfix-script && ln -f conf/postfix-script
libexec/postfix-script
rm -f libexec/postfix-wrapper && ln -f conf/postfix-wrapper
libexec/postfix-wrapper
rm -f libexec/main.cf && ln -f conf/main.cf libexec/main.cf
rm -f libexec/master.cf && ln -f conf/master.cf libexec/master.cf
rm -f libexec/postmulti-script && ln -f conf/postmulti-script
libexec/postmulti-script
set -e; for i in src/util src/global src/dns src/tls src/xsasl
src/milter src/master  src/postfix src/fsstone src/smtpstone 
src/sendmail src/error src/pickup src/cleanup src/smtpd src/local 
src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce  src/pipe
src/showq src/postalias src/postcat src/postconf src/postdrop 
src/postkick src/postlock src/postlog src/postmap src/postqueue 
src/postsuper src/qmqpd src/spawn src/flush src/verify  src/virtual
src/proxymap src/anvil src/scache src/discard src/tlsmgr  src/postmulti
src/postscreen src/dnsblog src/tlsproxy  src/posttls-finger; do \
(set -e; echo "[$i]"; cd $i; make 'CC=/opt/SUNWspro/bin/cc -I.
-I../../include -DHAS_DB -DUSE_TLS -DHAS_PCRE -DHAS_CDB
-I/opt/custom/libs/bdb/include -I/opt/custom/libs/ssl/include
-I/opt/custom/libs/pcre/include -I/opt/custom/libs/cdb/include
-DNO_NISPLUS -Dstrcasecmp=fix_strcasecmp
-Dstrncasecmp=fix_strncasecmp -Wmissing-prototypes -Wformat
-Wno-comment' update MAKELEVEL=) || exit 1; \
done

[src/util]
/opt/SUNWspro/bin/cc -I. -I../../include -DHAS_DB -DUSE_TLS -DHAS_PCRE
-DHAS_CDB -I/opt/custom/libs/bdb/include -I/opt/custom/libs/ssl/include
-I/opt/custom/libs/pcre/include -I/opt/custom/libs/cdb/include
-DNO_NISPLUS -Dstrcasecmp=fix_strcasecmp   
-Dstrncasecmp=fix_strncasecmp -Wmissing-prototypes -Wformat -Wno-comment
-g -O -I. -DSUNOS5 -c alldig.c
cc: illegal option -Wmissing-prototypes
*** Error code 1
make: Fatal error: Command failed for target `alldig.o'
Current working directory
/export/home/install/compile/postfix/postfix-2.11.7/src/util
*** Error code 1
make: Fatal error: Command failed for target `update'

 
Below some system information. It would be nice, if you could give me a
clue. Maybe it is of interest, that I found another old source archive
of postfix-2.11.7.tar.gz in that home of that user. Trying to build
that, it fails with the same error. So I guess that there's been a
change between 2.11.4 and 2.11.7. Neither libs nor compiler were
changed, except openssl that build successfully for the current
openssl-1.0.2q. postfix-2.11.4 still builds fine without errors on that
system. I know that the cc-version is ancient, but it would be great if
is somehow possible to keep the build environment - any chance?

$ /opt/SUNWspro/bin/cc -V
cc: Sun C 5.9 SunOS_sparc 2007/05/03
usage: cc [ options] files.  Use 'cc -flags' for details

$ uname -a
SunOS gv-vmail-201 5.10 Generic_14-03 sun4v sparc SUNW,T5140

Kind regards
  Jan

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

[Jan P. Kessler]

Hello,

I'm sorry for line breaks and showing the wrong output. It's not easy to
get that information here. Hope this will be readable.

