Postfix with AWS SES / GCP Mail Relay Integration on Ubuntu 22.04

Introduction

Running your own Postfix mail server can be risky for email delivery.
If your server IP gets blacklisted, emails go to spam.
To solve this, companies use SMTP relay services like AWS SES or GCP Mail Relay.
In this guide, we will configure Postfix on Ubuntu 22.04 to send outgoing mail via AWS SES or GCP Relay.

Step 1: Install Postfix

sudo apt update
sudo apt install -y postfix mailutils libsasl2-modules

During installation, select:

  • General type of mail configuration: Internet Site
  • System mail name: bitscentric.local

Step 2: Get SMTP Credentials

  • AWS SES: From AWS Console → SES → SMTP Settings → Create SMTP Credentials.
  • GCP: From Google Workspace Admin → SMTP relay service → Allow your server IP → Use your Google account credentials.

You will get:

  • SMTP Server (AWS SES: email-smtp.us-east-1.amazonaws.com, GCP: smtp-relay.gmail.com)
  • SMTP Port (587 or 465)
  • Username and Password

Step 3: Configure Postfix for Relay

Edit Postfix main configuration:

sudo nano /etc/postfix/main.cf

Add these lines at the end:

relayhost = [email-smtp.us-east-1.amazonaws.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

For GCP, use:

relayhost = [smtp-relay.gmail.com]:587

Step 4: Configure SMTP Credentials

Create file /etc/postfix/sasl_passwd:

[email-smtp.us-east-1.amazonaws.com]:587 username:password
[smtp-relay.gmail.com]:587 username:password

Secure the file:

sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

Step 5: Restart Postfix

sudo systemctl restart postfix

Step 6: Test Sending Email

Send a test email:

echo "Test mail from Postfix via SES" | mail -s "Postfix Relay Test" yourname@example.com

Check mail logs for confirmation:

tail -f /var/log/mail.log

Step 7: Verify Email Delivery

Check recipient mailbox → The mail should show as delivered successfully.
If using AWS SES sandbox, make sure both sender and recipient are verified in AWS Console.

Benefits of Using AWS SES / GCP Relay

  • Better deliverability → mails go to Inbox, not Spam.
  • No IP reputation management needed.
  • Scales easily for bulk emails.
  • Secured with TLS.
  • Industry standard for production environments.

Best Practices

  • Use SPF, DKIM, and DMARC DNS records for your domain.
  • Always use port 587 with TLS for client-to-relay submission.
  • Monitor /var/log/mail.log for errors and bounces.
  • For AWS SES → move from sandbox to production for real use.
  • For GCP → whitelist server IP in Google Workspace relay settings.

Conclusion

We successfully integrated Postfix with AWS SES and GCP Mail Relay on Ubuntu 22.04.
With this setup, all outgoing emails are sent via trusted cloud providers, giving better inbox delivery and less risk of blacklisting.
This is a best practice for any production-level mail server.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trends

Prometheus and Grafana Interview Questions and Answers
Force Linux User to Change Password at First Login and Periodically on Rocky Linux/RHEL-8
Create Bulk Zimbra Users Using Shell Script
Setup NFS Server and Client in Rocky Linux 8