Tag Archives: amazon web service

AWS EC2 Sendmail Configuration (with .procmail)

Sendmail.. how you frustrate people; but the power makes it difficult to turn away. I’ll now detail the steps required for me to setup a simple e-mail auto-processing service on an AWS EC2 instance without a dedicated hostname.

Setting up the Procmail Recepie

.procmail — you can do a lot of things with .procmail. The online resources are many, but for this example I’m going to keep it VERY simple.

First, create a procmail file in your local account. My AWS instances are CentOS based, and use the ‘ec2-user’ as the default account. I’m going to keep it simple here and stick with that paradigm.

-bash-4.1$ vi .procmailrc

I’m going to setup my .procmailrc file to look like this:

SHELL=/usr/bin/php
MAILDIR=$HOME/mail
LOGFILE=$HOME/logs/procmail.log

:0 # catch errors
* ^Subject: Returned mail:.*
logs/procmail.error.log

# — auto-catches
:0
|”$HOME/prod/MailIntake/process.mail.php” $1

Now that I have a .procmail setup… time to get down to making sendmail work.

Sendmail — allowing server to accept messages

To configure the sendmail files, I assume super user powers. If you are unable to assume superuser powers or run sudo.. I doubt you’ll be able to complete these configurations. Hopefully your responsible IT person is going to handle all this for you instead.

Main Sendmail File — sendmail.mc

Setting up the main Sendmail file. This file is fairly large, so I’m only going to highlight the sections I felt needed to be updated.

vi sendmail.mc

To allow use of the AWS mail relay, defined in this section:

define(`SMART_HOST’, `email-smtp.us-east-1.amazonaws.com’)dnl

Setup local hostname / domain identity

dnl # Also accept email sent to “localhost.localdomain” as local email.
dnl #LOCAL_DOMAIN(`localhost.localdomain’)dnl
LOCAL_DOMAIN(`ec2-52-6-000-000.compute-1.amazonaws.com’)dnl

Setting up the masquerade

MASQUERADE_DOMAIN(`ec2-52-6-000-000.compute-1.amazonaws.com’)dnl
MASQUERADE_AS(`ec2-52-6-000-000.compute-1.amazonaws.com’)dnl

access db configuration

Editing the access file to setup the local host relay, so messages can be sent from the various network interfaces on the machine. Obviously. one of those IP addresses was obscured. Where you see #private ip# substitute your AWS private IP (such as 172.123.321.1)

## By default we allow relaying from localhost…
localhost RELAY
127.0.0.1 RELAY
#private ip# RELAY
email-smtp.us-east-1.amazonaws.com RELAY

## Allowed Connections
Connect:127.0.0.1 OK
Connect:#private ip# OK
Connect:email-smtp.us-east-1.amazonaws.com OK

Defining Local Hostnames — local-host-names

For my configuration, I wanted to make sure the system understood it’s local non-FQDN identitiy, so I edited the local-host-names file to include three different ways to reference the system. The AWS DSN, public IP and private IP:

vi local-host-names

Contents of my file looks like this (my file contains real IPs and hostname)

# local-host-names – include all aliases for your machine here.
ec2-52-6-000-000.compute-1.amazonaws.com
52.6.000.000
172.30.000.000

The Mailer Table — mailertable

At this point I didn’t see a need to implement functions of the mailertable

Setting up trusted user file — trusted-users

Modified the trusted users file to allow my primary user, root and one alias to send mail without warnings:

vi /etc/mail/trusted-users

File contents:

# trusted-users – users that can send mail as others without a warning
# apache, mailman, majordomo, uucp, are good candidates
ec2-user, apps, proxy, root

Aliases — virtusertable

Entering user aliases to capture mail sent to various users, and route them to the local ‘ec2-user’.

vi /etc/mail/virtusertable

Contents of my file with aliases:

# A domain-specific form of aliasing, allowing multiple virtual domains to be
# hosted on one machine.
#
ec2-user@ec2-52-6-000-000.compute-1.amazonaws.com ec2-user@localhost
stuff@ec2-52-6-000-000.compute-1.amazonaws.com ec2-user@localhost
things@ec2-52-6-000-000.compute-1.amazonaws.com ec2-user@localhost

Rebuild Settings

Run a make on the directory to rebuild the sendmail db files

make -C /etc/mail
make: Entering directory `/etc/mail’
make: Leaving directory `/etc/mail’

Restart Sendmail!

