I know next to nothing about perl so I could use some help.

I've (painstakingly) configured postfix and the ses.send-email.pl script provided by Amazon as described here. For some reason, the script seems to ignore the sender that I have specified using the -f flag and instead looks to the user@domain who is actually sending the email.

My aws-email line in /etc/postfix/master.cf looks like this:
If I'm logged in as user sneakyimp on my Ubuntu instance (hosted in EC2) and type in these commands:
Then the mail log (/var/log/mail.log) shows that the sender is sneakyimp@example.com rather than the verified_user@example.com that is specified using the -f flag in master.cf.

NOTE that I am able to get mail to send as long as sneakyimp@example.com is one of my verified addresses, but I want ALL mail being sent from this server to come from verified_user@example.com. I expect mail to come from a variety of services (cron jobs, samhain, fail2ban, etc.) so it's kind of unreasonable for me to have to register every single process with its own verified address.

I've attached perl script in question. Am I misunderstanding what the -f flag is for? Is the perl script ignoring this flag?

Attached Files

ses-send-email.pl.txt (6.4 KB, 27 views)

I don't know if you fixed this already, and I don't run Postfix, but maybe a user / email mapping (sender_canonical_maps) could help?

*BTW the Perl Include problem in your other thread can be addressed in different ways, see http://www.perlhowto.com/extending_the_library_path or http://www.perlmonks.org/?node_id=923351.


//NTLB

Thanks for hte response, unSpawn. You are a generous soul -- and advice on Postfix is hard to come by. Postfix seems really complex and the documentation leaves a lot to be desired.

sender_canonical_maps does look promising, but I'm wondering if it's possible to specify a wildcard that matches ALL senders -- i.e., regardless of what user/process is sending mail, it will all have a sender address of verified_user@example.com. I've been back to the postfix documentation repeatedly and just seem to get confused by the sprawl of it -- so many daemons and steps and some weird sequence of rewrites that happen. It makes Apache mod_rewrite look like kindergarten.

If it is possible to match each and every possible user/process on this machine to one outgoing/sender email address, I think that solves my problem. I've googled for "postfix canonical wildcard" and a variety of other searches and cannot seem to find an example of sender_canonical_maps using a wildcard. Please note that I'm not trying to circumvent any spam measures or mail delivery policies. In particular:
1) This machine should never accept any email from any remote server -- the iptables and firewall should have any mail ports locked tight. Furthermore, I believe I have postfix configured such that it does not accept mail from strangers.
2) No mail should ever be delivered locally -- I believe I have this resolved in my postfix configuration


An alternative to configuring postfix to use only one sender would be to alter the perl script (or its associated library) that I attached before such that it always specifies one and only one sender email address to the Amazon SES gateway. Still another option would be to msmtp or esmtp but I know nothing about these and want to make sure that no mail is ever delivered locally, all mail sent by this machine goes through the Amazon SES gateway, and all mail appears to have one single sender of verified_user@example.com.

I don't know if I made it clear in my last post, but I want to map ALL sender addresses through this one sender address -- configuring each email address separately is going to be too much trouble given the number of machines I expect to manage based on this configuration. Also, I hope that this many-to-one address mapping will still preserve somehow the identity of the original sending user/process so that I know who needs adjustment to reduce unecessary email notifications.

Here's an example: http://binblog.info/2012/09/27/postf...outgoing-mail/ and it appears Reuti is a Postfix wizard: http://www.linuxquestions.org/questi...ostfix-852693/ ..

Thanks, UnSpawn, for those two examples. The first one doesn't mention the change you need to make to main.cf but does give a perfect example with the regex pattern. I think that will accomplish what I've been after.

That's also good news about Reuti being Postfix wiz. I expect I'll have more postfix questions sooner rather than later.

I'm also very curious about esmtp and msmtp -- I expect they are a lot simpler and are really what I should be using, but don't know much about them. Specifically, I don't know how to:
* prevent any local mail delivery -- no one will ever check the mailboxes on these virtual machines and disk space is very very limited
* route ALL mail sent from this machine through Amazon SES gateway, either using the PERL script they provide or via *encrypted* connection to the Amazon SES SMTP gateway
* rewrite sender of all mail originating from this machine to be some_verified_address@example.com so that the Amazon SES gateway accepts mail for delivery

I expect Postfix is overkill for the simple mail needs of this server.

Let's hope so.


I was just kidding OK? I mean there's more than a few members who are conversant with Postfix so as long as you have a good title and clear story someone will show up.


Time to do some research into esmtp and msmtp then, good luck with that!

OK I've tested the sender_canonical_maps directive you have suggested and it WORKS. I'm delighted.

To summarize, one can configure postfix to have one sender for all outgoing mail by doing this. Edit /etc/postfix/main.cf and make sure it has this setting:
Then, create the file /etc/postfix/sender_canonical and make sure it contains this:
There is no need to do a postmap on the sender_canonical file. You must reload/restart postfix:

While I appreciate it its whatshisname who did the work.