Using Postfix to send email notifications to gmail or any such email providers causes relay issue (delay in email delivery) since gmail does not allow multiple emails from non-verified emails. I had to figure out delivering email notifications quickly to avoid any delay in response to the alerts generated by Nagios. AWS has a highly reliable email notification service called SES (Simple Email Service) which can be used to deliver such emails. In this blog I will be configuring postfix to relay the emails alerts from Nagios to use the AWS SES for delivering emails to recipients.This blogs assumes you have a working Nagios (hosts and alerts) configured.
1. Setting up the AWS SES
Verify your email which will be used to send emails. You can refer the link http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html for detailed steps for email verification on SES.
By default SES requires email verification for both sender and receiver email addresses. To avoid verification for the email addresses of recipients a request has to be generated on AWS Support for moving the your SES instance out of the sandbox into production. For detailed steps check the links below:
– SES Email Sending Limits
– Increasing SES Sending Limits
2. Configuring Postfix
Configure your Postfix setup to work as relay. On Ubuntu it can be done using following command.
dpkg-reconfigure postfix On prompting while reconfigure:
- Select “Satellite system” as your configuration.
- Set you SES smtp server as your relay host. To get your exact smtp host, open AWS SES console and click SMTP settings.
- Append below lines in /etc/postfix/main.cf
[js] smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt[/js]
Enter below details in /etc/postfix/sasl_passwd ( Create if file does not exist ):
**Your AWS SES SMTP host **:25 accessid:accesskey
For the username, password, accessid and accesskey you will have to generate a user name and password for the SES. To generate the username and password follow the below steps:-
- Open STMP Settings on your AWS SES console.
- Click “Create My SMTP Credentials” button and follow the steps.
Download the credentials files. The credential files have your accessid and accesskey which will be used as username and password.
- Execute below commands for further setup:
sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 0600 /etc/postfix/sasl_passwd
sudo postmap hash:/etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd.db
sudo postconf -e ‘smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt’
service postfix restart
The configuration is complete. To test your setup try sending a test mail.
echo test | mail -s "test message" -a "From: sender@example" firstname.lastname@example.org
3. Configuring Nagios
- Edit file nagios-installation-dir/nagios/etc/objects/commands.cfg
- add -r email@example.com at the end of mail commands wherever required.
# ‘notify-host-by-email’ command definition
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$ -r firstname.lastname@example.org
Restart Nagios :
service nagios restart
Configuration is complete. Try sending a custom notification via Nagios to test.