Ícaro Bichir bio photo

Ícaro Bichir

Geek that dreams to be a hacker, became a intern security, a DevOps Analyst and now, SysAdmin with DevOps Engineering thinking. ;)

Email LinkedIn Github Last.fm

General Vision

Works on Centos, Amazon Linux and Ubuntu

Execute all steps on root account

Before you start:

Generate your SMTP username and password ( AWS SES ; Gmail, will need App password

Verify the domain and email addresses

Check if your certificate exists

  • Centos or Amazon Linux: /etc/pki/tls/certs/ca-bundle.crt

  • Ubuntu: /etc/ssl/certs/ca-certificates.crt

This tutorial was made for us-east region, just change the endpoint for other regions

Install the required packages

Centos or Amazon Linux

$ yum install postfix mailx cyrus-sasl cyrus-sasl-plain cyrus-sasl-lib cyrus-imapd cyrus-imapd-utils


$ apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

Edit the postfix configuration with SMTP settings and insert this lines on the botton of the /etc/postfix/main.cf file (On Ubuntu, just change the .crt directory)


smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587


relayhost = email-smtp.us-east-1.amazonaws.com:25
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

Create the sasl_passwd file with SMTP username and password


$ touch /etc/postfix/sasl_passwd
$ cat << EOF >/etc/postfix/sasl_passwd
[smtp.gmail.com]:587  [email protected]:PASSWORD


$ touch /etc/postfix/sasl_passwd
$ cat << EOF >/etc/postfix/sasl_passwd
email-smtp.us-east-1.amazonaws.com:25 SMTP_USERNAME:SMTP_PASSWORD
ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 SMTP_USERNAME:SMTP_PASSWORD

Change the permition and generate the password file for postfix

sudo chmod 400 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

Restart postfix

service postfix restart

Check if email are sent

  • You can check your log for more information ( /var/log/maillog )


echo "Test mail from postfix" | mail -s "Test Postfix" [email protected]


sendmail -f [email protected] [email protected]
From: [email protected]
Subject: Test
This email was sent through Amazon SES!

Cool, It’s done (I hope so)

If you have some question or update about this procedure, please contact me.