### make makefiles finished; performing make ###

 
rm -f meta/main.cf.proto && ln -f conf/main.cf meta/main.cf.proto
rm -f meta/master.cf.proto && ln -f conf/master.cf meta/master.cf.proto
rm -f meta/postfix-files
(if [ "no" = "no" -o "no" = "" ]; then \
    sed -e '/^\$shlib_directory/d' \
    -e '/dynamicmaps.cf/d' conf/postfix-files; \
elif [ "" = ":" -o "" = "" ]; then \
    sed -e '/dynamicmaps.cf/d' \
    -e '/^\$shlib_directory\/\${LIB_PREFIX}/d' \
    conf/postfix-files | sed -e "s;\${LIB_PREFIX};;"  -e
"s;\${LIB_SUFFIX};.a;"; \
else \
    sed -e "s;\${LIB_PREFIX};;"  -e "s;\${LIB_SUFFIX};.a;"
conf/postfix-files | awk -F: ' \
    BEGIN { \
    count = split("'"db pcre cdb dev_urandom"'", names, " "); \
    for (n = 1; n <= count; n++) \
    have["$shlib_directory/" names[n] \
    ".a"] = 1; } \
    /^[$]shlib_directory./ { \
    if (have[$1]) print; next } \
    { print } \
    '; \
fi) | case "" in \
*) cat;; \
esac > meta/postfix-files
grep -v SHLIB_ENV conf/makedefs.out > meta/makedefs.out
rm -f libexec/post-install && ln -f conf/post-install
libexec/post-install
rm -f libexec/postfix-script && ln -f conf/postfix-script
libexec/postfix-script
rm -f libexec/postfix-wrapper && ln -f conf/postfix-wrapper
libexec/postfix-wrapper
rm -f libexec/postmulti-script && ln -f conf/postmulti-script
libexec/postmulti-script
rm -f libexec/postfix-tls-script && ln -f conf/postfix-tls-script
libexec/postfix-tls-script
set -e; for i in src/util src/global src/dns src/tls src/xsasl
src/master src/milter  src/postfix src/fsstone src/smtpstone 
src/sendmail src/error src/pickup src/cleanup src/smtpd src/local 
src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce  src/pipe
src/showq src/postalias src/postcat src/postconf src/postdrop 
src/postkick src/postlock src/postlog src/postmap src/postqueue 
src/postsuper src/qmqpd src/spawn src/flush src/verify  src/virtual
src/proxymap src/anvil src/scache src/discard src/tlsmgr 
src/postmulti src/postscreen src/dnsblog src/tlsproxy 
src/posttls-finger; do \
(set -e; echo "[$i]"; cd $i; make 'WARN=-Wmissing-prototypes
-Wformat -Wno-comment' update MAKELEVEL=) || exit 1; \
done
[src/util]
/opt/SUNWspro/bin/cc -I. -I../../include -DHAS_DB -DUSE_TLS
-DHAS_PCRE -DHAS_CDB -I/opt/custom/libs/bdb/include
-I/opt/custom/libs/ssl/include -I/opt/custom/libs/pcre/include
-I/opt/custom/libs/cdb/include -DNO_NISPLUS
-Dstrcasecmp=fix_strcasecmp  
-Dstrncasecmp=fix_strncasecmp -DNO_EAI -DDEF_SMTPUTF8_ENABLE=\"no\"
-DHAS_DEV_URANDOM -UUSE_DYNAMIC_LIBS -DDEF_SHLIB_DIR=\"no\"
-UUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment  -g -O
-I. -DSUNOS5 -c alldig.c
cc: illegal option -Wmissing-prototypes
*** Error code 1
make: Fatal error: Command failed for target `alldig.o'
Current working directory
/export/home/install/compile/postfix/postfix-3.3.2/src/util
*** Error code 1
make: Fatal error: Command failed for target `update'


Build-Script:

#!/bin/bash

# compiler
MYLIB=/opt/custom/libs
MYPATH=/opt/SUNWspro/bin
MYCC=/opt/SUNWspro/bin/cc
MYCXX=/opt/SUNWspro/bin/cc
MYLIBS="-R${MYLIB}/bdb/lib -R${MYLIB}/ssl/lib -R${MYLIB}/pcre/lib
-L${MYLIB}/bdb/lib -L${MYLIB}/ssl/lib -L${MYLIB}/pcre/lib
${MYLIB}/cdb/lib/libcdb.a"
MYINCL="-I${MYLIB}/bdb/include -I${MYLIB}/ssl/include
-I${MYLIB}/pcre/include -I${MYLIB}/cdb/include"


