Problem sending mail via Amazon SES ?
Are you getting error on WHMCS after smtp configuration ?
We want to use Amazon SES (Simple Email Service) smtp in our WHMCS system. But, after configuration we may get error message from WHMCS as following:
Email Sending Failed
SMTP Error: Could not connect to SMTP host.
Don’t worry ! It’s a simple firewall issue.
We need to open a outgoing mail port for your username (system username / UID). Amazon SES accept port 25, 465 and 587. We can choose any one from the 3 ports provided. If we want to send mail via 25 port, then we have to create a firewall rule to accept outgoing port 25. The same for 465 or 587, need to open an outgoing mail port for the specific user.
This is not just open a port on TCP protocol, it’s specially outgoing rule.
Why for an specific user?
Yes, some mail server has setup with restriction on SMTP to allow only the MTA, mailman, and root to connect to remote SMTP servers.
But, our WHMCS installation is setup in a user account which is owned by a different user (System user) other than MTA, mailman, and root.
Suppose, if we use cPanel then the cPanel login username is the system user. And the cPanel user is not permitted to connect to remote SMTP server.
Here I’m going to show you the process for CentOS 7 with FirewallD command. If your system is different, just open the outgoing port by following your system documentation.
The instruction below will open an outgoing port for mail port 587 for the specific account user. (Using 587 seems better to me)
firewall-cmd --permanent --zone=public --direct --add-rule ipv4 filter OUTPUT 0 -p tcp --dport 587 -m owner --uid-owner systemusername -j ACCEPT
firewall-cmd --reload
The above command is a direct rule for CentOS 7 firewall, the rule has a outgoing filter specially to work with an external smtp server. Please replace “systemusername” with your actual username.
firewall-cmd –permanent –zone=public –direct –add-rule ipv4 filter OUTPUT 0 -p tcp –dport 587 -m owner –uid-owner systemusername -j ACCEPT
Firewall configuration is done, now we have to setup a delay reload of firewall configuration after every restart of the system.
Why delay reload firewall after reboot?
Think that, after every system reboot, the processes start running one by one. The fact is the firewall runs before the SMTP restriction process ! So, SMTP restriction applied over firewall rules, and the remote SMTP authentication will fail.
So, here we will reload the firewall by 5 minutes wait after the reboot. So, the firewall rules will apply over SMTP restriction on every system reboot.
Create a script to reload the firewall.
nano /root/firewall-reload.sh
Write the below command in the script file.
sudo firewall-cmd --reload
Save and exit the file, and set a file permission to be executable.
chmod +x /root/firewall-reload.sh
Open cron job file to schedule run the script file on system startup.
sudo env EDITOR=nano crontab -e
Write the below command at the end of the crontab file.
@reboot sleep 300 && /root/firewall-reload.sh > /dev/null 2>&1
Save and exit the crontab file. Done.
Now is the time to review your WHMCS mail SMTP configuration.
If you use the 587 port for email sending via Amazon SES, please configure your WHMCS smtp as following:
Mail Type: SMTP
Mail Encoding: 8bit
SMTP Port: 587
SMTP Host: email-smtp.us-west-2.amazonaws.com
SMTP Username: your amazon ses SMTP username
SMTP Password: your amazon ses SMTP password
SMTP SSL Type: TLS
Save your SMTP settings in WHMCS and make sure you have unlocked email sending limit in your Amazon SES account.
Verify your domain in Amazon SES page. If your WHMCS is installed in a subdomain, then add and verify the subdomain also to your Amazon SES page.
Now your WHMCS is ready to send mail via Amazon SES.
Leave A Comment