0

Have configured postfix on an EC2 instance. Can send and receive emails locally. Have also configured SES, with verified domain. Outgoing works perfectly well. However, receiving mail to SES returns

<hej@mydomain.com>: host inbound-smtp.eu-west-1.amazonaws.com[176.32.109.132]
    said: 550 5.1.1 Requested action not taken: mailbox unavailable (in reply
    to RCPT TO command)

No entry is shown in the postfix log, so I suspect SES is not even trying to talk to my EC2 instance.

dig MX mydomain.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> MX mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1395
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com.                        IN      MX

;; ANSWER SECTION:
mydomain.com.         60      IN      MX      10 inbound-smtp.eu-west-1.amazonaws.com.

;; Query time: 77 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Thu Jan 04 13:32:12 UTC 2018
;; MSG SIZE  rcvd: 95

dig mydomain.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51289
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com.                        IN      A 

;; ANSWER SECTION:
mydomain.com.         34      IN      A       52.50.184.26

;; Query time: 0 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Thu Jan 04 13:34:10 UTC 2018
;; MSG SIZE  rcvd: 59

I have port 25 open for inbound traffic. I can telnet to it from home. Replace mydomain.com with kummelvagen.se unless you are an evil bot.

What am I missing?

Johan
  • 746
  • 5
  • 20
  • Can you show the SES configuration? Is it actually set up to handle this inbound address, and if so how does the SES setup relate to your postfix instance specifically? – Håkan Lindqvist Jan 04 '18 at 14:07
  • @HåkanLindqvist The SES is not configured in any way, other than verifying the domain name, setting up DKIM and MAIL FROM domain. Apart from having the domain name pointing to my instance, there is no connection between SES and postfix. This might be the problem, but I have no idea how to set up the connection. – Johan Jan 04 '18 at 14:59
  • You have set up inbound mail to go to SES, though – Håkan Lindqvist Jan 04 '18 at 15:01
  • Isn't that done via the MX DNS record? It is set to `inbound-smtp.eu-west-1.amazonaws.com.` – Johan Jan 04 '18 at 15:03
  • Yes, which is SES – Håkan Lindqvist Jan 04 '18 at 15:03
  • That is in place. I think the mail is going to SES, but not from SES to my postfix. There must be something more I am missing. – Johan Jan 04 '18 at 15:05

1 Answers1

2

Based on the question and its comments I get the impression that there is some confusion regarding the role of SES at the core of this.

From my understanding of your goal (sending outbound mail through SES, getting inbound mail delivered to your own custom postfix mail server) the obvious solution would be to point the MX record at your EC2 instance running postfix instead of at SES, using SES for outbound mail only.

If you actually want to use SES for inbound, I believe you may need some custom code deployed in an AWS Lambda (or some other similar solution) to handle the delivery to your own server. See Amazon SES Email-Receiving Concepts for details.

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • Not really. I want to use SES for receiving mail, doing its antispam and antivirus magics, then sending it to my postfix mail server. I am actually setting up a mailman list server, following this guide: https://github.com/Yexiaoxing/mailman-on-aws – Johan Jan 04 '18 at 15:12
  • 1
    @Johan That guide doesn't appear to use SES for inbound, though? – Håkan Lindqvist Jan 04 '18 at 15:18
  • Hm. That seems to be right. I have been mixing up different guides and concepts I guess. I'll dig deeper into this. – Johan Jan 04 '18 at 15:25
  • You are right. SES is simply not useful for this. Besides, it seems like I need to verify all email addresses to which I want to send email. That makes SES useless in both directions. I have a hard time finding any usecase for SES given these limitation. – Johan Jan 04 '18 at 17:47
  • You do not need to validate all addresses you want to send to (for outbound). See https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html – Håkan Lindqvist Jan 04 '18 at 17:48
  • I have already followed that and got it approved. I now can send FROM any address. Though, when trying to send TO a non verified address, it is rejected: `host email-smtp.eu-west-1.amazonaws.com[34.251.34.22] said: 554 Message rejected: Email address is not verified. The following identities failed the check in region EU-WEST-1` – Johan Jan 04 '18 at 18:00
  • If you are no longer in the sandbox there is nothing stopping you from sending to any address. – Håkan Lindqvist Jan 04 '18 at 18:03
  • Ok. Strange then. I'll see what I can do, but I can reproduce this message despite the fact that I am no longer in sandbox since yesterday. `We reviewed your case and have increased your sending quota to 50,000 messages per day. Your maximum send rate has increased to 14 messages per second. This is effective in AWS Region EU (Ireland). Your account has also moved out of the sandbox, so you no longer need to verify recipient addresses.` I'll start a new thread about this. – Johan Jan 04 '18 at 18:08
  • Ah, my bad. Mailman was configured to use the gmail address as FROM, which obviously is far from allowed. Tack för hjälpen, @håkan! – Johan Jan 04 '18 at 18:30