I'm trying to build aws-smtp-relay from source because I need an Arm-architecture version.

I should start by saying that I know absolutely nothing about go or building software that uses go ... but that may become readily apparent :)

If I clone the git repository and try to build the software, I get these errors:

main.go:11:2: cannot find package "github.com/blueimp/aws-smtp-relay/internal/auth" in any of:
        /usr/lib/go-1.10/src/github.com/blueimp/aws-smtp-relay/internal/auth (from $GOROOT)
        /home/ubuntu/go/src/github.com/blueimp/aws-smtp-relay/internal/auth (from $GOPATH)
main.go:12:2: cannot find package "github.com/blueimp/aws-smtp-relay/internal/relay" in any of:
        /usr/lib/go-1.10/src/github.com/blueimp/aws-smtp-relay/internal/relay (from $GOROOT)
        /home/ubuntu/go/src/github.com/blueimp/aws-smtp-relay/internal/relay (from $GOPATH)
main.go:13:2: cannot find package "github.com/blueimp/aws-smtp-relay/internal/relay/pinpoint" in any of:
        /usr/lib/go-1.10/src/github.com/blueimp/aws-smtp-relay/internal/relay/pinpoint (from $GOROOT)
        /home/ubuntu/go/src/github.com/blueimp/aws-smtp-relay/internal/relay/pinpoint (from $GOPATH)
main.go:14:2: cannot find package "github.com/blueimp/aws-smtp-relay/internal/relay/ses" in any of:
        /usr/lib/go-1.10/src/github.com/blueimp/aws-smtp-relay/internal/relay/ses (from $GOROOT)
        /home/ubuntu/go/src/github.com/blueimp/aws-smtp-relay/internal/relay/ses (from $GOPATH)
main.go:15:2: cannot find package "github.com/mhale/smtpd" in any of:
        /usr/lib/go-1.10/src/github.com/mhale/smtpd (from $GOROOT)
        /home/ubuntu/go/src/github.com/mhale/smtpd (from $GOPATH)

If I then run go get to fetch the missing packages and try again to build the software, I then get these errors:

main.go:11:2: use of internal package not allowed
main.go:12:2: use of internal package not allowed
main.go:13:2: use of internal package not allowed
main.go:14:2: use of internal package not allowed

What steps do I need to take to correctly build the software? Curiously, go get github.com/blueimp/aws-smtp-relay does work but that isn't sufficient for me to be able to build a Docker image that I can then use on an Arm processor.

Thanks.

We've a case where it would be ideal to configure the relay (running on k8s) to filter out emails if they contain problem email from addresses - which can be very useful for platform managers when managing client and platform reputation.

I'd love to get some thoughts to see if you're receptive to the feature?

I've submitted a PR with a draft for this feature (#10)

We have an issue where one of our applications is unable to send via the aws-smtp-relay.

We have replicated this following the same steps at https://www.wikihow.com/Send-Email-Using-Telnet

$ docker run --rm -d -p 1025:1025 blueimp/aws-smtp-relay
$ telnet localhost 1025
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 03c9d18e7fc6 AWS SMTP Relay ESMTP Service ready
HELO test.example.com
250 03c9d18e7fc6 greets test.example.com
MAIL FROM: [email protected]
501 5.5.4 Syntax error in parameters or arguments (invalid FROM parameter)

Any ideas what's happening? The above commands work when using against other mail servers and appear to be valid against the RFC.

Thanks

Could I please get some advice on the following issue which I've come across?

I've been brought an issue and tried to reproduce the problems in the test suite you've provided with this module/binary. Note that the changes simply adapt the existing test to support multi-value to fields with checks against those values as the existing check only checked the first value.

Code changes

func TestSend(t *testing.T) {
	origin := net.TCPAddr{IP: []byte{127, 0, 0, 1}}
	from := "[email protected]"
	to := []string{"[email protected]", "[email protected]", "[email protected]"}
	data := []byte{'T', 'E', 'S', 'T'}
	setName := ""
	timeBefore := time.Now()
	input, out, err := sendHelper(&origin, &from, &to, &data, &setName)
	timeAfter := time.Now()
	if *input.Source != from {
		t.Errorf(
			"Unexpected source: %s. Expected: %s",
			*input.Source,
			from,
		)
	}
	for _, y := range input.Destinations {
		fmt.Println(string(*y))
	}
	for i := range to {
		if *input.Destinations[i] != to[i] {
			t.Errorf(
				"Unexpected destination: %s. Expected: %s",
				*input.Destinations[i],
				to[i],
			)
		}
	}

Console output

 01:46 PM:~/Projects/aws-smtp-relay $ make test
go test ./...
ok      github.com/blueimp/aws-smtp-relay       (cached)
[email protected]
[email protected]
[email protected]
--- FAIL: TestSend (0.00s)
    relay_test.go:80: Unexpected destination: [email protected]. Expected: [email protected]
    relay_test.go:80: Unexpected destination: [email protected]. Expected: [email protected]
FAIL
FAIL    github.com/blueimp/aws-smtp-relay/internal/relay        0.019s
make: *** [test] Error 1
 01:50 PM:~/Projects/aws-smtp-relay $ 

Observations

• The input values are not being parsed into input correctly.
• The fail check is working given the values, however because the values are incorrect, it is failing.

