Configuring Jiglu to use Amazon Simple Email Service

If you're hosting Jiglu on Amazon Web Services then you may want to use Amazon Simple Email Service for incoming email. This has the advantage of spam filtering and virus scanning of email for a small additional charge.

From Jiglu 11.6 there is built-in support for Amazon SES for receiving messages. Note that because Jiglu collaboration spaces send out email on behalf of users using their email address it is not possible to use Amazon SES for outgoing messages as AWS will block messages being sent for other domains.

To get started you will first need to create an account used to access the email:

  1. Log in to AWS.
  2. From the dropdown menu with your name choose the My security credentials option and then Users from the menu on the left.
  3. Select the Add user button, enter a suitable name, check the Programmatic access checkbox and then the Next button.
  4. Unless you wish to make the user part of a group or assign them a tag, select the Next button through the next two screens and then the Create user button.
  5. You now need to copy the values for the access key and secret key to somewhere safe. The access key is a set of upper-case letters and numbers while the secret key a mix of base 64-encoded characters.

You will now set up the Simple Email Service. More detailed instructions on this can be found here.

  1. In the DNS for the domain where Jiglu will be hosted, add the MX record for SES for the region you will be using.
  2. From the Services menu under the Customer engagement section select Amazon Simple Email Service.
  3. Select the Configure email receiving option and then Rule sets.
  4. Select the Create a rule button.
  5. Enter the name of the domain as the recipient. All messages sent to this domain will need to be forwarded to Jiglu for processing. If the domain has not already been validated you will need to add an entry to the DNS for the domain to confirm your ownership and wait for an email confirming its approval.
  6. For the add action choose 'S3'.
  7. For 'S3 bucket' choose 'Create S3 bucket'. You will now create the bucket to which messages are delivered. A unique name for the bucket will be needed.
  8. Choose Next step. On the Rule details ensure that the rule is enabled along with the Enable spam and virus scanning option.

In order to allow the user that you created earlier to have access to the S3 bucket it is necessary to change the permissions.

  1. From the Services menu under the Storage section select S3.
  2. Select the bucket that you created earlier, then the Permissions tab and the Bucket policy button.
  3. In the editor use the policy below, replacing 999999999999 with your account ID, youruser with the name of the user you created earlier and bucketname with the name of the S3 bucket that you created. You should then select the Save button.
{
    "Version": "2012-10-17",
    "Id": "JiguSESPolicy",
    "Statement": [
        {
            "Sid": "JigluSESPolicy1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::999999999999:user/youruser"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::bucketname"
        },
        {
            "Sid": "JigluSESPolicy2",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::999999999999:user/youruser"
            },
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::bucketname/*"
        },
        {
            "Sid": "JigluSESPolicy3",
            "Effect": "Allow",
            "Principal": {
                "Service": "ses.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucketname/*",
            "Condition": {
                "StringEquals": {
                    "aws:Referer": "999999999999"
                }
            }
        }
    ]
}

Finally, you need to configure the access and bucket details in the Jiglu bootstrap.properties file usually found in /etc/jiglu.

  1. Comment out the com.jiglu.mail.incoming.spool.directory property by putting a '#' at the start.
  2. Uncomment the com.jiglu.spoolPickUpJob.awsBucketName property and set it to the name of your bucket.
  3. Ensure the com.jiglu.spoolPickUpJob.awsRegion property is set to the correct region.
  4. Set the com.jiglu.spoolPickUpJob.awsAccessKey property to the access key you noted down in step 5.
  5. Set the com.jiglu.spoolPickUpJob.awsSecretKey property to the secret key you noted down in step 5.

You should now have these properties set like below.

# The spool directory when using local delivery.
#com.jiglu.mail.incoming.spool.directory=incoming

# The extension of files to pick up when using local delivery.
com.jiglu.mail.incoming.spool.fileExtension=.msg

# The S3 bucket when using Amazon Simple Email Service.
com.jiglu.spoolPickUpJob.awsBucketName=bucketname

# The AWS region when using Amazon Simple Email Service.
com.jiglu.spoolPickUpJob.awsRegion=eu-west-1

# The AWS access key when using Amazon Simple Email Service.
com.jiglu.spoolPickUpJob.awsAccessKey=(access-key)

# The AWS secret key when using Amazon Simple Email Service.
com.jiglu.spoolPickUpJob.awsSecretKey=(secret-key)

You are now ready to restart the Jiglu server. If everything is correct then the system log (usually found in /var/log/jiglu/system.log for the current day) should contain an entry confirming that it was able to successfully connect as the user that you specified and read the bucket for messages.

Written by Stephen Hebditch. Published on .
Getting Started Receiving Email with Amazon SES - Amazon Simple Email Service
Amazon Simple Email Service, Amazon Web Services, Configuration, email, Configuring Jiglu
3.0.0
How to use Amazon SES for incoming messages.