PATH=$MYPATH:${MYLIB}/ssl/bin:/usr/ccs/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/dt/bin:/usr/platform/SUNW,T5140/sbin:/opt/sun/bin:/opt/SUNWldm/bin
unset LD_LIBRARY_PATH

make tidy
make makefiles CC=$MYCC CXX=$MYCXX \
  CCARGS="-DHAS_DB -DUSE_TLS -DHAS_PCRE -DHAS_CDB ${MYINCL}" \
  AUXLIBS="${MYLIBS} -ldb -lssl -lcrypto -lpcre"
echo; echo; echo "### make makefiles finished; performing make ###";
echo
sleep 4
make
exit 




Thanks, Jan

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

[Wietse Venema]

Jan P. Kessler:
> -UUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment? -g -O
> -I. -DSUNOS5 -c alldig.c
> cc: illegal option -Wmissing-prototypes

Try:

make makefiles ...optional arguments...
make WARN=

Sorry, I haven't built with /opt/SUNWspro/bin/cc for ~10 years.

Wietse

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

[Jan P. Kessler]

> Try: make makefiles ...optional arguments... make WARN= Sorry, I
> haven't built with /opt/SUNWspro/bin/cc for ~10 years. Wietse 

No problem. Seems like it's time for a change. After emptying WARN it
looked promising, but then the build broke here:

"milter.c", line 621: non-constant initializer involving a cast
"milter.c", line 622: non-constant initializer involving a cast
"milter.c", line 623: non-constant initializer involving a cast
"milter.c", line 627: non-constant initializer involving a cast
"milter.c", line 628: non-constant initializer involving a cast
cc: acomp failed for milter.c
*** Error code 2
make: Fatal error: Command failed for target `milter.o'
Current working directory
/export/home/install/compile/postfix/postfix-3.3.2/src/milter
*** Error code 1
make: Fatal error: Command failed for target `update'



I've managed to bring a gcc 4 to the system. Now everything works as
expected. Should have sold them more than 2h. You should really feel
ashamed for not supporting a 12 year old compiler suite anymore ;-)

Thank you for postfix and advice. R.I.P. sunstudio
   Jan

Re: Query about restriction scenario in RESTRICTION_CLASS_README

[Matus UHLAR - fantomas]

On Thu, Jan 17, 2019 at 11:22:46AM -0500, Bill Cole wrote:

You truly need to ask whoever runs that other server to explain why they
believe your server is misconfigured if you want a definitive answer.


On 18.01.19 07:06, Mayuresh wrote:

This is certainly strangest of the mailing lists I ever participated in. I
am certainly signing off right away.

All I wanted was some experience sharing with people who may have faced
similar issues.

Even a statement like there is no problem with your conf, the other
servers are sometimes unreasonable could have helped.


you should understand that it's hard for us to know why does gmail say that
your mail server is misconfigured. Especially when you haven't provided any
such message.

It's gmail or other servers who say that and we (at least some of us) don't
maintain gmail servers.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!

Re: Forwarding received mail through AWS SES

[Yasuhiro KIMURA]

From: Christos Chatzaras 
Subject: Re: Forwarding received mail through AWS SES
Date: Sat, 19 Jan 2019 12:35:58 +0200

> AWS EC2 IPs may have low reputation to e-mail providers, so is not 
> recommended to send e-mails using these IPs.
> 
> Also AWS SES frequently have issues with RBLs. I wouldn't use it if you use 
> reliable delivery. It's good for newsletters because it has low cost compared 
> to other services and when you don't care if some e-mails are not delivered.
> 
> My recommendation is to setup a VPS (from a company that has clean network) 
> with multiple IPs if you need to send a lot of messages and use postfix relay 
> with randmap to balance the outgoing messages between the IPs.

