Skip to main content

How to Use Amazon SES as a Smarthost

Brian Jacobs
  • Updated

Introduction

Many providers now block outbound connections on port 25, meaning a cPanel system would need to configure a Smarthost to allow outbound emails to function. This guide covers how to set up a Smarthost using Amazon SES.

Important Limitation

When using Amazon SES as your Smarthost, you must verify ownership of every domain with which you want to send messages from your server. This means you'll need to manually update and maintain the AWS SES verification each time a domain is added or removed from the server.

You can learn more about this limitation here:

Amazon SES FAQ 

Further information about the AWS SES Authentication and Verification process can be found here:

 

Procedure

These settings can be done either from the command line or using the WHM Exim Configuration Manager under the Advance Editor. The following guide will focus on how to do this through the WHM interface.

  1.  Navigate to the "Advanced Editor" tab in the WHM interface "Home / Service Configuration / Exim Configuration Manager".
  2. On this page, you will need to add the following blocks of code to the following sections:
    • Section: PREROUTERS
      • On v108 and above
        send_via_ses: 
         driver = manualroute 
         domains = ! +local_domains  : ! +manualmx_domains
        .ifdef SRSENABLED
         # if outbound, and forwarding has been done, use an alternate transport
         transport = ${if eq {$local_part@$domain} \
                  {$original_local_part@$original_domain} \
                  {ses_smtp} {ses_forwarded_smtp}}
        .else
         transport = ses_smtp
        .endif
         route_list = * email-smtp.us-west-2.amazonaws.com;

        Please note that email-smtp.us-west-2.amazonaws.com should be replaced by the appropriate endpoint you are using with SES
        Regions and Amazon SES

      • On v106 and below
        send_via_ses: 
         driver = manualroute 
         domains = ! +local_domains : ! +manualmx_domains
         transport = ses_smtp 
         route_list = * email-smtp.us-west-2.amazonaws.com;

        Also, note that email-smtp.us-west-2.amazonaws.com should be replaced by the appropriate endpoint you are using with SES
        Regions and Amazon SES

    • Section: TRANSPORTSTART
      • On all servers
        ses_smtp: 
         driver = smtp 
         port = 587 
         hosts_require_auth = * 
         hosts_require_tls = *
      • Additionally, on servers running v108 and above:
        .ifdef SRSENABLED
        ses_forwarded_smtp:
         driver = smtp
         hosts_require_auth = *
         hosts_require_tls = *
         max_rcpt = 1
         return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
        .endif
    • Section: AUTH
      • On all servers:
        ses_login: 
         driver = plaintext 
         public_name = LOGIN 
         client_send = : USERNAME : PASSWORD
      • It is important to note that you must ensure you updated your USERNAME and PASSWORD with your SMTP username and password.
  3. Go to the bottom of the page and click "Save". The changes will be added to the Exim configuration and automatically restart the Exim service.
  4. Try sending a test email using one of the Webmail applications. If the email does not leave the server, you must examine the /var/log/exim_mainlog file to determine the cause of the issue.

Related articles