• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Using Amazon SES for Plesk customer sites email

G

gbotica

Regular Pleskian
Hi,

I use Plesk Onyx on CentOS with the External SMTP Server option (MSMTP) to send all Plesk (notifications etc) and customer website emails (generated from customer websites) via Mailgun.

This has worked well for many months. Deliver-ability is usually very good and the from field in email clients looks like:

John Doe | johndoe.com <[email protected]> via mail.mypleskserver.com

I have been trying to switch this set up over to AWS SES. But I can't get SES to work the same that MailGun does. Set up is OK and I can send email from Plesk Panel etc, but any email generated from a Plesk customer site now logs:

Code: 
... [email protected] [email protected] smtpstatus=554 smtpmsg='554 Message rejected: Email address is not verified. The following identities failed the check in region US-WEST-2: "John Doe | johndoe.com" <[email protected]>' errormsg='the server did not accept the mail' exitcode=EX_UNAVAILABLE

When I use Mailgun, it works perfectly:

Code: 
... [email protected] [email protected] mailsize=60612 smtpstatus=250 smtpmsg='250 Great success' exitcode=EX_OK

I'm not sure why Mailgun is happy to pass through email from customer sites, but SES wants each sender to be individually verified? That would make SES useless for a shared web server environment?

All DNS settings are in place and verified in the SES console etc.

Is anyone successfully using SES for Plesk customer website email?

Any help on how / if this can work would be appreciated.

Thank you!
 
Last edited:
It's been a while since I've worked with AWS SES, but from what I remember you do have to authenticate at least every domain in SES you like to send email from. I believe this can be done by adding a DNS record to the DNS zone of the domain. The cool thing about AWS (imho) is that you can automate everything. If you combine the AWS API with the Plesk API or CLI you can automate the domain the SES authentication.
 
Last edited:
Thanks for replying.

I've started using Mailgun since yesterday, however not with MSMTP but relaying in postfix. (as not all domains on the server need the mails send through Mailgun)

Just in case someone is looking for a solution for this scenario and possibly also for AWS SES, I'll post how I did it:

Creating the files sasl_passwd and relay_map:
Code: 
touch /etc/postfix/sasl_passwd
touch /etc/postfix/relay_map
chmod 600 /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/relay_map

In sasl_passwd:
Code: 
smtp.eu.mailgun.org postmaster@DOMAIN_A.TLD:MAILGUN_PASS
relay.DOMAIN_B.TLD postmaster@DOMAIN_B.TLD:MAILGUN_PASS

In rely_map:
Code: 
@DOMAIN_A.TLD [smtp.eu.mailgun.org]:587
@DOMAIN_B.TLDe [relay.DOMAIN_B.TLD]:587

Here's the trick for DOMAIN_B.TLD: I added a CNAME record relay.DOMAIN_B.TLD to smtp.eu.mailgun.org (check for your own smtp host to use)
Otherwise, postfix will complain about duplicate entries. (I did the same for domain C, D, ...)

Now edit postfix's main.cf to include:
Code: 
sender_dependent_relayhost_maps = hash:/etc/postfix/relay_map
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_mechanism_filter = AUTH LOGIN
smtpd_relay_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    defer_unauth_destination

Postmap the 2 files you've made:
Code: 
postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/relay_map

And finally, reload postfix:
Code: 
systemctl reload postfix

Not sure if this is the correct approach but it seems to be working.
Postfix relays the e-mails from the domains mentioned in relay_map and takes the correct authentication line from sasl_passwd.
 
Last edited:
Kaspar said:
It's been a while since I've worked with AWS SES, but from what I remember you do have to authenticate at least every domain in SES you like to send email from. I believe this can be done by adding a DNS record to the DNS zone of the domain. The cool thing about AWS (imho) is that you can automate everything. If you combine the AWS API with the Plesk API or CLI you can automate the domain the SES authentication.
Click to expand...
Hey buddy,

Reviving this old post. Do you have any resources or links on how to integrate AWS Cli using this method?

Thanks in advance.
Jimmy
 
You must log in or register to reply here.

Similar threads

N
Issue Plesk send email to root
Replies
1
Views
612
n0fear
N
B
Issue msmtp only accepts one email sender address
Replies
1
Views
2K
Kaspar
K
B
Issue msmtp only accepts one email sender address
Replies
2
Views
1K
NaN-Edi
N
V
Resolved All sites hosted on Plesk server not delivering emails only to Google Workspace mail ids
Replies
2
Views
1K
vhon2022
V
M
Issue msmtp Error 550 - The from address does not match a verified Sender Identity
2
Replies
23
Views
7K
cloudhostpk
C
Back
Top