Month: December 2010

Set up a mail server on Amazon EC2

This post will explain how to set up a Postfix mail server on an EC2 instance.

First, a word of warning: Amazon IPs generally aren’t highly considered, spam-wise. Meaning that even if you take all the precautionary steps, your emails might end up in spam folders. If email is business-critical for you, you might want to consider other options: host your mail server somewhere else? Use something like SendGrid?

This said, let’s dive in!

Prerequisites

I assume you have the following:

  • A domain name, with control over the DNS records
  • An EC2 account

Pick an AMI

Let’s start by creating an EC2 instance. I began with the vanilla AWS Linux micro instance, which seem to be somehow Fedora-based, and it was a pain. Now do yourself a favor and pick a Debian-based OS. It will make things much more easier.

Eric Hammond and Canonical themselves provides Debian and Ubuntu AMIs, which are a great first step. You can even bypass the whole Postfix config by using one of these AMIs.

Assign an elastic IP to the instance you launched. We will need it for the DNS setup.

Configure Postfix

Now’s the time to be very lazy and just redirect you to Ivar Abrahamsen‘s excellent howto on setting up Postfix. Actually, most of what I’m writing right now can be found on his howto, but let’s not stop at technicalities.

Configure your DNS

The most important step in having your email properly delivered is in your DNS configuration.

The first step is to define an A record for your Amazon Elastic IP, for example mail.mydomain.com. This will be used to set up a reverse DNS on your web server, so that other SMTP servers know that you’re not a spam relay.

Then add an MX record to the address you just defined, for example mail.mydomain.com. Now each SMTP server sending mail to mydomain.com will contact mail.domain.com, which in turn points to your EC2 instance. Awesome!

The next step is to modify your SPF record. I’ll let you work out the details with the spec and Ivar’s howto, and as an example here is the SPF record for remaildr:

remaildr.com.        1800    IN    TXT    "v=spf1 mx ip4:50.16.218.96 include:mx.ovh.com ~all"

This SPF allows MX servers and the IP address 50.16.218.96 (i.e. the EC2 instance) to send mail for remaildr.com. Only “MX” should be enough, no need for the IP in particular ? Well, I thought so, but it didn’t work so I added the IP address. Now it works. If anyone has an idea why, I’m all ears.

The include:mx.ovh.com is automatically added by OVH themselves and is not a problem in our case.

You can use the dig command to check if your DNS settings are properly set. For example, the SPF field was retrieved with a:

$ dig remaildr.com in txt

As a bonus, you might be interested in setting up DKIM (cryptographic email signing), a half of which takes place in your DNS. I’ll once again refer you to Ivan’s howto because it’s that good.

Tell Amazon you’ll be sending emails

By default, Amazon limits the amount of email you can send from an instance. You can ask them to remove that limitation very easily though, through that page.

This form also allows you to set up the reverse DNS I was telling you about. Go on, do it! Amazon usually answers to this form within 1-2 days.

Done!

That’s it!

Do you end up in spam folders? Try the test at AllAboutSpam, and check if everything’s alright. It covers about any issue your server might have.

Remaildr – the tech bits

Here are a few small things you might want to know about http://remaildr.com. Or maybe not, but then again, nobody forces you to read, stranger!

“Hardware”

Remaildr is hosted on an Amazon EC2 micro instance, benefiting of the free tier offer. Apart from the static IP that will probably end up costing me something, remaildr should be about free.

— Edit: as of may, remaildr is now hosted on a VPS at OVH. The EBS volume of my EC2 instance blew up on me, and with the free tier coming to end, EC2 would be too costly.

Network

The remaildr.com domain is registered at OVH, because of the low price and the flexibility they allow on DNS. I added an A record for mail.remaildr.com pointing to 50.16.218.96 —the AWS elastic IP—, then modified the MX record for remaildr.com to point to mail.remaildr.com. That way, every email sent to any_address@remaildr.com will be sent to the right mail server. Having an A record also allows reverse DNS on the mail server, often used to flag spam.

Other DNS modifications included the SPF record, which allows the mail server to actually send emails in behalf of remaildr.com, and a TXT record for DKIM — cryptographically signing outgoing emails.

OVH provides a free 1MB web storage for each domain name subscription, which is more than enough to host the remaildr.com website, weighing about 30KB.

The mail server

The email server at OVH is a run-of-the-mill Debian Squeeze. It runs a Postfix server, configured to forward a few specific email addresses (for example abuse, postmaster and info) to my account, and let everything else go to a catch-all account called remind.

A set of two Daemonized Ruby scripts will then do all the work:

  • receivr.rb will fetch the emails in POP, compute the send date, then put the remaildr to send back into a PostgreSQL database as a Base64-encoded marshalled ruby object (akin to how DelayedJobs works as far as I understand)
  • sendr.rb will read the database and send all the emails who need to be sent

Of course, the code is on GitHub.

That’s about it! Feel free to ask any questions, and I’ll answer as well as I can. :)