Thank you for reply. Then I consider VPS instead of AWS EC2 and SES.

---
Yasuhiro KIMURA

Re: Forwarding received mail through AWS SES

[Bill Cole]

On 19 Jan 2019, at 4:03, Yasuhiro KIMURA wrote:


Hello,

I use Debian 9 on AWS EC2. If mail is sent directly from EC2 host then
some mail service provider such as Gmail rejects receiving it. So I 
set up

so that mail is sent through AWS SES with following steps.

1. Obtain SES SMTP credential accoring to following document
   https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
2. Verify domain with SES accoring to following document
   
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domain-procedure.html
3. Move the domain out of SES sandbox accoring to following document
   
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html
4. Set up postfix to following document
   https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html


Notably missing from that list:

"Receiving Email with Amazon SES"
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email.html

Which seems critical if you want SES to accept mail for you.


And postfix is configured so that 'postconf -n' shows as following.


[...]

And with this settings I confirmed that mail is successfully delivered
from the EC2 host to destination that mail is rejected if delivered
directly.

But if I try to forward mail sent from outside to this host by using
~/.forward or something else, then SES rejects such mail with
following log messages.


Yes, which is *probably* because ~/.forward or aliases use 'transparent' 
forwarding, using the same SMTP envelope sender as the incoming message 
and making no modifications to the message itself except to add a 
Received header.


Because it is an Amazon SES machine which is rejecting the forwarded 
email, only Amazon can provide a definitive answer to your query of how 
to make this work. You may need to modify the SMTP envelope sender to an 
address in your domain, you may need to modify headers, you may need to 
set up DKIM signing, or do something else Amazon-specific.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

Re: unsuccessful build of postfix 3.3.2 on solaris (sparc) with sunstudio compiler

[Wietse Venema]

Jan P. Kessler:
> 
> > Try: make makefiles ...optional arguments... make WARN= Sorry, I
> > haven't built with /opt/SUNWspro/bin/cc for ~10 years. Wietse 
> 
> No problem. Seems like it's time for a change. After emptying WARN it
> looked promising, but then the build broke here:
> 
> "milter.c", line 621: non-constant initializer involving a cast

That is a compiler bug.

620 static ATTR_OVER_TIME time_table[] = {
621 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,

VAR_MILT_CONN_TIME is a constant ("milter_connect_timeout") therefore
7 + VAR_MILT_CONN_TIME ("connect_timeout") is a constant.

This code was introduced in Postfix 3.0, and by that time I no
longer had a SUN compiler to play with at work, otherwise I might
have found a workaround.

Wietse

Re: logfile support for MacOS

[John Stoffel]

> "Wietse" == Wietse Venema  writes:

Wietse> John Stoffel:
>> > "Wietse" == Wietse Venema  writes:
>> 
Wietse> I'm implementing logfile support for Postfix on MacOS, because not
Wietse> providing results in a bad experience.
>> 
Wietse> This is a retrofit workaround, therefore it will have limitations
Wietse> that do not exist with the default syslog-based implementation.
>> 
>> Why not just provide a syslog daemon configured for only Postfix use
>> on MACs?

Wietse> Sorry, I will not support syslogd or other non-Postfix programs.

I can understand that, but I was more thinking of writing a syslogd
compatible receiver for macOS, so that you dno't have to change all
the rest of the postfix base.  Yes, it's not ideal, but supporting
MACs isn't ideal these days either.

John

Re: Forwarding received mail through AWS SES

[Durga Prasad Malyala]

On Sat, Jan 19, 2019, 23:26 Yasuhiro KIMURA  From: Christos Chatzaras 
> Subject: Re: Forwarding received mail through AWS SES
> Date: Sat, 19 Jan 2019 12:35:58 +0200
>
> > AWS EC2 IPs may have low reputation to e-mail providers, so is not
> recommended to send e-mails using these IPs.
> >
> > Also AWS SES frequently have issues with RBLs. I wouldn't use it if you
> use reliable delivery. It's good for newsletters because it has low cost
> compared to other services and when you don't care if some e-mails are not
> delivered.
> >
> > My recommendation is to setup a VPS (from a company that has clean
> network) with multiple IPs if you need to send a lot of messages and use
> postfix relay with randmap to balance the outgoing messages between the IPs.
>
> Thank you for reply. Then I consider VPS instead of AWS EC2 and SES.
>
> ---
> Yasuhiro KIMURA
>

Correct. I would recommend linode or digitalocean any time over AWS SES.
AWS is a good option for heavy transactional mail alerts etc.

