On my list of things to try: Amazon SES for outbound/inbound email handling
Posted by jpluimers on 2021/08/10
- [WayBack] Amazon Simple Email Service (Amazon SES)
- [WayBack] Amazon SES IP addresses | AWS Messaging & Targeting Blog
- [WayBack] Send an Email Through Amazon SES Using SMTP – Amazon Simple Email Service
- [WayBack] Receiving Email with Amazon SES | AWS Messaging & Targeting Blog
- [WayBack/Archive.is] Why should one use Amazon SES when emails can be sent using existing SMTP? : aws
- [WayBack] Here’s my email server recipe – Techzim
SES mail servers at the time of writing
*n*x:
# nslookup -type=TXT amazonses.com | grep "v=spf1" amazonses.com text = "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"IWindows
C:\>nslookup -type=TXT amazonses.com | find "v=spf1" Non-authoritative answer: "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"
These addresses use a compact CIDR notation to denote ranges of networks containing ranges of network IPv4 addresses.
CIRD processing to sendmail access file
(this is linux sendmail only)
Converting the nslookup outout to a CIDR based sendmail /etc/mail/access excerpt goes via a pipe sequence of multiple sed commands:
# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g' | xargs -I {} sh -c "prips {} | sed 's/$/\tRELAY/g'" 199.255.192.0 RELAY 199.255.192.1 RELAY ... 76.223.190.254 RELAY 76.223.190.255 RELAY
What happens here is this:
- Filter out only
spf1records usinggrep. - Remove the head (
.*v=spf1 ip4:) and tail (-all") of the output, see [WayBack] use of alternation “|” in sed’s regex – Super User. - Replaces all
ip4:with newlines (so the output get split over multiple lines), see [WayBack] linux – splitting single line into multiple line in numbering format using awk – Stack Overflow. - Convert the CIDR notation to individual IP addresses (as sendmail cannot handle CIDR),
- This uses a combination of
xargswith theshtrick to split the CIDR list into separate arguments, andprips(which prints the IP addresses for a CIDR); see:- for
xargswithsh: [WayBack] shell – Piping commands after a piped xargs – Unix & Linux Stack Exchange - for
prips: [WayBack] prips / Prips · GitLab and [WayBack] Sendmail Open Source FAQs 0 (PDF).
- for
- Alternatively, use
cidrexpand(which requires Perl), see [WayBack] sendmail access file and cidrexpand and [WayBack] cidrexpand in sendmail | source code search engine- the bash script at [WayBack] ip address – Bash script to list all IPs in prefix – Stack Overflow
- This uses a combination of
- Replaces all end-of-line anchor (
$) with a tab followed byRELAY, see
You can append the output of this command to /etc/mail/access, then re-generate /etc/mail/access.db and restart sendmail; see for instance [WayBack] sendmail access.db by example | LinuxWebLog.com.
Without the xargs, the output would look like this:
# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g' 199.255.192.0/22 199.127.232.0/22 54.240.0.0/18 69.169.224.0/20 76.223.180.0/23 76.223.188.0/24 76.223.189.0/24 76.223.190.0/24
Via
- [WayBack] ZIVVER Support
- [WayBack] Jeroen Pluimers op Twitter: “Waar staat de lijst met uitgaande @ZIVVER_NL mail servers? Ik heb namelijk de indruk dat zivver mail naar mij niet aankomt, en als ik weet van welke servers het verstuurd wordt, kan ik meer gericht in de mail logs zoeken.”
- [WayBack] SchipholWatch on Twitter: “Wij gebruiken Amazon AWS SES als externe mailserver, en Mailchimp voor de nieuwsbrief ;-)… “
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment