Configure AWS SES as relay host in aaPanel

I have a lightsail instance with an Ubuntu 20 installation. I set up aaPanel as the main control panel.

Because lightsail instances have locked port 25 for smtp service, I configured AWS SES as mail provider.

aaPanel has a tool to configure a relayhost using postfix service.

First, I verified my domain with SES by a TXT validation, my domain is properly configured in SES, also I made a test send and it was successful. By the way, my lightsail instance and SES domains are in the same region (us-west-1).

Now, on my console, I entered these commands:

sudo postconf relayhost=in-v3.mailjet.com:2587
sudo postconf smtp_tls_security_level=encrypt
sudo postconf smtp_sasl_auth_enable=yes
sudo postconf smtp_sasl_password_maps=hash:/etc/postfix/sasl_password
sudo postconf smtp_sasl_securty_options=noanonynous
sudo vi /etc/postfix/sasl_password

In vi editor, enter this line: email-smtp.us-east-1.amazonaws.com:2587 [api]:[secret]

sudo postmap /etc/postfix/sasl_password
sudo chown root:root /etc/postfix/sasl_password*
sudo chmod 600 /etc/postfix/sasl_password*
sudo systemctl restart postfix

In lightsail network section, I opened ports 2587, 25, and 465.

And with this, I suppose I can send email by relayhost on aaPanel.

When I made a test with the mailer tool on aaPanel, this is the log:

Jul 22 19:25:48 softnia postfix/qmgr[13083]: E2C8F81CD7: from=<>, size=3462, nrcpt=1 (queue active)
Jul 22 19:25:48 softnia postfix/trivial-rewrite[90585]: warning: /etc/postfix/main.cf, line 75: overriding earlier entry: relayhost=email-smtp.us-east-1.amazonaws.com:2587
Jul 22 19:25:48 softnia postfix/trivial-rewrite[90585]: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_sasl_password_maps=hash:/etc/postfix/sasl_password
Jul 22 19:25:48 softnia postfix/lmtp[90586]: warning: /etc/postfix/main.cf, line 75: overriding earlier entry: relayhost=email-smtp.us-east-1.amazonaws.com:2587
Jul 22 19:25:48 softnia postfix/lmtp[90586]: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_sasl_password_maps=hash:/etc/postfix/sasl_password
Jul 22 19:25:48 softnia postfix/bounce[90587]: warning: /etc/postfix/main.cf, line 75: overriding earlier entry: relayhost=email-smtp.us-east-1.amazonaws.com:2587
Jul 22 19:25:48 softnia postfix/bounce[90587]: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_sasl_password_maps=hash:/etc/postfix/sasl_password
Jul 22 19:25:48 softnia postfix/lmtp[90586]: E2C8F81CD7: to=<root@softnia.com>, relay=none, delay=38331, delays=38331/0.01/0/0, dsn=4.4.1, status=deferred (connect to softnia.com[private/dovecot-lmtp]: No such file or directory)

This is the postfix configuration file:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = softnia.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = 
relayhost = email-smtp.us-east-1.amazonaws.com:2587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_mailbox_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
milter_default_action = accept
message_size_limit = 102400000

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
sender_bcc_maps = hash:/etc/postfix/sender_bcc

smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/softnia.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/softnia.com/fullchain.pem
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_securty_options = noanonynous

As you can see, my base domain is softnia.com, which is appropriately configurated in lightsail and SES.