Cheers/DP

>

Re: Forwarding received mail through AWS SES

[Antonio Leding]

FWIW - I’ve been using AWS for outbound SMTP well over 5 years with no 
issues…maybe one-time have I bad an email rejected due to blacklisting…and this 
was resolved within 30 minutes…



> On Jan 19, 2019, at 7:13 PM, Durga Prasad Malyala  
> wrote:
> 
> 
> On Sat, Jan 19, 2019, 23:26 Yasuhiro KIMURA   wrote:
> From: Christos Chatzaras mailto:ch...@cretaforce.gr>>
> Subject: Re: Forwarding received mail through AWS SES
> Date: Sat, 19 Jan 2019 12:35:58 +0200
> 
> > AWS EC2 IPs may have low reputation to e-mail providers, so is not 
> > recommended to send e-mails using these IPs.
> > 
> > Also AWS SES frequently have issues with RBLs. I wouldn't use it if you use 
> > reliable delivery. It's good for newsletters because it has low cost 
> > compared to other services and when you don't care if some e-mails are not 
> > delivered.
> > 
> > My recommendation is to setup a VPS (from a company that has clean network) 
> > with multiple IPs if you need to send a lot of messages and use postfix 
> > relay with randmap to balance the outgoing messages between the IPs.
> 
> Thank you for reply. Then I consider VPS instead of AWS EC2 and SES.
> 
> ---
> Yasuhiro KIMURA
> 
> Correct. I would recommend linode or digitalocean any time over AWS SES. AWS 
> is a good option for heavy transactional mail alerts etc. 
> 
> Cheers/DP

Re: Forwarding received mail through AWS SES

[Antonio Leding]

Clarifying - I have both SES and EC2.  EC2 is my main postfix box but the SMTP 
side is a backup for SES which is my main outbound email…


> On Jan 19, 2019, at 7:16 PM, Antonio Leding  wrote:
> 
> FWIW - I’ve been using AWS for outbound SMTP well over 5 years with no 
> issues…maybe one-time have I bad an email rejected due to blacklisting…and 
> this was resolved within 30 minutes…
> 
> 
> 
>> On Jan 19, 2019, at 7:13 PM, Durga Prasad Malyala > > wrote:
>> 
>> 
>> On Sat, Jan 19, 2019, 23:26 Yasuhiro KIMURA >  wrote:
>> From: Christos Chatzaras mailto:ch...@cretaforce.gr>>
>> Subject: Re: Forwarding received mail through AWS SES
>> Date: Sat, 19 Jan 2019 12:35:58 +0200
>> 
>> > AWS EC2 IPs may have low reputation to e-mail providers, so is not 
>> > recommended to send e-mails using these IPs.
>> > 
>> > Also AWS SES frequently have issues with RBLs. I wouldn't use it if you 
>> > use reliable delivery. It's good for newsletters because it has low cost 
>> > compared to other services and when you don't care if some e-mails are not 
>> > delivered.
>> > 
>> > My recommendation is to setup a VPS (from a company that has clean 
>> > network) with multiple IPs if you need to send a lot of messages and use 
>> > postfix relay with randmap to balance the outgoing messages between the 
>> > IPs.
>> 
>> Thank you for reply. Then I consider VPS instead of AWS EC2 and SES.
>> 
>> ---
>> Yasuhiro KIMURA
>> 
>> Correct. I would recommend linode or digitalocean any time over AWS SES. AWS 
>> is a good option for heavy transactional mail alerts etc. 
>> 
>> Cheers/DP
>