Multiple AWS accounts

[roshanjonah]

Great piece of software!

1) We have multiple AWS accounts and was wondering if there was a way to tell the program which one to use based on the FROM addresses or simply just which account to send it through.

2) Also is there a way to set throttle so it sticks to thresholds given by AWS?

3) Is increase capacity equal to simply upgrading the server to higher specs or do we need to make any code changes to handle higher concurrent loads?

[blueimp]

Hi @roshanjonah,

1. If you want to use different AWS account based on the FROM address, your best bet is to implement this logic before you sent it to aws-smtp-relay. The relay is specifically built to not have to define AWS accounts and access permissions, but to use AWS roles instead, see also https://github.com/blueimp/aws-smtp-relay#credentials

2. There is no in-built throttling nor rate-limiting, but with a good use case, contributions are always welcome. :)

3. For horizontal scaling, you could potentially make use of AWS Network Load Balancer, with multiple aws-smtp-relay containers behind it. Otherwise yes, you can scale vertically by increasing specs.

[cyraxx]

I have a similar issue: The SES identity that I'm sending mails as is in a different AWS account. It is my understanding that for cross-account sending, the ARN of the identity needs to be passed to SES either via the SourceArn parameter in the API call or the X-SES-SOURCE-ARN email header.

Unfortunately the SMTP client I'm using does not support adding custom headers to the email so it seems to me that SourceArn support would have to be added to aws-smtp-relay. Do you have any advice or a different solution?

[blueimp]

Yes, providing the SourceArn parameter in the API call from aws-smtp-relay to the SES API would be the right approach in my opinion.

If we add it, we probably wanna add support for SourceArn, FromArn and ReturnPathArn: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-authorization-delegate-sender-tasks-email.html#sending-authorization-delegate-sender-tasks-api-sendrawemail

This capability would have to be added to the project as a configuration parameter, similar to the other options: https://github.com/blueimp/aws-smtp-relay#options

[mmacaula]

Not sure if it helps, but we were able to do cross account sending by setting the AWS_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. Obviously these are secret but it did get us what we needed

[blueimp]

@mmacaula Setting those secrets as environment variables somewhat defeats the purpose of this project:

SMTP server to relay emails via Amazon SES or Amazon Pinpoint using IAM roles.

If you are ok to use credentials to send emails, I would recommend you to make use of the official SMTP APIs instead:

• https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp.html
• https://docs.aws.amazon.com/pinpoint/latest/userguide/channels-email-send-smtp.html