# To configure Sendmail to send email through Amazon SES using STARTTLS



## benpptung (Aug 29, 2013)

I follow Amazon SES instruction on the following URL http://docs.aws.amazon.com/ses/latest/DeveloperGuide/sendmail.html but got no luck.

Since FreeBSD has no /etc/mail/sendmail.mc, I use the following way to configure Sendmail:

`# make`
Edit the /etc/mail/{host}.mc to add Amazon's lines.
`# make install & make restart`
I got 530 Authentication required from Amazon. By using the command line guide on http://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp-client-command-line.html I am sure my username and password are correct.

Then, I've googled for FreeBSD Sendmail for related answers. I've found there are various ways, including to add TLS, or SASL, etc. But don't know which way will fix the problem.

Is there any easy way and correct way to fix this problem? Thank you very much


----------



## benpptung (Aug 30, 2013)

gpatrick said:
			
		

> You want Sendmail to relay to Amazon SES.  You need to know what port (587?) and you can look at authinfo for SMTP AUTH.  You'll need to create certificates for Sendmail.
> 
> You'll need to set your SMART HOST to whatever Amazon uses (e.g., smtp.amazon.com) and set the MAILER and ESMTP RELAY in Sendmail.



*H*i @gpatrick, thank you for reply.

*Y*es, as I said, I follow the steps of "To configure Sendmail to send email through Amazon SES using STARTTLS" ]of the documentation on the following URL: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/sendmail.html

The documentation is not designed for FreeBSD. So, while it comes to the step 6, to add lines to sendmail.mc. I walk in a different way, to use  `# make` to get the /etc/mail/{host}.mc file as source file of sendmail.cf. Then, after the lines are added, `# make install && make restart`

The lines added are

```
define(`SMART_HOST', `email-smtp.us-east-1.amazonaws.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
MASQUERADE_AS(`YOUR_DOMAIN')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
```

So, I guess it is port 25 according to the second line.

Just wondering if FreeBSD default Sendmail support TLS or TLS wrapper? Because according to Amazon Document, in this case, I can try stunnel, and I am trying stunnel now.

Another wondering question is the response from Amazon is 530. It seems Sendmail doesn't send the SMTP credential to Amazon SES. Don't know where it is wrong.


----------



## benpptung (Sep 1, 2013)

gpatrick said:
			
		

> It is certainly something with SMTP AUTH in your setup.
> 
> Are your /etc/mail/authinfo and /etc/mail/access setup correctly?
> 
> Also, YOUR_DOMAIN should actually be the domain you're sending from.



Hi, @gpatrick, yes, it is using the quide from Amazon SES, and the 


```
MASQUERADE_AS(`YOUR_DOMAIN')dnl
```
YOUR_DOMAIN is changed to my verified domain.

I've tried the following command to see the log `sendmail -i -v -Am -d60.5 -f [email=from@verified.email]from@verified.email[/email] -- [email=to@verified.email]to@verified.email[/email]` and see the transaction log. 

It seems the 
	
	



```
MASQUERADE_AS(`YOUR_DOMAIN')dnl
```
 is not working, it keeps EHLO the machine hostname, but according to Amazon's document, it should be my verified domain. :x


----------



## wblock@ (Sep 1, 2013)

Have you seen the Handbook section about SMTP Authentication?


----------



## kpa (Sep 1, 2013)

benpptung said:
			
		

> Hi, @gpatrick, yes, it is using the quide from Amazon SES, and the
> 
> 
> ```
> ...



MASQUERADE_AS does nothing to what is sent in the HELO/EHLO greeting. Try this in your .cf file:


```
define(`confHELO_NAME', `mydomain.tld')
```


----------



## benpptung (Sep 2, 2013)

Thank you for all the help.  I decide to give up.


----------

