How to use Amazon SES as a Smarthost Cpanel

Introduction

Many providers now block outbound connections on port 25, which means that a cPanel system would need to configure a Smarthost to allow for outbound emails to function. This guide covers how to set up a Smarthost using Amazon SES.

Important Limitation

Please keep in mind that when using Amazon SES as your smarthost, you must verify ownership of every domain that you want to send messages with from your server. This means that you’ll need to manually update and maintain the AWS SES verification each time a domain is added or removed from the server. Also please keep in mind that your users may not forward any messages through SES that were not originally sent by a domain that you have verified ownership for. This is specifically in reference to the «Forward» button that users see in their email clients, or webmail such as Roundcube / Horde.

You can learn more about this limitation on the AWS SES FAQ:

https://aws.amazon.com/ses/faqs/

Further information about the AWS SES Authentication and Verification process can be found here:

• https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-authorization-overview.html
• https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-addresses-and-domains.html

Procedure

These settings can be done either from the command line or using the WHM Exim Configuration Manager under the Advance Editor. The following guide will be the focus on how to do this through the WHM interface.

First, navigate to WHM > Exim Configuration Manager > Advanced Editor.

On this page, you will need to add the following blocks of code to the following sections:

Section: PREROUTERS

send_via_ses: 
driver = manualroute 
domains = ! +local_domains 
transport = ses_smtp 
route_list = * email-smtp.us-west-2.amazonaws.com;

email-smtp.us-west-2.amazonaws.com should be replaced by the appropriate endpoint you are using with your SES.

Regions and Amazon SES

Section: TRANSPORTSTART

ses_smtp: 
driver = smtp 
port = 587 
hosts_require_auth = * 
hosts_require_tls = *

Section: AUTH

ses_login: 
driver = plaintext 
public_name = LOGIN 
client_send = : USERNAME : PASSWORD

*Make sure you updated your USERNAME and PASSWORD with your SMTP username and password.

Save Your Changes:

Go to the bottom of the page and click «Save.» The changes will get added to the Exim configuration and will automatically restart the Exim service.

Test Your Settings:

Try sending a test email using one of the Webmail applications. If the email does not leave the server, you must examine the /var/log/exim_mainlog file to determine the cause of the issue. Reading and Understanding Eximlogs

Notes:

• This guide is intended for system administrators. cPanel’s Technical Analysts cannot assist in configuring a server’s Smarthost setup.
• Configuring a Smarthost will cause all outbound emails to go through the configured provider. This document’s scope does not cover how to configure a subset of domains to go through a Smarthost; the server’s system administrator must configure this.
• The settings provided are from Amazon SES documentation.