One of the major problems in having your systems in Amazon’s EC2 cloud is that the ip you get assigned is almost surely blacklisted with every major email blacklist before you’ve sent a single piece of email (check for this using mxtoolbox.com). I learned this the hard way when I started hearing the our registration and password reset emails were not getting received by a large number of our customers. I had just setup a new mail relay in EC2 but everything looked fine in the logs and test emails came to my personal mail server without a problem. But sure enough, when I checked the blacklists I found the ip of our mail relay on almost every blacklist.
The solution I chose was to relay all mail out of EC2 into a paid mail relay service, who would then send it on to the recipients. We were alredy using Postini as an incoming SPAM filter for our ticketing system, so I just configured that to act as an outgoing relay for the single instance running postfix and acting as the mail relay for all of our EC2 machines, which cost nothing extra. If I had needed to start a new account, they only charge by incoming accounts and you only need 1, so it’d be $12 per year for the service (worth every penny).
This is the line I added to my /etc/postfix/main.cf file to forward all mail to Postini:
Configuring Postini is always yucky in my opinion, the interface is awkward at best, but the service is excellent.
Since that day, not a single piece of mail has been blocked because of SPAM blacklists.
Hey Jeff — good to see you blogging again! I did the same thing in a test environment in EC2. We use ReturnPath to check the ‘reputability’ of our email service. When I tested the Postini-based solution, all of the ISPs checked by ReturnPath got our test emails fine, except…you guessed it, Yahoo. I think Yahoo blocks Postini by default, because it’s owned by Google
Anyway, consider implementing DomainKeys, which might make Yahoo happier.
The Cobra