This post will explain how to set up a Postfix mail server on an EC2 instance.
First, a word of warning: Amazon IPs generally aren’t highly considered, spam-wise. Meaning that even if you take all the precautionary steps, your emails might end up in spam folders. If email is business-critical for you, you might want to consider other options: host your mail server somewhere else? Use something like SendGrid?
This said, let’s dive in!
Prerequisites
I assume you have the following:
- A domain name, with control over the DNS records
- An EC2 account
Pick an AMI
Let’s start by creating an EC2 instance. I began with the vanilla AWS Linux micro instance, which seem to be somehow Fedora-based, and it was a pain. Now do yourself a favor and pick a Debian-based OS. It will make things much more easier.
Eric Hammond and Canonical themselves provides Debian and Ubuntu AMIs, which are a great first step. You can even bypass the whole Postfix config by using one of these AMIs.
Assign an elastic IP to the instance you launched. We will need it for the DNS setup.
Configure Postfix
Now’s the time to be very lazy and just redirect you to Ivar Abrahamsen‘s excellent howto on setting up Postfix. Actually, most of what I’m writing right now can be found on his howto, but let’s not stop at technicalities.
Configure your DNS
The most important step in having your email properly delivered is in your DNS configuration.
The first step is to define an A record for your Amazon Elastic IP, for example mail.mydomain.com. This will be used to set up a reverse DNS on your web server, so that other SMTP servers know that you’re not a spam relay.
Then add an MX record to the address you just defined, for example mail.mydomain.com. Now each SMTP server sending mail to mydomain.com will contact mail.domain.com, which in turn points to your EC2 instance. Awesome!
The next step is to modify your SPF record. I’ll let you work out the details with the spec and Ivar’s howto, and as an example here is the SPF record for remaildr:
remaildr.com. 1800 IN TXT "v=spf1 mx ip4:50.16.218.96 include:mx.ovh.com ~all"
This SPF allows MX servers and the IP address 50.16.218.96 (i.e. the EC2 instance) to send mail for remaildr.com. Only “MX” should be enough, no need for the IP in particular ? Well, I thought so, but it didn’t work so I added the IP address. Now it works. If anyone has an idea why, I’m all ears.
The include:mx.ovh.com is automatically added by OVH themselves and is not a problem in our case.
You can use the dig command to check if your DNS settings are properly set. For example, the SPF field was retrieved with a:
$ dig remaildr.com in txt
As a bonus, you might be interested in setting up DKIM (cryptographic email signing), a half of which takes place in your DNS. I’ll once again refer you to Ivan’s howto because it’s that good.
Tell Amazon you’ll be sending emails
By default, Amazon limits the amount of email you can send from an instance. You can ask them to remove that limitation very easily though, through that page.
This form also allows you to set up the reverse DNS I was telling you about. Go on, do it! Amazon usually answers to this form within 1-2 days.
Done!
That’s it!
Do you end up in spam folders? Try the test at AllAboutSpam, and check if everything’s alright. It covers about any issue your server might have.
We are looking out for email hosting for our office. for more details please contact Ann – 080 40348830
Hi Ann, It regarding your Email server requirement. We can set up in house mail server.
vipin,
plz drop me a mail. i need some help on this.
Hi Vipin,
Can i got stuck with route 53 settings ,can you help me that of
PTR ,MX,A,SPF record sets.
-Have used every where Elastic Ip address, but my Exchange Server got installed with given Private IP address.
-Updated Name servers in Godaddy.
–
Not able to get receive emails from outside world.
Any help will be appricated .
add me Skype: pradeepchandu
Thanks,
Chandu.
I’m a beginner as far as email servers are concerned. If I setup a Postfix on an EC2 instance, then can I setup a Mandrill account that is associated with an email address that I configured on Postfix without any concerns about sending limits?
Are there any email receiving limits for EC2?
Hi Everett,
Try this, you will be %100 happy: http://www.iredmail.org
Hi Deniz,
Can you help with route 53 settings of PTR ,MX,A,SPF record sets.
****Not able to get receive emails from outside world.
add me Skype: pradeepchandu
Amazon EC2 – Route 53 Settings
Type Name Value TTL
A mail.priorityxxxxxxx.com. 52.2xx.x.xxx 1d
A priorityxxxxxx.com. 52.2xx.x.xxx 1d
MX priorityxxxxxx.com. 0 mail.priorityxxxxxx.com. 1d
NS priorityxxxxxx.com. given Name serves by AMAZON 1d
PTR priorityxxxxxx.com. mail.priorityxxxx.com 1d
priorityxxxxxx.com. priorityxxxxx.com
SOA priorityxxxxxx.com. Given SOA record by AMAZON 1d
SPF priorityxxxxxx.com. v=spf1 a mx ptr ip4:52.2xx.x.xxx ~all 1d
TXT priorityxxxxxx.com. Test AWS Entry 1d
v=spf1 a mx ptr ip4:52.2xx.x.xxx ~all
Exchange server Details
Elastic Public Ip 52.2xx.x.xxx
Private IP 172.xx.x.xxx
Exchange Mail server Host Name aws.priorityxxxxxx.com
DNS Settings
Forward Ip address 172.xx.x.xxx
Reverse Ip Address 172.xx.x.xxx
Thanks,
Chandu.
Hey,
Can anyone setup for me a mail server on amazon EC2 . If anyone can help me about it please let me know . Add me on Skype : fmdreamm or mail me on : firozkabirsaddam@gmail.com
Thanks in advance
Hi Deniz,
Please do the needfull ifyou can .
I got stuck with route 53 settings ,can you help me that of
PTR ,MX,A,SPF record sets.
-Have used every where Elastic Ip address, but my Exchange Server got installed with given Private IP address.
-Updated Name servers in Godaddy.
****Not able to get receive emails from outside world.
Any help will be appreciated .
add me Skype: pradeepchandu
Thanks,
Chandu.
i have read http://flurdy.com/docs/postfix/ doc. it works only ubuntu. not for amazon linux ec2.please help me to find amazon linux doc. or if you have kowladge to do this.please share with us. please .
> Well, I thought so, but it didn’t work so I added the IP address.
That’s probably you need a reverse DNS entry. You have to ask AWS to create that for you.