Virtual servers like EC2 usually get a random external IP address which is not suitable for outgoing SMTP. That’s because these “pool” IP addresses lack reverse DNS resolving, and their spam reputation is unknown because somebody before you may have used them to send out spam.
Still you need to be able to get email notifications from these machines because many vital services like the crontab, for example, send diagnostic emails to “root” or other local mailboxes, depending on the user that a cron job is being executed with.
One possible solution is to catch all mail sent to any email address (local or remote), forward it to Amazon Simple Email Service (SES), and let SES do the actual SMTP delivery for you.
Open the file “/etc/postfix/main.cf” and add the following two statements there:
smtp_generic_maps = regexp:/etc/postfix/email_rewrites alias_maps = regexp:/etc/postfix/email_rewrites
The first directive ensures that the “From” address is being rewritten to your single external destination email (read the docs), while the second directive forwards all locally delivered mail to the same single external email address (SF article). Note that if “alias_maps” directive already exists in the “main.cf” file, you need to comment it out.
You can configure the single external email address to forward to by creating the file “/etc/postfix/email_rewrites” and then putting the following in it:
Finally, execute the following commands, so that Postfix picks up the new configuration:
postmap /etc/postfix/email_rewrites /etc/init.d/postfix restart
If you decided to use Amazon SES for email delivery, there are a few additional steps to do:
- Verify the destination email address in Amazon SES.
- Integrate Amazon SES with Postfix.
- White-list the email in your mail provider (Gmail, for example), because the crontab system emails often get classified to the Junk folder.
If you are not using Postfix, then review the Amazon SES documentation about integration with other mail servers like Exim, Sendmail, Microsoft Exchange, etc.
March 18, 2019 at 8:09 pm
this mangles the From: header and you don’t know from which server the message came from. can you improve the settings to view the original sender user@server?
June 20, 2019 at 10:27 pm
Hi. I do this in the subject by adding the server’s hostname there. Here is what I have in “main.cf” additionally for this:
And then in the file “header_checks” I have:
P.S. Sorry for the late reply…