08 JAN 2022 Hai Tran This note goes through how to setup SES (Simple Email Service) with a custom domain and receive emails in S3. Then also setup Workmail with the custom domain.
We need to do five steps 1) verify identities which are the custom domain and emails. Why need to verify emails here? Because the SES is in a sandbox environment before AWS approval for production, and need to apply for approval. In this sandbox environment, to test sending emails to an email, the email need to be verified first. 2) Create a S3 bucket and a policy to allow SES write emails into it. 3) Need to set receiving rules, and action to tell SES write receiving emails into the S3 bucekt. 4) Need to create a MX record in DNS provider, in this case Route 53 because the custom domain registered with Route 53. At this moment, this step is needed. When setup workmail, this step is easier as records are automatically generated and updated to the Route 53 DNS records. We will need to review and fix conflics if they occurs. Note that receiving email configuration is only avaiable in three regions {us-east-1, us-west-1, us-west-2}
Create and verify the custom domain. Similar verify emails which will be used for send test email.
This is policy to allow SES write email into it.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSESPuts",
"Effect": "Allow",
"Principal": {
"Service": "ses.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {
"StringEquals": {
"aws:Referer": "ACCOUNT_ID"
}
}
}
]
}
Add actions choose Deliver to S3 bucket and choose the bucket created in step 2.
Details in here Publishing an MX record for SES email receiving. In this case, the custom domain is registered with Route 53, so need to go to Route 53 console, create a MX record with following information. MX record Name
the custom domain
Value
10 inbound-smtp.us-east-1.amazonaws.com
Now we can send test emails from the custom domain to verified email in step 1. Then we go to the S3 bucket to check received emails, need to refresh or waits for few minutes somtimes.
Goto AWS Workmail console and create an organization with the custom domain. Noted the default
{yourname}.awsapps.com, we can go here to login.
Usually, with any mail clients such as thunderbird, ios mail, we need to parameters detail here
IMAP server
us-east-1.imap.mail.us-east-1.awsapps.com
SMTP server
us-east-1.smtp.mail.us-east-1.awsapps.com