openec2 Article Description
Part 1
Configure an SES/S3 Bucket for forwarding email
For Australia, we use Oregon (us-west) as the email SMTP relay service, but we can create the storage bucket that holds these emails in your own region. If you change your region from, in our case, Sydney to Oregon, this means any future use of the bucket will involve data transfers outside of your region.If you do not use this facility, it is something to know how to do as it is bound to come up as a necessary need.
This allows you to receive SSL certificates from a provider like Sectigo or Comodo to your admin@domain.com address – but you could use DNS to validate a new SSL certificate. It gives the background work so that postfix can be installed and configured if you want to send email messages via your own shell scripts. It ensures you can move out of “sandbox” mode and have WordPress emails working.
We will do the following, assuming you have a test domain name to play around with.
Create a bucket – e.g. domain.com.inbox (use your own name)
Add account permissions to the bucket
Add the domain name as an Identity to SES.
Add DNS records to the domain name so that emails go to the Amazon AWS SES service.
Add an Email Receiving rule to catch the domain emails coming into the relay service and store them into the bucket.
Add an email identity such as admin@domain.com to SES which helps us while in “sandbox” mode. SES sends a verification email to your bucket.
Manually download the email to your PC from the bucket, rename it with a .eml file extension, open it and click on the verify link so SES accepts the address.
Roadmap for next e-mail lessons
We will have separate lessons for these follow-on tasks:
– View Cloudwatch logs that show if emails fail or pass. Good for checking if you missed a step (such as forgetting to put permissions on the bucket) or made a typo.
– Add Lambda functions so that we can modify the SES rule we created above, to forward the admin@domain.com email from your S3 bucket to your own email address. This will involve new work with IAM.
– Take your Amazon account out of sandbox mode. When this is done, we can modify the SES rule to work with other emails such as contact@domain.com and DMARC emails. DMARC is required these days since 2020-2022 for security. Without SPF, DKIM, DMARC, your emails can bounce. Once out of sandbox mode, you can install other EC2 instances and websites into your account where sandbox mode is already removed.
– We will look at Lambda simple email forwarding, as an attachment, using Node.js 20.x (version) coding, and if it is still available on your account, the older method for forwarding the email fully (not as an attachment) using Node.js 16.x.
– We shall look at configurations in the WordPress WP SMTP plugin.
– We shall look at DNS records suitable to MS Exchange rather than using SES records. The two services cannot be mixed together.
As you see, this is a lot of ground to cover. It is okay to put this aside temporarily and move onto installing Linux. I strongly suggest you cover this ground now, get it under your belt, and get your account out of sandbox mode so that WordPress emails from the public will work. This work took me years to figure out with the help of many Internet forums and articles.