Apache 2.4.39
[.htaccess] Or [httpd.conf]
# Set allowed IPs to 0.0.0.0 # AWS ELB admin screen access control <location "/wp-admin"> # Admin IP SetEnvIf X-Forwarded-For "0.0.0.0.*" allowed_ip_admin SetEnvIf X-Forwarded-For "0.0.0.0.*" allowed_ip_admin Order Deny,Allow Deny from all Allow from env=allowed_ip_admin </location>
Notes on things to watch
– Register the SMTP Server’s Global IP as an A host record in DNS
– Register SPF record in DNS
– Register DMARC record in DNS
– Register DKIM record in DNS (if needed—about 35% adoption as of June 2019)
■MX, SPF and other mail server verification tools
■DMARC record check tool
– For AWS, submit a request to remove SMTP sending restrictions
■About removing AWS SMTP sending restrictions
To avoid being flagged as spam mail
– Set “Reply-to” in outgoing emails from your system
Received an error when attempting to add an Elastic IP.
By default, Elastic IP has a limit of 5 addresses. You need to submit a request to increase this limit.
You’ll get a response in about 30 minutes.
Request link: Elastic IP request form
Important! Make sure you’re logged into AWS before clicking the link.
■When IP addresses are needed for a new service
Limit increase request 1
Service: Elastic IPs
Region: Asia Pacific (Tokyo)
Limit name: EC2-Classic Elastic IP address limit
Requested limit: 10
------------
Description of request reason: IP address is required to build a new service
Repeat endlessly
# Fix config
vi /etc/postfix/main.cf
# Restart process
systemctl restart postfix
# Send test mail to root
echo testtaro | mail root
# Send test mail to external address
echo "Test mail" | mail -s "test mail from hoge.jp server." <recipient email address>
# Analyze logs
systemctl status postfix -l
If you only need to send mail, this configuration should be enough. Since we’re not considering relay or mail reception, you don’t need to open ports 25 or 587 in AWS Security Group [In].
If you aim to send or receive large volumes of email from within AWS VPC, you’ll need to go through AWS’s email sending limit removal request, which takes considerable effort. With current restrictions, you won’t hit limits at 200 emails per 24 hours or 1 per second, so this should be fine for administrative mail purposes.
# Command to check installed mta
alternatives --display mta
mta - status is automatic.
Link currently points to /usr/sbin/sendmail.postfix.sendmail.postfix should be installed, but if not, install it via yum or similar.
; Change port to 587
smtp_port=587
; mta path & command settings
sendmail_path = /usr/sbin/sendmail.postfix -t -i
; Default character encoding
default_charset = UTF-8
; mbstring defaults
mbstring.language = Japanese
; Do not auto-convert HTTP input character encoding to internal character encoding
mbstring.encoding_translation = Off
; Character code detection priority order
mbstring.detect_order = UTF-8,SJIS,EUC-JP,JIS,ASCII
; Set timezone to Japan Standard Time
date.timezone = Asia/Tokyo
; Security improvement - hide PHP version info
expose_php = Off