You must have an Amazon SES account with a verified email address
Check whether Sendmail package is installed on your server:
dpkg -s sendmail
dpkg -s sendmail-cf
dpkg -s m4
To configure Sendmail to send email through the Amazon SES endpoint in US East (N. Virginia) using STARTTLS
1. Create or edit a file called /etc/mail/authinfo. Add the following line to the file, where:
• U:root—Do not modify.
• I:USERNAME—Replace with the Amazon SES username you obtained using the instructions in Obtaining Your Amazon SES SMTP Credentials. This is NOT the same as your AWS Access Key ID.
• P:PASSWORD—Replace with the Amazon SES password you obtained using the instructions in Obtaining Your Amazon SES SMTP Credentials. This is NOT the same as your AWS Secret Key.
• M:LOGIN—Replace with the method of authentication to use. For example, PLAIN, DIGEST-MD5, etc.
AuthInfo:email-smtp.us-east-1.amazonaws.com "U:root" "I:USERNAME" "P:PASSWORD" "M:LOGIN"
If Sendmail cannot authenticate with the Amazon SES SMTP endpoint because the hostname does not match, try adding the additional line specified in Amazon SES SMTP Issues.
2. Save the authinfo file.
3. At a command prompt, type the following command to generate /etc/mail/authinfo.db:
sudo makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo
4. Open the /etc/mail/access file and include support for relaying to the Amazon SES SMTP endpoint by adding the following line. If Sendmail cannot authenticate with the Amazon SES SMTP endpoint because the hostname does not match, try adding the additional line specified in Amazon SES SMTP Issues.
Connect:email-smtp.us-east-1.amazonaws.com RELAY
Save the file.
5. At a command prompt, type the following command to regenerate /etc/mail/access.db:
sudo makemap hash /etc/mail/access.db < /etc/mail/access
6. Save a back-up copy of /etc/mail/sendmail.mc and /etc/mail/sendmail.cf.
7. Add the following group of lines to the /etc/mail/sendmail.mc file before any MAILER() definitions. If you add a FEATURE() line after a MAILER() definition, when you run m4 in a subsequent step, you will get the following error: "ERROR: FEATURE() should be before MAILER().":
Important Be sure to use the ` character and the apostrophe exactly as shown.
define(`SMART_HOST', `email-smtp.us-east-1.amazonaws.com')dnl define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl MASQUERADE_AS(`YOUR_DOMAIN')dnl FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl
8. In the text you just added to sendmail.mc, in the line that starts with MASQUERADE_AS, replace YOUR_DOMAIN with the domain name from which you are sending your email. By adding this masquerade, you are making email from this host appear to be sent from your domain. Otherwise, the email will appear as if the email is being sent from the host name of the mail server, and you may get an "Email address not verified" error when you try to send an email.
9. Save the sendmail.mc file.
10. At a command prompt, type the following command to make sendmail.cf writeable:
sudo chmod 666 /etc/mail/sendmail.cf
11. At a command prompt, type the following command to regenerate sendmail.cf:
sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Note If you encounter errors such as "Command not found" and "No such file or directory," make sure you have installed the m4 and sendmail-cf packages as specified in the prerequisites section above.
12. At a command prompt, type the following command to reset the permissions of sendmail.cf to read only:
sudo chmod 644 /etc/mail/sendmail.cf
13. At a command prompt, type the following command to restart Sendmail:
sudo /etc/init.d/sendmail restart
14. Send a test email by doing the following:
1. At a command prompt, type the following. Note that you should replace from@example.com with your "From" email address, which you must have verified with Amazon SES. Replace to@example.com with your "To" address. If you have not yet applied for production access, the "To" address must also be verified.
sudo /usr/sbin/sendmail -f from@example.com to@example.com
2. Press
3. When you are finished typing the email, press CTRL+D to send the email.
15. Check the recipient email's client for the email. If you cannot find the email, check the Junk box in the recipient's email client. If you still cannot find the email, look at the Sendmail log on the mail server. The log is typically in /var/spool/mail/.
