Introduction
Many providers now block outbound connections on port 25, which means that a cPanel system would need to configure a Smarthost to allow for outbound emails to function. This guide covers how to set up a Smarthost using Amazon SES.
Important Limitation
When using Amazon SES as your Smarthost, you must verify ownership of every domain that you want to send messages with from your server. This means that you'll need to manually update and maintain the AWS SES verification each time a domain is added or removed from the server.
You can learn more about this limitation here:
Further information about the AWS SES Authentication and Verification process can be found here:
- Amazon Documentation - Sending Authorization Overview
- Amazon Documentation - Verify Address and Domains
Procedure
These settings can be done either from the command line or using the WHM Exim Configuration Manager under the Advance Editor. The following guide will be the focus on how to do this through the WHM interface.
- Navigate to WHM / Exim Configuration Manager / Advanced Editor.
- On this page, you will need to add the following blocks of code to the following sections:
- Section: PREROUTERS
- On v108 and above
send_via_ses:
driver = manualroute
domains = ! +local_domains
.ifdef SRSENABLED
# if outbound, and forwarding has been done, use an alternate transport
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{ses_smtp} {ses_forwarded_smtp}}
.else
transport = ses_smtp
.endif
route_list = * email-smtp.us-west-2.amazonaws.com;email-smtp.us-west-2.amazonaws.com should be replaced by the appropriate endpoint you are using with SES: Regions and Amazon SES
- On v106 and below
send_via_ses:
driver = manualroute
domains = ! +local_domains
transport = ses_smtp
route_list = * email-smtp.us-west-2.amazonaws.com;email-smtp.us-west-2.amazonaws.com should be replaced by the appropriate endpoint you are using with SES: Regions and Amazon SES
- On v108 and above
- Section: TRANSPORTSTART
- On all servers
ses_smtp:
driver = smtp
port = 587
hosts_require_auth = *
hosts_require_tls = * - Additionally, on servers running v106
.ifdef SRSENABLED
ses_forwarded_smtp:
driver = smtp
hosts_require_auth = *
hosts_require_tls = *
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
.endif
- On all servers
- Section: AUTH
- On all servers:
ses_login:
driver = plaintext
public_name = LOGIN
client_send = : USERNAME : PASSWORD - NOTE: Make sure you updated your USERNAME and PASSWORD with your SMTP username and password.
- On all servers:
- Section: PREROUTERS
- Go to the bottom of the page and click "Save." The changes will get added to the Exim configuration and will automatically restart the Exim service.
- Try sending a test email using one of the Webmail applications. If the email does not leave the server, you must examine the /var/log/exim_mainlog file to determine the cause of the issue.