Restart sendmail… watch for majik!

/etc/init.d/sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]

Install Redis on AWS EC2

redis-whiteRedis is fairly simple to install and get running. I found the best way to do this on CentOS based AWS EC2 nodes is to use the following steps.

Install Pre-Requisites

Redis will require several per-requisits. Your system may vary, but these are the cases I ran into when running the build in August 2015 with the latest AWS system updates. Some of these are required to run the tests, others are required for Redis itself.

TCL 8.5 or higher for Test

You need tcl 8.5 or newer in order to run the Redis test

yum install tcl

Download latest Redis package

Assume super user, move to a safe directory (I like /usr/local) and download the latest build:

sudo su –
cd /usr/local
wget http://download.redis.io/redis-stable.tar.gz

Extract Files

Once the main tarball has been downloaded, extract the files and start the configuration process.

tar xvzf redis-stable.tar.gz
cd redis-stable

Build the Binary

Build the binary. Redis does not seem to require ./config to be run, the necessary make files are already in place. Just run make and install!! If you decide to run the ‘make test’ (which I suggest you do), it maybe take 10-15 min. to complete depending on the power of your AWS instance.

make
make test
make install

Set Overcommit to TRUE

Redis is going to complain unless you have some level of overcommit memory enabled. This is easy to do (again, you must be root or sudoer to do this). Add ‘vm.overcommit_memory = 1’ to /etc/sysctl.conf and then reboot, IF you can safely do so on your machine (best to check and make sure there are no live service interruptions or other personnel using the system).

vi /etc/sysctl.conf

Add this to the end of the file:

# Required by Redis to enable overcommit setting:
vm.overcommit_memory = 1

Reboot

init 6

Configure Redis

Create a working directory for the redis disk files. I like to use the following:

mkdir /var/redis
mkdir /var/redis/db

Copy the base configuration file to /etc/ and customize to your environment.

mkdir /etc/redis
cp redis.conf /etc/redis/6379.conf
vi /etc/redis/6379.conf

I made the following changes to the configuration file. I can’t guarantee all or any of these will be correct for your configuration:

daemonize yes

bind 127.0.0.1

tcp-keepalive 60

logfile “/var/log/redis-server.log”

dir /var/redis/db

Copy the startup file into /etc/init.d

cp utils/redis_init_script /etc/init.d/redis

Add the start command to the root’s crontab. Yeah, so this might be a cheater method instead of adding this to the systems rd.X files, but it’s also easy to disable.

crontab -e

@reboot /etc/init.d/redis start

Start Redis Server

Starting the server from the command line is a good way to verify it’s functional. It’s easy to do, just type ‘resis-server’. Hit CNTL-C to kill and exit once you’ve tested launch. If it starts up, you should see something like this:

[root@ip-10-000-000-00 redis-stable]# redis-server

31408:C 04 Aug 21:55:00.578 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
31408:M 04 Aug 21:55:00.579 * Increased maximum number of open files to 10032 (it was originally set to 1024).

31408:M 04 Aug 21:55:00.581 # Server started, Redis version 3.0.3

31408:signal-handler (1438725473) Received SIGINT scheduling shutdown…
31408:M 04 Aug 21:57:53.628 # User requested shutdown…
31408:M 04 Aug 21:57:53.628 * Saving the final RDB snapshot before exiting.
31408:M 04 Aug 21:57:53.631 * DB saved on disk
31408:M 04 Aug 21:57:53.632 # Redis is now ready to exit, bye bye…

If that looks OK, then start using the startup back file. This should start redis as a deamon (service) depending on how you edited the configuration file. If you did it the way I did, then it will start as a deamon.

/etc/init.d/redis start

Starting Redis server…

Test to make sure it’s listening.. by using the ping command. If it’s alive and listening, you’ll receive back a ‘PONG’

redis-cli ping

PONG

FINAL STEPS — Reboot and Verify!

A good and proper final test, assuming you are able to reboot the system without causing trouble to any live services or other personnel… is.. REBOOT, then verify that it has restarted as expected.

init 6

Connection closed by remote host.

[ec2-user@ip-10-000-000-00 ~]$ redis-cli ping

PONG

CONGRATULATIONS!! You are now the proud owner/maintainer/RP of a Redis server!

NEXT…

Doing something productive with Redis… (to be continued)