Sunday, 30 November 2008« Английски | Main | Posting a file with ActiveResource »
A well know trouble with EC2 instances is to send mail reliably, in fact the dynamic nature of the IP numbers in the cloud makes them suspect for most spam countermeasures. The common workaround is to have an external SMTP server thorough which relaying every email message.
A natural choice is to use Google Apps for your domain and to exploit their service which is free up to 2000 messages per day and comes with all the Gmail goodies.
Jules Szemere has a good post (1) about how to do that with Postfix (note for Ubuntu users: the
CA.sh script is in
Unfortunately, in my experience (and not only in mine) also messages from Google servers are sometimes considered SPAM. Perhaps switching to the premium edition could solve that, anyway I followed the recommendation (2) from Paul Dowman (EC2 on Rails author) and I'm using AuthSMTP. The minimum fee is lesser than Google Apps premium edition (though the cost per message is not) and it's actually reliable.
What I miss more with AuthSMTP is the lack of a copy of the message in the sent mail folder, I could always add a BCC field but this wastes the service quota.
The ideal solution is to use Google to send to safe addresses that are unlikely to drop the message (especially those in BCC) and to use AuthSMTP otherwise. In practice we have to put together the configurations in (1) and (2) in a smart way. So, thanks to the suggestions of my trusty system administrator, in
transport_maps = hash:/etc/postfix/transport # auth smtp_sasl_auth_enable=yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # tls smtp_tls_policy_maps = hash:/etc/postfix/tls_policy smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_note_starttls_offer = yes tls_random_source = dev:/dev/urandom smtp_tls_scert_verifydepth = 5 smtp_tls_key_file=/etc/postfix/certs/postfixclient.key smtp_tls_cert_file=/etc/postfix/certs/postfixclient.pem smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert = no smtp_tls_enforce_peername = no
Two maps need to be specified,
transport_maps defines which relay server to use depending on the destination address:
gmail.com :[smtp.gmail.com]:587 yahoo.com :[smtp.gmail.com]:587 * :[mail.authsmtp.com]
while smtp_tls_policy_maps defines the policy to use with the relaying server:
[mail.authsmtp.com] none [smtp.gmail.com]:587 may
Finally, in smtp_sasl_password_maps we specify both Google and AuthSMTP credentials:
gmail-smtp.l.google.com firstname.lastname@example.org:password smtp.gmail.com email@example.com:password mail.authsmtp.com username:password