AWS EC2 Sendmail Configuration (with .procmail)

Sendmail.. how you frustrate people; but the power makes it difficult to turn away. I’ll now detail the steps required for me to setup a simple e-mail auto-processing service on an AWS EC2 instance without a dedicated hostname.

Setting up the Procmail Recepie

.procmail — you can do a lot of things with .procmail. The online resources are many, but for this example I’m going to keep it VERY simple.

First, create a procmail file in your local account. My AWS instances are CentOS based, and use the ‘ec2-user’ as the default account. I’m going to keep it simple here and stick with that paradigm.

-bash-4.1$ vi .procmailrc

I’m going to setup my .procmailrc file to look like this:

SHELL=/usr/bin/php
MAILDIR=$HOME/mail
LOGFILE=$HOME/logs/procmail.log

:0 # catch errors
* ^Subject: Returned mail:.*
logs/procmail.error.log

# — auto-catches
:0
|”$HOME/prod/MailIntake/process.mail.php” $1

Now that I have a .procmail setup… time to get down to making sendmail work.

Sendmail — allowing server to accept messages

To configure the sendmail files, I assume super user powers. If you are unable to assume superuser powers or run sudo.. I doubt you’ll be able to complete these configurations. Hopefully your responsible IT person is going to handle all this for you instead.

Main Sendmail File — sendmail.mc

Setting up the main Sendmail file. This file is fairly large, so I’m only going to highlight the sections I felt needed to be updated.

vi sendmail.mc

To allow use of the AWS mail relay, defined in this section:

define(`SMART_HOST’, `email-smtp.us-east-1.amazonaws.com’)dnl

Setup local hostname / domain identity

dnl # Also accept email sent to “localhost.localdomain” as local email.
dnl #LOCAL_DOMAIN(`localhost.localdomain’)dnl
LOCAL_DOMAIN(`ec2-52-6-000-000.compute-1.amazonaws.com’)dnl

Setting up the masquerade

MASQUERADE_DOMAIN(`ec2-52-6-000-000.compute-1.amazonaws.com’)dnl
MASQUERADE_AS(`ec2-52-6-000-000.compute-1.amazonaws.com’)dnl

access db configuration

Editing the access file to setup the local host relay, so messages can be sent from the various network interfaces on the machine. Obviously. one of those IP addresses was obscured. Where you see #private ip# substitute your AWS private IP (such as 172.123.321.1)

## By default we allow relaying from localhost…
localhost RELAY
127.0.0.1 RELAY
#private ip# RELAY
email-smtp.us-east-1.amazonaws.com RELAY

## Allowed Connections
Connect:127.0.0.1 OK
Connect:#private ip# OK
Connect:email-smtp.us-east-1.amazonaws.com OK

Defining Local Hostnames — local-host-names

For my configuration, I wanted to make sure the system understood it’s local non-FQDN identitiy, so I edited the local-host-names file to include three different ways to reference the system. The AWS DSN, public IP and private IP:

vi local-host-names

Contents of my file looks like this (my file contains real IPs and hostname)

# local-host-names – include all aliases for your machine here.
ec2-52-6-000-000.compute-1.amazonaws.com
52.6.000.000
172.30.000.000

The Mailer Table — mailertable

At this point I didn’t see a need to implement functions of the mailertable

Setting up trusted user file — trusted-users

Modified the trusted users file to allow my primary user, root and one alias to send mail without warnings:

vi /etc/mail/trusted-users

File contents:

# trusted-users – users that can send mail as others without a warning
# apache, mailman, majordomo, uucp, are good candidates
ec2-user, apps, proxy, root

Aliases — virtusertable

Entering user aliases to capture mail sent to various users, and route them to the local ‘ec2-user’.

vi /etc/mail/virtusertable

Contents of my file with aliases:

# A domain-specific form of aliasing, allowing multiple virtual domains to be
# hosted on one machine.
#
ec2-user@ec2-52-6-000-000.compute-1.amazonaws.com ec2-user@localhost
stuff@ec2-52-6-000-000.compute-1.amazonaws.com ec2-user@localhost
things@ec2-52-6-000-000.compute-1.amazonaws.com ec2-user@localhost

Rebuild Settings

Run a make on the directory to rebuild the sendmail db files

make -C /etc/mail
make: Entering directory `/etc/mail’
make: Leaving directory `/etc/mail’

Restart Sendmail!

Restart sendmail… watch for majik!

/etc/init.d/sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.