I have been trying to configure my Amazon EC2 instance (running Ubuntu 20.04) to send mail via Amazon SES. I have various settings I've borrowed from an earlier (successful) configuration to prevent any local mail delivery on this machine and to make sure all outgoing mail is coming from a single sender address. For some reason, postfix refuses to send the mail. The errors always look like this (I have redacted identifiable domains etc):
May 11 21:24:43 ip-172-30-2-193 postfix/pickup[3918]: 256D03EEA0: uid=1001 from=<[email protected]> May 11 21:24:43 ip-172-30-2-193 postfix/cleanup[3928]: 256D03EEA0: message-id=<[email protected]> May 11 21:24:43 ip-172-30-2-193 postfix/qmgr[3919]: 256D03EEA0: from=<[email protected]>, size=723, nrcpt=1 (queue active) May 11 21:24:43 ip-172-30-2-193 postfix/smtp[3921]: 256D03EEA0: to=<[email protected]>, relay=none, delay=14, delays=14/0/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=email-smtp.us-east-1.amazonaws.com type=A: Host not found, try again) Here is my postconf:
command_directory = /usr/sbin compatibility_level = 2 daemon_directory = /usr/lib/postfix/sbin data_directory = /var/lib/postfix debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = loopback-only inet_protocols = ipv4 local_transport = error:local delivery is disabled mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient masquerade_domains = $mydomain mydestination = mydomain = mydomain.com myhostname = www.mydomain.com mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases readme_directory = /usr/share/doc/postfix relayhost = [email-smtp.us-east-1.amazonaws.com]:587 sample_directory = /usr/share/doc/postfix/examples sender_canonical_maps = regexp:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_generic_maps = hash:/etc/postfix/generic smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = plain smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = secure smtpd_banner = $myhostname ESMTP $mail_name unknown_local_recipient_reject_code = 550 The file /etc/postfix/sasl_passwd file is root:root and 640 and looks like this:
# NOTE: these are credentials for IAM User [REDACTED] [email-smtp.us-east-1.amazonaws.com]:587 XXXXXXXXXXXXXXXXXXXXX:YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY where the XXX... and YYY... are credentials that currently work from an older server.
I have seen a variety of posts on this forum addressing this type of error, but the solutions they suggest don't solve my problem:
- network connection problem -- I can telnet without any problem form this server to email-smtp.us-east-1.amazonaws.com on both port 25 and 587
- attempting ipv6 transport - i specifically set inet_protocols to ipv4.
- presence/absence of square brackets around email-smtp.us-east-1.amazonaws.com -- I have tried setting relayhost with and without square brackets and have always taken care to re-hash the sasl_passwd file. If I put the brackets in, the error says
type=A: Host not found, try again. If I take the brackets out, it saystype=MX: Host not found, try again. This is the only difference. - DNS not resolving and/or resolv.conf not readable -- A
dig email-smtp.us-east-1.amazonaws.comcommand always yields about half a dozen AWS addresses. The file/etc/resolv.confis world-readable. I have not tried copying or symlinking this file anywhere. - bad relay host or missing credentials - all mail should be routed thru Amazon SES which is what I have relayhost set to and the file
/etc/postfix/sasl_passwdis owned/readable by root and the credentials it contains match relayhost in main.cf and also work on another, older server.
