AlibabaCoud: Setting up external email provider

In this article, we will go through the process of setting up an external SMTP provider. This will enable ECS instances to connect to thrid-party SMTP services and send SMTP mail messages. In this example, we will integrate into smtp2go but the principles can be applied to any third-party provider.

SMTP User set up

You will need an account and authentication credentials to connect to your third-party SMTP mail provider. Register and create a new user and set up credentials for the mail service. This will differ depending on the provider that you choose to use. In this example, we created ‘noreply@planningtasks.com’.
The service provider will have specific instructions on the SMTP server address and SMTP ports that are available.

In this example, we set up an SMTP mail user from which we plan to send SMTP messages. The SMTP service provider provides the account and credentials from which to send mail.

After you have a valid SMTP service account, you will need to ‘proof’ ownership of the domain from which you intend to send mail. This step is needed to ensure that SMTP mail servers do not reject the SMTP mail that you send out. To do this you will need to configure the DNS for the domain from which you send mail.

Cloud DNS configuration

To complete this step, you will need you own the domain and have permission to configure the DNS. Below shows the following Alibaba Cloud DNS records:

Alibaba Cloud DNS showing CNAME records for MX, TXT and CNAME records that are used by the SMTP provider to verify the domain. Note that in order to configure the domain, you must be the owner of the domain and have permission to configure the DNS server.

TXT record

Depending on the service provider, you may need to add additional CNAME records to the domain DNS to facilitate verification by the thrid-party SMTP service provider. The service provider might also use CNAME records as a way to verify the domain key.

This record is needed to set the Sender Policy Framework record. (SPF). SPF is a special type of record that helps verify the mail domain and prevent email address forgery. mail messages for which the mail domains without cannot be verified through the SPF record will likely be rejected by the receiving mail server.

source – SPF, what is it used for?
source – SPF explained in more detail

MX record

MX records are a special type of DNS record used for verifying mail. This record should point to the domain from which you send mail. By default when you own a domain you will also own the subdomain ‘mail.yourdomain.com’.

Source – Alibaba Cloud MX record

CNAME records

You check that your domain has the MX record setup by using the following command:

 nslookup -query=mx domain.com

Most SMTP providers offer a way to verify the domain that you intend to send mail from. This step of the process may be different depending on the SMTP provider. In our example, smtp2go provides a way to verify your ownership of the domain using DNS records.

Verify that you own the domain you are sending SMTP mail from. This step is important since most SMTP providers will not work unless you have verified that you are the owner of the domain.

SMTP mail client

Below shows an example of using a third-party email API service known as MailKit to send out SMTP mail. The snippet is shown is written in C# and is compatible with .Net Core. Follow the instructions from the third-party SMTP mail provider to integrate with the service.

By default, Elastic Compute Service (ECS) instances allow all outbound traffic so there is no need to configure the Security Group for connectivity to external SMTP providers.

Note that like most cloud service providers, Alibaba Cloud blocks port 25 by default. To use port 25 you may need to request access.

using (var client = new SmtpClient())
{
	// For demo-purposes, accept all SSL certificates (in case the server supports STARTTLS)
	// https://github.com/jstedfast/MailKit/blob/master/FAQ.md#InvalidSslCertificate
	client.ServerCertificateValidationCallback = (s, c, h, e) => true;
	client.Connect('mail.smtp2go.com', '2525', false);
	client.Authenticate('smtp2go_account', 'smtp2go_pw');
	client.Send(message);
	client.Disconnect(true);
}