Introduction
Many providers now block outbound connections on port 25, meaning a cPanel system would need to configure a Smarthost to allow outbound emails to function. This guide covers how to set up a Smarthost using Amazon SES.
Warning: When using Amazon SES as your Smarthost, you must verify ownership of every domain with which you want to send messages from your server. This means you'll need to manually update and maintain the AWS SES verification each time a domain is added or removed from the server.
You can learn more about this limitation here:
Amazon SES FAQ
Procedure
These settings can be done either from the command line or using the WHM Exim Configuration Manager under the Advanced Editor. The following guide will focus on how to do this through the WHM interface.
Note: These instructions are updated for cPanel & WHM version 108 and above.
- Navigate to the Advanced Editor tab in the WHM interface Home / Service Configuration / Exim Configuration Manager.
- On this page, you will need to add the following blocks of code to the following sections:
-
Section: PREROUTERS
Warning: The route_list URL "email-smtp.us-west-2.amazonaws.com" should be replaced by the appropriate endpoint you are using with SES
CONFIG_TEXT: send_via_ses:
driver = manualroute
domains = ! +local_domains : ! +manualmx_domains
.ifdef SRSENABLED
# if outbound, and forwarding has been done, use an alternate transport
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{ses_smtp} {ses_forwarded_smtp}}
.else
transport = ses_smtp
.endif
route_list = * email-smtp.us-west-2.amazonaws.com; -
Section: TRANSPORTSTART
CONFIG_TEXT: ses_smtp:
driver = smtp
port = 587
hosts_require_auth = *
hosts_require_tls = *
.ifdef SRSENABLED
ses_forwarded_smtp:
driver = smtp
hosts_require_auth = *
hosts_require_tls = *
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
.endif -
Section: AUTH
CONFIG_TEXT: ses_login:
driver = plaintext
public_name = LOGIN
client_send = : USERNAME : PASSWORDWarning: You must ensure you updated the client_send USERNAME and PASSWORD with the SMTP username and password provided by Amazon
-
- Go to the bottom of the page and click Save. The changes will be added to the Exim configuration and automatically restart the Exim service.
- Try sending a test email using one of the Webmail applications. If the email does not leave the server, you must examine the log at
/var/log/exim_mainlogto determine the cause of the issue.
Additional Information
Further information about the AWS SES Authentication and Verification process can be found here:
- Amazon Documentation - Sending Authorization Overview
- Amazon Documentation - Verify Address and Domains
Comments
0 comments
Article is closed for comments.