blog.shukriadams.com
Game devops and other things

Reliable SMTP with Amazon Simple Email Service

2022-11-27 (last year)
Updated 2022-12-31 (last year)
Tags : smtp

SMTP is in a bad state - self-hosted solutions require both a PhD and a greybeard to set up, and there aren't many hosted solutions that are viable for personal use volume. Even the most reasonable, Mailgun, charges US$ 35 a month for 50K emails, and is clearly aimed at businesses. What do you do if you're sending only a hundred emails or less per month, and they're mostly to yourself from your servers?

Well, you know SMTP is in a bad state because Amazon has the best offering in town. I'm talking Amazon SES. They charge a fraction of a cent per mail, which is pretty expensive at high volume, but thankfully that's not what we're doing. Creating an SES account is easy, just search for and add SES to your existing AWS account and you're off. I'm assuming you already have a domain, all you need to do is add a few MX and TXT records to it, the SES instructions as so simple they don't really warrant a guide.

All new SES accounts are in a sandbox mode, so you'll have to register sender and recipient email addresses to test with. Amazon will send a verification email to each.

In your AWS dashboard, go to Amazon SES > your domain > SMTP Settings > Manage my existing SMTP credentials. Add an identify, then go the Security Credentials tab and create an Access key. You'll get a single view id, secret and email server name - copy all three down. This is by far the most complex part of this operation.

You can now send emails from anything that uses username/password authentication, which is perfect for automation. To test I use swaks on Ubuntu 

sudo apt install swaks -y

And then from your terminal send with

swaks \
    --tlsc \
    --auth \
    --server <email server, ex : email-smtp.us-east-1.amazonaws.com> \
    --au <SES_ACCESS_ID> \
    --ap <SES_SECRET> \
    --from [email protected] \
    --to [email protected] \
    --h-Subject: "Test" \
    --body 'some test mail content here'

tlsc is required by Amazon.

If you're happy with this, you'll likely want to bypass the need for all sender/recipient address to be approved first. That will require that you apply to have your SES account taken out of sandbox mode, which you can find on the SES dashboard too.

This isn't a perfect self-hosted solution, but it doesn't run at a fixed monthly bill, and gets your emails sent out easily enough. Maybe it's my old-age speaking, but I want to fight battles worth winning. SMTP is not one of those. Shut up and take my few cents per month, Bezos.

Previous : How to use ansible vault : TL;DR
Next : Are We Down? 0.3.0 released