How to run a an AWS SMTP relay on Proxmox

Cover Image for How to run a an AWS SMTP relay on Proxmox

How to run a an AWS SMTP relay on Proxmox

How-to written and screenshots taken on 2021 October 74 min read

Introduction

What started as a project to run "some crypto applications" grew into something much bigger, but also more useful. I learned a tremendous amount about virtual machines, lxc containers and Proxmox. And although I'm just scratching the surface and I don't actually understand it, I know how to do some things. I'll write them down here, partly for myself, but also for you in hopes it will save one of us a lot of time and frustration.

Choosing a mail service

The initial reason why I needed to do this, is because most "machines" cannot send email by themselves. They need an SMTP server to connect to. I use Protonmail for my day to day emailing, but as their service uses encrypted mailboxes, you cannot easily use their service to send basically unencrypted transactional mails. They have a bridge, but I couldn't get it to work.

I didn't want to use Gmail and as I also have an AWS account I wanted to use AWS SES to send these info/alert machine mails. That service is made for transactional emailing, so should be perfect.

Docker image

I have very little knowledge about email servers, so I wanted to install something small and easy. I don't need a mailserver or mailbox, I just want to send mails to AWS SES (or with AWS SES). I learned that what I was looking for is called an email relay. It is a single point in the network to send all your emails to, and from there they are actually send (relayed) to the SMTP server of your mail provider.

After some piddling with Postfix (I hate it) I found a Docker image that promised to do exactly what I needed: blueimp: AWS SMTP Relay.

Install Docker image

  1. Create a Docker LXC container or VM or just install Docker.

  2. In your AWS account create

    • a policy SES-sendmail-alerts:

      {
      "Version": "2012-10-17",
      "Statement": [
      {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
      "ses:SendEmail",
      "ses:SendRawEmail"
      ],
      "Resource": "arn:aws:ses:eu-central-1:<your account id>:identity/*"
      }
      ]
      }
    • a user joeplaa.com: ses-user.alerts with policy SES-sendmail-alerts attached

  3. Create a docker-compose.yml file:

    version: "3"
    services:
    joeplaa_mailer:
    container_name: joeplaa_mailer
    image: blueimp/aws-smtp-relay:latest
    restart: unless-stopped
    environment:
    AWS_REGION: eu-central-1
    AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
    AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
    ports:
    - '1025:1025'
  4. Create a .env file with the credentials of the joeplaa.com: ses-user.alerts user:

    AWS_ACCESS_KEY_ID=<ses-user.alerts access_key_id>
    AWS_SECRET_ACCESS_KEY=<ses-user.alerts secret_access_key>
  5. Start the Docker container:

    docker-compose up -docker

Send mails from Proxmox

Postfix

  1. To be able to send mail alerts, we need to update postfix (comes installed with Debian/Proxmox).

    apt install postfix-pcre
  2. Create a file /etc/postfix/smtp_header_checks. Change "PVE" by your server name and enter the from address between <>.

    nano /etc/postfix/smtp_header_checks
    /^From:(.*)$/ REPLACE From: Proxmox PVE <proxmox@yourdomain.com>
  3. Open /etc/postfix/main.cf and add line smtp_header_checks = pcre:/etc/postfix/smtp_header_checks

    nano /etc/postfix/main.cf
    postmap /etc/postfix/smtp_header_checks
    systemctl restart postfix

    It should look something like this:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    myhostname=pve.yourdomain.com # change this to your own server name and domain
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    mydestination = $myhostname, localhost.$mydomain, localhost
    relayhost = xxx.xxx.xxx.xxx:1025 # change this to the relay host (vm/lxc/docker) ip
    mynetworks = 127.0.0.0/8
    inet_interfaces = loopback-only
    recipient_delimiter = +
    compatibility_level = 2
    smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
  4. Update and apply postfix settings:

    postmap /etc/postfix/smtp_header_checks
    systemctl restart postfix
  5. Update root email address in /etc/aliases:

    nano /etc/aliases

    It should look something like this:

    postmaster: root
    nobody: root
    hostmaster: root
    webmaster: root
    www: root
    root: root@yourdomain.com
  6. Apply new alias and restart Postfix:

    newaliases
    systemctl restart postfix
  7. Test settings:

    echo "This is the body of the email" | mail -s "This is the subject line" info@yourdomain.com

Proxmox settings

Now you can add your email address to your backup jobs and root user. Make sure that email address is verified in AWS SES.