Amazon SES as a relay in Mailcow

In another blog I already wrote about why it is important to have a mail server with a high reputation. In short, it can be said that you can only achieve a high delivery rate of your own mails with a high mail server reputation. If you do not have this reputation, mails often end up in the spam folder or are rejected.

Now you can set up a mail server yourself and spend a few months to give it a high reputation, or you can use providers who offer mail servers with a high reputation.

There are many of these, but Amazon Simple Email Service (SES) in particular stands out because of its enormous price-performance ratio. Amazon SES allows you to send 100,000 emails with the best reputation for just 10 dollars.

Amazon SES as a relay server

However, Amazon SES does not replace a mail server. SES is not actually intended to receive mails. Amazon SES also does not manage mailboxes.

If a mail client wants to send a mail, this is always done via a mail server. The mail server then establishes a connection to Amazon SES and sends the mail via this service. This is referred to as a mail server relay.

E-mails sent to us do not go via Amazon SES but directly to our mail server. When receiving, the reputation is unimportant, so our mail server can take care of the mail reception directly.

The basis: A mail server

So we need a mail server. I use the mailcow software suite for this. I have already described how to set this up here. Later we will configure Amazon SES as a relay, but first we have to set up SES accordingly.

Set up Amazon SES

Next, we need to sign up for Amazon SES. This requires an Amazon AWS account. Once we have completed the registration, we need to set up Amazon SES.

Important: Amazon SES is offered at several locations. You can select the location at the top right. Parts of the configuration depend on the location. As I did not know this at the beginning, I was allowed to carry out the configuration twice, as I was in the USA region after registering, but switched to Europe.

First we create a new domain. To confirm the domain, various DNS settings must be made. However, Amazon lists these in detail.

If the domain is validated, we no longer need to validate the individual mail addresses as long as they belong to a validated domain.

Increase SES transmission limit

So far, our SES account is in sandbox mode. This means that no mails are sent. Since we want to change this, we have to make a request to increase the sending limit. This request was answered and approved after 20 hours.

In this request, you have to state whether you handle mail bounces (bounce handling), whether the recipients have agreed to receive mails and whether you comply with Amazon's rules. Presumably, a request will only be approved if all points are answered in the affirmative. Accordingly, you should really take care of these points, otherwise you will be blocked by Amazon SES quite quickly.

SMTP Credentials

In order to use Amazon SES as a relay host from our Mailcow installation, we need SMTP access data consisting of server address, user name and password. Even if we use Amazon SES with multiple domains, one SMTP account is sufficient.

Mail server configuration

This completes the setup of Amazon SES. Now we have to configure mailcow accordingly. Fortunately, this can be done quite quickly. First we add a new relay host, specifying the SMTP data we just created. To do this, we go to the Administration configuration within the mailcow UI:

Once this is done, we define in the second and last step which domains are to be sent via Amazon SES. This can be done in the mailbox configuration at domain level:

Conclusion

This completes the setup. Now you should test the function by sending a mail. As mentioned above, you should be careful not to generate too many bounces/returns. Amazon gets nervous if the bounce rate exceeds 5%.