In the case of my Ubuntu server, the email log is at /var/log/mail.log
root@server /var/log # tail mail.log Dec 23 10:35:42 sever sm-mta[18985]: 3BIHMM6O025833: to=, delay=4+16:13:20, xdelay=00:00:00, mailer=relay, pri=60870329, relay=email-smtp.ap-south-1.amazonaws.com., dsn=4.0.0, stat=Deferred Dec 23 10:35:42 sever sm-mta[18985]: 3BIH7B7E015280: to= , delay=4+16:28:31, xdelay=00:00:00, mailer=relay, pri=60960316, relay=email-smtp.ap-south-1.amazonaws.com., dsn=4.0.0, stat=Deferred Dec 23 10:35:42 server sm-mta[18985]: 3BIHEk4Y020496: to= , delay=4+16:20:56, xdelay=00:00:00, mailer=relay, pri=60960338, relay=email-smtp.ap-south-1.amazonaws.com., dsn=4.0.0, stat=Deferred Dec 23 10:39:27 server sendmail[21677]: 3BN9dJoC021677: from=pqr@test.net, size=10, class=0, nrcpts=1, msgid=<202312230939.3BN9dJoC021677@xyz.com>, relay=root@localhost Dec 23 10:39:28 server sm-mta[21768]: 3BN9dRvP021768: from= , size=282, class=0, nrcpts=1, msgid=<202312230939.3BN9dJoC021677@server.com>, proto=ESMTP, daemon=MTA-v4, relay=localhost.localdomain [127.0.0.1] Dec 23 10:39:28 server sendmail[21677]: 3BN9dJoC021677: to=pqr@test.net, ctladdr=pqr@test.net (0/0), delay=00:00:09, xdelay=00:00:01, mailer=relay, pri=30010, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (3BN9dRvP021768 Message accepted for delivery) Dec 23 10:39:28 server sm-mta[21770]: STARTTLS=client, relay=email-smtp.ap-south-1.amazonaws.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256 Dec 23 10:39:29 server sm-mta[21770]: 3BN9dRvP021768: AUTH=client, available mechanisms do not fulfill requirements Dec 23 10:39:29 server sm-mta[21770]: AUTH=client, relay=email-smtp.ap-south-1.amazonaws.com., temporary failure, connection abort Dec 23 10:39:29 server sm-mta[21770]: 3BN9dRvP021768: to= , delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=120282, relay=email-smtp.ap-south-1.amazonaws.com. [13.126.76.118], dsn=4.0.0, stat=Deferred: Temporary AUTH failure
Check whether the firewall is blocking outbound connections over the port you're trying to send email from.
Try the following command:
telnet email-smtp.us-east-1.amazonaws.com
where
If the connection is made, the following response is received.
root@server /var/log # telnet email-smtp.ap-south-1.amazonaws.com 25 Trying 65.1.8.173... Connected to email-smtp.ap-south-1.amazonaws.com. Escape character is '^]'. 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-d-Z84JC76C2 YYg9AiTpo0btbw0gtOnO 451 4.4.2 Timeout waiting for data from client. Connection closed by foreign host.
openssl s_client -crlf -quiet -connect email-smtp.us-east-1.amazonaws.com:465
openssl s_client -crlf -quiet -starttls smtp -connect email-smtp.us-east 1.amazonaws.com:25
If you cannot connect to the Amazon SES SMTP endpoint using telnet or openssl, then something in your network (for example, a firewall) is blocking outbound connections over the port you're trying to use.
root@server# ufw status Status: active To Action From -- ------ ---- 22222 ALLOW Anywhere 80 ALLOW Anywhere 22 ALLOW Anywhere 443 ALLOW Anywhere 25 ALLOW Anywhere 22222 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 25 (v6) ALLOW Anywhere (v6)
If that works, and you are trying to connect to Amazon SES using TLS Wrapper or STARTTLS, try the openssl commands shown in Using the Command Line to Send Email Through the Amazon SES SMTP Interface.
As stated here and here besides sasl2-bin, there is a need to also install libsasl2-modules.
sudo apt-get install sasl2-bin libsasl2-modules
This solved the problem and the server was able to send mails through Amazon SES.