Just Migrated from Ubuntu 18.04 to 22.04 - No Problems

Hi Everyone,

I run my MiaB on AWS EC2 t2 micro. Everything went fine.

I first attached a new temporary volume to the old Ubuntu machine and copied /home/user-data/backup to it. The instructions on how to backup and restore (Moving to a New Box) at Mail-in-a-Box Maintenance Guide worked well for me.

I would highly recommend a larger temporary volume then you think you need, in order to increase the TPS, which seemed to be a bottleneck for me. After all - it’s just pennies more.

That’s it. Thanks Josh and anyone else who contributes to this awesome software.

Actually , there was one thing additional i had to do for AWS to use SES as my mail relay. The required postfix settings did not transfer.

Previous discourse:

For posterity, updated:

Using MiaB in AWS presents challenges with regards to trustworthiness. Many of the public (elasticIP) address ranges have been greylisted on several address lists. If you’re unlucky enough to have this problem, receiving ends may drop your email. This happened to me before.

AWS realises this and provides a service to forward emails. SES. They require that you update your DNS records with TXT to prove domain or email address ownership, and provide a dash to help you determine if your mail server is behaving correctly. The only catch is that you can directly receive inbound emails using MiaB, but when sending outside the box to the internet at large, you must use the SES forwarding service. Their servers are trusted. It’s way too easy for bad actors to stand up a fly-by-night mail spam server with AWS, and this is the resolution to help legit users, like me.

They require that you implement an SSL tunnel (stunnel) and provide SASL credentials for the forwarding device.

As such, the modifications for postfix’s main.cf are as follows:

relayhost = 127.0.0.1:2525
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd.db

apt-get install stunnel

The stunnel config is as follows:

ubuntu@ip-172-31-15-250:/media/OLD14/etc$ cat stunnel/stunnel.conf
[smtp-tls-wrapper]
accept = 127.0.0.1:2525
client = yes
connect = email-smtp.us-east-1.amazonaws.com:465
delay = yes
#cert = /etc/stunnel/mail.pem

The SASL password generation is private, and per AWS user. It must be binary’d using postfix map:

/etc/posfix/sasl_passwd:

127.0.0.1:2525 AWSKEY:AWSSECRET

sudo postmap /etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo systemctl restart postfix

In order to startup stunnel automatically, it is required:

/etc/default# more stunnel4
# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003

# Change to one to enable stunnel automatic startup
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""

# Change to one to enable ppp restart scripts
PPP_RESTART=0

/etc/init.d/stunnel4 start
/etc/init.d/stunnel4 status

Verify
send email to external domain (like @google etc)
check /var/log/mail.log for information on SASL failures
check AWS SES dashboard to see daily usage mails sent increase

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.