AWS Messaging & Targeting Blog

Using IIS SMTP on Windows 2008/2012 with Amazon SES

A natural extension for customers using Windows Server 2012 on AWS is to use Amazon SES for sending email. This post shows you how to configure the IIS SMTP service that is included with Windows to send email through Amazon SES. You can use the same configuration on Windows Server 2008 and Windows Server 2008 R2.

Set Up Windows Server 2012

From the Amazon EC2 management console, launch a new Microsoft Windows Server 2012 Base EC2 instance.

Microsoft Windows Server 2012 AWS instance

Connect to the instance and log into it using Remote Desktop by following the instructions in Getting Started with Amazon EC2 Windows Instances. It is highly recommended that you change your password after you first log in. Launch the Server Manager Dashboard and install the Web Server role. Make sure you install the IIS 6 Management Compatibility tools.

Web Server role for Windows

Next, install the SMTP Server feature.

SMTP Server feature for Windows

We have installed the necessary Windows components. It is time to configure the SMTP service.

Configure IIS SMTP Service

Go back to the Server Manager Dashboard. From the Tools menu, launch the Internet Information Services (IIS) 6.0 Manager.

IIS 6 manager

Right-click SMTP Virtual Server #1 and select Properties.

SMTP Server properties

On the Access tab, click Relay… under Relay Restrictions.

Setup Relaying

For the purpose of this post, we will assume that email is generated on this server. If the application that generates the email runs on a separate server, you need to grant relaying access for that server in IIS SMTP.

Click Add… and then enter 127.0.0.1 for the address.

Grant localhost relaying permissions

We have now granted access for this server to relay email to Amazon SES through the IIS SMTP service.

Relaying permitted for localhost

Now switch to the Delivery tab. Your server must send email to Amazon SES using an authenticated encrypted connection. Click Outbound Security.

Delivery properties

Pick Basic Authentication. Enter your SES SMTP username and SES SMTP password on this screen. You can obtain these credentials from the Amazon SES SMTP console. For more information, see the Developer Guide. Note that your SMTP credentials are different from your AWS credentials. Also, ensure that TLS encryption is checked.

Outbound security configuration

On the Outbound Connections dialog, ensure that the port is 25 or 587. Click Advanced… and enter email-smtp.us-east-1.amazonaws.com for the Smart host name.

Outbound host

You are finished with the configuration. Right-click SMTP Virtual Server #1 again, and then restart the service to pick up the new configuration. Send an email through this SMTP server. You can examine the message headers to confirm that it was delivered through Amazon SES.

Final Thoughts

You have now configured the IIS SMTP service on Windows Server 2012 to send email using Amazon SES. If you have comments or feedback about this post or about Amazon SES, please post them in the Amazon SES forum. Happy sending with Amazon SES!