Sending email using OCI Email Delivery service

Today, we will configure the email delivery service to send emails using Always Free resources.

First, you need access to an OCI environment. When you have an environment, ensure your user has been assigned to a group with permission to manage the email-family resources.

It would be best if you had a DNS domain to publish your domain keys identified mail (DKIM) and sender policy framework (SPF) records.

1. Generate SMTP credentials

SMTP credentials are necessary to send email through Email Delivery.  Remember that each user is limited to a maximum of two SMTP credentials.

Log into the Oracle Cloud Console and navigate to Identity >> Domains >> OracleIdentityCloudService domain >> Users.

Click on SMTP Credentials and click on Generate credentials.

Fill out the description and Click on “Generate Credentials.”

Copy the username and password. You can’t retrieve the password after closing the dialog box for security reasons.

2. Create your email domain.

An email domain lets you set up essential authentication measures for sending emails. Under Developer Services, select Application Integration and Email Delivery.

Click Email Domains and create a domain. If setting up DKIM and SPF, choose a DNS domain that you own or control and plan to use for the sending email address.

Click on “Create Email Domain.”

3. Set up DKIM

DKIM is an email authentication technique that allows the receiver to verify the owner of an email domain. It gives the email a digital signature and a header field containing all the signature and key-fetching data. So, implementing DKIM improves email deliverability and can protect your domain against malicious emails sent on behalf of your domain.

Click on “Add DKIM”

Fill out the DKIM Selector after clicking on Generate DKIM Record and click on “Create DKIM.”

We now need to configure our DNS domain. Go to your zone and create the CNAME record with the value it gives you.

If done correctly, your DKIM signing status changes to Active. Depending on the update type, updates to your DNS records can take up to 24 hours to propagate globally.

After DNS propagation, active DKIM will appear.

Tip: Rotate your DKIM keys at least every six months. This reduces the risk of active keys being compromised, either by attackers cracking or stealing them.

4. Create an approved sender

You need an approved sender for all “From” addresses sending mail through OCI. Otherwise, mail is rejected. Every sender’s email address must be registered to use it for Email Delivery.

Important note the following details about approved senders:

• An approved sender is associated with a compartment and only exists in the region where it was configured. If you create an approved sender in the US West (Phoenix) region, you can’t send email through the US East (Ashburn) region with that sender.
• Using multiple addresses in the email “From:” header is discouraged because it increases the possibility that your mail is placed in a spam folder or discarded.
• Approved senders are unique to tenancies. The service returns a 409 Conflict error if you create a duplicate sender.

Under DKIM, you can see Approved Senders. Create one.

Click on “Create Approved Sender”

Fill out the email address that you will use as the Approved sender. After that, click on “Create Approved Sender.”

5. Configure SPF on your approved sender domain

The SPF allows you to state which email servers are permitted to send email on behalf of your domain. Email receivers use SPF to detect email spoofing.  Without SPF, a spam or phishing email can be spoofed to appear to be from a legitimate domain.

Navigate to your approved sender. Under the three-dot menu, select View SPF.

Choose your sending location and create a DNS TXT record with the corresponding value. I’m using All commercial regions.

It can take some time, but your domain now shows DKIM Signing and SPF working.

6. Configure the SMTP connection

Navigate to Configuration to access SMTP sending information to configure the connection in your system.

The following information is displayed:

• Public endpoint: The public endpoint used to send email to this region
• SMTP ports: The SMTP ports used to accept email. Email Delivery supports TLS on port 25 or 587 (recommended).
• Security: Indicates if TLS is being used. Customers must encrypt email while in transit to Email Delivery.

7. Send mail

Now that our email domain is set up and secured, we can begin sending mail! You can use your own SMTP library or product, such as Postfix. I’m using Postfix to integrate with Email Delivery.

Install Postfix

 Run the command: yum install postfix -y

[root@vm-blog ~]# yum install postfix -y
Last metadata expiration check: 2:30:40 ago on Tue 09 Jan 2024 08:31:43 PM GMT.
Package postfix-2:3.5.8-7.el8.aarch64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@vm-blog ~]#

Start Postfix and make it running upon reboot.

Run the command:  service postfix start

[root@vm-blog ~]# service postfix start
Redirecting to /bin/systemctl start postfix.service
[root@vm-blog ~]#


chkconfig postfix on

[root@vm-blog ~]# chkconfig postfix on
Note: Forwarding request to 'systemctl enable postfix.service'.
[root@vm-blog ~]#

Edit the main.cf and add the endpoint in the end of the file

[root@vm-blog ~]# vi /etc/postfix/main.cf

### SMTP - RELAY
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
relayhost = smtp.email.us-ashburn-1.oci.oraclecloud.com:587

Create the sasl_passwd file in the same directory of main.cf.

vi /etc/postfix/sasl_passwd

The file contains this format:

smtp.email.us-ashburn-1.oci.oraclecloud.com:587 user:password*

*The user and password will be the SMTP credentials been generated in the first step.

Change the owner and permission of the sasl_passwd

[root@vm-blog ~]# chown root:root /etc/postfix/sasl_passwd
[root@vm-blog ~]# chmod 600 /etc/postfix/sasl_passwd

Generate the password hash and reload the postfix

[root@vm-blog ~]# postmap hash:/etc/postfix/sasl_passwd
[root@vm-blog ~]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
[root@vm-blog ~]#

Send the test email.  This require installing mailx package to validate.

Run the command:  yum install mailx -y

[root@vm-blog ~]# yum install mailx -y
Last metadata expiration check: 2:49:02 ago on Tue 09 Jan 2024 08:31:43 PM GMT.
Dependencies resolved.
======================================================================================================================================================================================================
 Package                                   Architecture                                Version                                            Repository                                             Size
======================================================================================================================================================================================================
Installing:
 mailx                                     aarch64                                     12.5-29.el8                                        ol8_baseos_latest                                     246 k

Transaction Summary
======================================================================================================================================================================================================
Install  1 Package

Total download size: 246 k
Installed size: 493 k
Downloading Packages:
mailx-12.5-29.el8.aarch64.rpm                                                                                                                                         6.0 MB/s | 246 kB     00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 5.6 MB/s | 246 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                              1/1
  Installing       : mailx-12.5-29.el8.aarch64                                                                                                                                                    1/1
  Running scriptlet: mailx-12.5-29.el8.aarch64                                                                                                                                                    1/1
  Verifying        : mailx-12.5-29.el8.aarch64                                                                                                                                                    1/1

Installed:
  mailx-12.5-29.el8.aarch64

Complete!
[root@vm-blog ~]#

Now, send the email to validate.

Run this command:

echo "This a test message from DBADUTRA BLOG" | mail -s "Validation DKIM, SPF, Email Delivery - OCI" -r <approved sender email address> <recipient email address>

Validate that you received the email

Check on Dashboard

Remember the first 3.100 emails sent are free. After this, you pay $0.085 per 1000 emails Sent.

I hope this article can help you; it is a reliable, robust, low-cost solution for high-volume email sending. Remember that all the resources used for this article are always free.

See you in the next article.

Disclaimer: “The postings on this site are my own and do not necessarily represent my current employer positions, strategies, or opinions. The information here was edited to be useful for general purpose, specific data, and identifications was removed to allow reaching a generic audience and to be useful.