How to configure Postfix in Plesk to relay all emails to Amazon SES?

Kuzma Ivanov

Updated February 19, 2026 03:54

kb: how-to Plesk for Linux

Applicable to:

Plesk for Linux

Question

How to configure Postfix in Plesk to relay all emails to Amazon SES?

Answer

Plesk interface

Log in to Plesk.
Go to Tools & Settings > Smarthost (Mail section).
Fill in the fields with the SMTP SES details that you have.
Apply the changes.
Add domains / email addresses as verified identities in Amazon SES.
Check out this Amazon KB article for the instructions:
- Resolve the 554 or 400 "Message rejected" error on Amazon SES

Command-line interface

Warning: The steps below describe how to configure integration with a 3rd-party service that is not officially supported by Plesk and should be performed only at your own will and risk. Alternatively, consider this task to be handled by the Plesk Professional Services team on your behalf by submitting an official request.

Note: The configuration below is not compatible with the Plesk Email Security extension. Consider removing it before applying the changes below.

Connect to your Plesk server via SSH.
Switch to Postfix, if it is not used as a mail server.
For safety reasons, create a copy of configuration file /etc/postfix/main.cf:

# cp -a /etc/postfix/main.cf{,.original}
Open /etc/postfix/main.cf in a text editor. In this example, we are using vi editor:

# vi /etc/postfix/main.cf
Modify the file:

5.1. Locate relayhost line and add the Amazon SES SMTP service as relayhost (obtain the name of the SMTP endpoint from Amazon SES):

CONFIG_TEXT: relayhost = [replace_with_your_smtp_endpoint.amazonaws.com]:587

Note: Ports 465 and 587 are used for mail submissions towards the Amazon SES server, due to which you should make sure that they are open for incoming and outgoing connections in firewall, if used.

5.2. Make sure the following lines are present at the end of /etc/postfix/main.cf (add them if they are not there):

CONFIG_TEXT: smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
header_size_limit = 4096000

5.3 Save the changes and close the file.

Warning: Verify that there are no duplicate directives that can break the configuration. Comment out or remove duplicate directives, if there are any.
Open /etc/postfix/sasl_passwd in a text editor:

# vi /etc/postfix/sasl_passwd
Add Amazon SES SMTP username and password (replace SMTPUSERNAME and SMTPPASSWORD with the username and password provided by Amazon SES:

CONFIG_TEXT: [your_smtp_endpoint.amazonaws.com]:587 SMTPUSERNAME:SMTPPASSWORD
Save the changes and close the file.
Use the postmap utility to generate a new database sasl_passwd.db file:\

# postmap /etc/postfix/sasl_passwd.db
Verify that the .db file has been created:

# ls -l /etc/postfix/sasl_passwd*
-rw------- 1 root root ... /etc/postfix/sasl_passwd
-rw------- 1 root root ... /etc/postfix/sasl_passwd.db
Set required permissions for both sasl_passwd and the newly created sasl_passwd.db file:

# chmod 600 /etc/postfix/sasl_passwd

# chmod 600 /etc/postfix/sasl_passwd.db
Reload the Postfix service to apply changes:

# systemctl restart postfix
Send a test mail to check if the postfix works properly with Amazon SES:

# echo "This is a test email." \
| mail -r example@frommail.com-s 'AWS SES test' example@tomail.com

You can then trace this email in the mail log/var/log/maillog.

Additional Information

Integrating Amazon SES with Postfix - Amazon Simple Email Service

Comments

1 comment

atorres
October 11, 2024 17:02 (Edited October 17, 2024 19:07)

This tutorial has a couple of errors

Step 7, should be SMTP_HOST SMTP_USERNAME:SMTP_PASSWORD

Step 9, Instead of "postmap /etc/postfix/sasl_passwd.db" should be "postmap /etc/postfix/sasl_passwd"

0

Please sign in to leave a comment.