Great piece of software!

1. We have multiple AWS accounts and was wondering if there was a way to tell the program which one to use based on the FROM addresses or simply just which account to send it through.

2. Also is there a way to set throttle so it sticks to thresholds given by AWS?

3. Is increase capacity equal to simply upgrading the server to higher specs or do we need to make any code changes to handle higher concurrent loads?

Hi
I am using this on EKS cluster with service account. since last merge aws-sdk should support OIDC with service account.
but it seems that the pod is still getting instance iam role.

SMTPDataError: (554, "User arn:aws:sts::xxxxxxxxxxx:assumed-role/eks-node/i-0dabef8d257d9d78d' is not authorized to perform ses:SendRawEmail' on resource arn:aws:ses:eu-west-1:xxxxxxxxxxx:identity/example.com' (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: AccessDenied; Request ID: xxxxxxxxx-eda9-4221-96bb-xxxxxxxx)") `
instead of specified IAM role for SES, the pod still getting credential from worker node IAM role.

I'm using aws-smtp-relay in conjunction with postfix on Ubuntu 20.04. I'm testing some new software on the server but I'm seeing a strange issue where SES is rejecting the recipient address for some reason.

Here is a log entry where SES has worked:

{"Time":"2021-08-16T13:26:47.911565572Z","IP":"172.19.0.1","From":"[email protected]","To":["[email protected]"],"Error":null}

and here is one where it has failed:

{"Time":"2021-08-16T13:56:35.70184176Z","IP":"172.19.0.1","From":"[email protected]","To":["[email protected]"],"Error":"MessageRejected: Email address is not verified. The following identities failed the check in region US-EAST-1: Philip Colmer \[email protected]\u003e\n\tstatus code: 400, request id: 0493b463-c13b-4cb9-a101-75496abac277"}

It seems as if the mail system is trying to send the email to "Philip Colmer \[email protected]\u003e" rather than just "[email protected]", even though the SES log shows the latter, as does postfix:

-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
86452BFFD7     4070 Mon Aug 16 13:56:35  [email protected]
(host 127.0.0.1[127.0.0.1] said: 451 4.3.5 Unable to process mail (in reply to end of DATA command))
                                         [email protected]

\u003c is < and \u003e is >, so something seems to be mis-parsing the text but I don't understand how or where.

Hi guys,

You did a good job here with aws-smtp-relay. We would like to use it, unfortunately versioning is missing on your repository and docker as well. No versioning is a risk for us while pulling "latest" version may occur on error if you make some updates in the futur with breaking change.

Do you plan to properly tag this repository according to semantic release (as example) ? You can configure dockerhub to automatically build Docker image when you add a new tag.

As a workaround, we could fork this repository and make our own Docker image, but I think it's a shame.

Regards

Hi, is there a need to set up SES SMTP hostname somewhere? Not sure I understand how it works, how it knows which SMTP to use? If I switch to my DR site for instance from eu-central-1 to eu-central-2 is there anything I need to change/add in my configuration? I use this relay as a sidecar container inside of a pod, and so far I successfully tested in one region without any additional arguments or env settings.

From reading the code, I believe v1 API is in use.

SES v2 API brings a bunch of changes, one that is important for us is increased size quotas by default see https://aws.amazon.com/about-aws/whats-new/2022/04/amazon-ses-v2-supports-email-size-40mb-inbound-outbound-emails-default/

With this launch, the default message size limit in Amazon SES V2 increases from 10MB for email sending and 30MB for email receiving, to 40MB for both sending and receiving .

It could be usefull to add some prometheus metrics exposed on a specific HTTP(s) port.
At least number of failed sends to make some alerts on them.

Metrics proposal

aws_smtp_relay_send_success_total{service="ses"} (service could be ses or pinpoint)
aws_smtp_relay_send_error_total{service="ses"}
aws_smtp_relay_client_auth_failed_total
aws_smtp_relay_client_denied_ip_total
aws_smtp_relay_client_denied_sender_total

• Http port has to be configurable, bu could be by default 9810 (regarding https://github.com/prometheus/prometheus/wiki/Default-port-allocations)
• mertrics page should be served at http://server:9810/metrics to respect conventions
• HTTPS could be a future improvement

We're looking to log email sending in Cloudwatch/Kinesis, but to do so, you need to set a header for a configuration set - is this something that can be (optionally) passed into the mail relay for all traffic?

https://docs.aws.amazon.com/ses/latest/APIReference/API_SendRawEmail.html

I'm trying to use authentication with the relay but trying to enable username/password based authentication just results in the relay returning back the following output.

root@ns03:/var/log# telnet localhost 1026
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ns03 AWS SMTP Relay ESMTP Service ready
EHLO ns03
250-ns03 greets ns03
250-SIZE 0
250 ENHANCEDSTATUSCODES
AUTH LOGIN
504 5.5.4 Unrecognized authentication type

I also just tried using IP-based filtering without specifying any username/password, (for purely IP based filtering) and the relay returns back that authentication is required and won't allow me to relay.