WebHare can send outgoing mail through Amazon AWS SES, and process bounces/complaints through SNS. This guide will use the Amazon 'aws' command line utility, but you can also do the process through the web interface.

SES allows you to set up 'tenants' which allows you to separate reputation issues. This is now the recommend approach. See https://docs.aws.amazon.com/ses/latest/dg/tenants.html for more information.

This guide will direct you to:

• set up a SMTP account
• set up bounce and delivery notifications for the tenant
• create one tenant per downstream customer
• set up a configuration set per WebHare server that will be mailing for this customer
• set up mail identities and assign these to a tenant
• set up WebHare to properly assign outgoing mail to a tenant/configuration set based on their source address

Keep in mind that there may be costs associated with the use of email, tenants, notifications and other features. Always consult the AWS documentation about such costs.

Consider setting up billing tags and using these on the resources created below to help track these costs

Setting up a SMTP acount

• Go to the AWS Console, select Amazon SES for the desired region/account

Configure a SMTP account with AWs in the AWS console. It will provide you with the email/smtp server name, username and password.

In WebHare, set mail settings: SMTP server (eg email-smtp.eu-central-1.amazonaws.com), port (587), username and password.

Setting up notifications

• Go to the AWS Console, select Amazon SNS for the desired region/account
• Create a topic. You will need one per WebHare server, even with multiple customers
• In the topic, create a subscription of type HTTPS using the SNS endpoint URL shown in WebHare's email routing screen

You can automate this process using:

wh get snsendpoint  #to get the URL mentioned above (SNS ENDPOINT below)
aws sns create-topic --name <TOPIC> # which returns the TOPIC-ARN
aws sns subscribe --topic-arn <TOPIC-ARN> --protocol https --notification-endpoint <SNS ENDPOINT>

Create a tenant

• Go to the AWS Console, select Amazon SES for the desired region/account
• Click on Configuration > Tenants in the menu
• Create one
  • Be sure to note the name

Create a configuration set

• Go to the AWS Console, select Amazon SES for the desired region/account
• Click on Configuration > Configuration sets in the menu
• Create one
  • Assign it to the tenant
  • Be sure to note the name used
  • Add an event destination
  • Select the desired event types ('select all' is fine)
  • Select 'Amazon SNS' as the destination
  • Select the 'SNS topic' you created above

Create an identity

• Go to the AWS Console, select Amazon SES for the desired region/account
• Click on Configuration > Identities in the menu
• Create one
  • Assign it to the tenant
  • Consider disabling email feedback forwarding, the notifications should suffice

You can automate creating the identities using

aws ses verify-email-identity --email-address <EMAIL>  # for an email, or 
aws ses verify-domain-identity --domain <DOMAIN>       # for a domain

aws ses get-identity-dkim-attributes --identities <DOMAIN> # for the DKIM settings

Set up WebHare

• Add a sender in WebHare's email routing screen
• Add the following headers (headers per SMTP server/sender is available since WebHare 5.8)
  • To link to the tenant
    • Field: X-SES-TENANT
    • Value: the name of the tenant specified above
  • And the configuration set
    • Field: X-SES-CONFIGURATION-SET
    • Value: the name of the configuration set specified above

Testing

Amazon provides simulator email addresses you can use to test your configuration. For example, emailing bounce@simulator.amazonses.com should allow you to see the Bounce status in the managed queue mail details.