A puppet module for configuring postfix for amazon_ses.
Repository Puppet Puppet Download
puppet module install landcareresearch-amazon_ses --version 6.0.0
Configures and sets up postfix to integrate with Amazon Simple Email Service (Amazon SES).
The module installs postfix and configures it to relay smtp to the Amazon SES smtp server.
It uses the self-signed certs for TLS authentication with Amazon SES. By default it connects to
port 587 as this port does not have any restrictions. Port 25 by default limits 1 email per minute,
if you choose port 25, make sure you apply for that restriction to be removed from your domain.
The intention of this module is to reduce the startup and configuration time of integration with Amazon SES and to avoid simple postfix configuration errors.
The current release is supported for Debian and Redhat based systems with Ubuntu as the tested platform.
In order to use Amazon SES, you must login to your Amazon account and do the following.
Go to the following link and sign up. (sign-up-for-aws)
Create a SMTP user which is separate from your existing IAM users. The new user can be created via:
SES -> smtp settings -> 'Create My SMTP Credentials' button.
Take note of the username and password which will used by this module.
In order to test this module (once installed on your amazon ec2 instance), verify at least one email address that will be the recipient of your testing. (verify-email-addresses)
In order to test this module (once installed), verify the domain that emails will be sent from. Amazon's SMTP servers will reject emails from unverified domains. So this is a very important step in order to start testing Amazon SES. See the following guide: (verify-domains)
Your Amazon SES instance is by default setup in a sandbox. Once a domain and emails have been verified, you can start sending emails (only to the verified addresses). This obviously is limiting and only useful in a testing environment. Once you are ready to move to production, you need to apply for production level access which has no restriction on recipient addresses.
Follow this guide to apply for production access: (request-production-access)
To install postfix with Amazon SES configuration with the default parameters.
class { 'amazon_ses':
domain => 'test.com',
smtp_username => 'USERNAME',
smtp_password => 'PASSWORD',
}
###Classes and Defined Types
This module modifies the postfix configuration files and replaces the main configuration file.
####Class: amazon_ses
The amazon_ses module's primary class, amazon_ses
, guides the basic setup of postfix on your system enabled for Amazon SES.
Parameters within amazon_ses
:
#####domain
The domain of your web site. In order to send email through SES servers, your domain must be verified.
SES Management Console -> Domains -> Verify a New Domain
See verify-domain for additional details.
#####smtp_port
The port used to connect to the Amazon SMTP server. The default is 587 as there are no limits.
If you use port 25, than you will need to request that Amazon disables the rate limit (which is 1 email per minute).
#####smtp_username
The username of the smtp user. Note, this is not your IAM user. You need to create a unique
user for the SES service. The new user can be created via:
SES -> smtp settings -> 'Create My SMTP Credentials' button.
#####smtp_password
The password of the smtp user.
#####ses_region
The region of the Amazon smtp server to relay to. Amazon only offers 3 regions with 1 availability zone each.
Note, the regions and availability zones can now be specified; however, please see the table below in order to determine which ses server will be used.
Valid options:
US EAST
US WEST
EU
us-east-1
us-west-1
us-west-2
eu-west-1
eu-central-1
The following table shows the relationship between the puppet option and the region.
Puppet Option | Region Name | Region |
---|---|---|
US EAST |
N. Virginia | us-east-1 |
US WEST |
Oregon | us-west-2 |
EU |
Ireland | eu-west-1 |
us-east-1 |
N. Virginia | us-east-1 |
us-west-1 |
Oregon | us-west-2 |
us-west-2 |
Oregon | us-west-2 |
eu-west-1 |
Ireland | eu-west-1 |
eu-central-1 |
Ireland | eu-west-1 |
The default region is US EAST
#####smtp_tls_ca_file
A file containing CA certificates of root CAs trusted to sign either
remote SMTP server certificates or intermediate CA certificates.
If not specified the OS default location is used.
#####smtpd_tls_cert_file
File with the Postfix SMTP server RSA certificate in PEM format. This
file may also contain the Postfix SMTP server pri vate RSA key.
If not specified the OS default location is used.
#####smtpd_tls_key_file
File with the Postfix SMTP server RSA private key in PEM format. This
file may be combined with the Postfix SMTP server RSA certificate file
specified with $smtpd_tls_cert_file. The private key must be accessible
without a pass-phrase, i.e. it must not be encrypted.
If not specified the OS default location is used.
#####mynetworks
The mynetworks setting to use for postfix.
Default: '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128'
####message_size_limit
The maximum size in bytes of a message including envelope information.
Default: 10240000 (10m)
Works with debian and redhat based OS's.
The module is open source and available on github. Please fork!