Sending an email
In Yandex Cloud Postbox, you can send an email using the AWS CLI, AWS SDK, or from a mail client over SMTP.
Note
To ensure the security of data transfer, Yandex Cloud Postbox supports TLS protocol versions 1.2 and 1.3.
Getting started
- Create a service account in the folder as the address. If you create the service account and address in different folders, you will get an error when attempting to send an email.
- Assign the
postbox.senderrole to the service account. - Create a key for the service account:
-
To send an email over SMTP with API key authentication, create an API key. When creating an API key, set the scope for
yc.postbox.send. Save the secret key you got in a secure location. You will not be able to view the secret key parameters again after you close the window. -
To send an email using the AWS CLI or via SMTP with password authentication, create a static access key. Save the ID and secret key to a secure location. You will not be able to view the secret key parameters again after you close the window.
-
To send an email over SMTP with IAM token authentication, create an IAM token.
This authorization method is suitable for sending emails from functions in Cloud Functions and containers in Serverless Containers, as well as for Compute Cloud VMs linked to a service account. Select this method if you do not want to create and store static access keys.
Warning
Note that an IAM token is valid for up to 12 hours. If you need to provide authorization data in the mail client configuration file, use authentication by API key or password.
-
Send an email
AWS CLI
-
Install the AWS CLI.
-
Set up the AWS CLI:
- Launch the interactive profile setup:
aws configure - Specify the previously obtained key ID of the
postbox-userservice account:AWS Access Key ID [****************ver_]: <service_account_key_ID> - Specify the previously obtained secret key of the
postbox-userservice account:AWS Secret Access Key [****************w5lb]: <service_account_secret_key> - Specify the ru-central1 default region name:
Default region name [ru-central1]: ru-central1 - Specify
JSONas the default format for output data:Default output format [None]: json
- Launch the interactive profile setup:
-
Prepare two JSON files:
-
destination.json: File with a list of destination addresses:{ "ToAddresses": ["test@example.com"] } -
message.json: File with the subject and content of the email:{ "Simple": { "Subject": { "Data": "Test message", "Charset": "UTF-8" }, "Body": { "Text": { "Data": "Test message. Hello!", "Charset": "UTF-8" } } } }
-
-
Send an email using the AWS CLI:
aws sesv2 send-email \ --from-email-address mail@example.com \ --destination file://destination.json \ --content file://message.json \ --endpoint-url https://postbox.cloud.yandex.net -
Check the mailbox specified in
destination.jsonfor the email.
SMTP
You can send emails via SMTP with authentication by:
- Service account API key.
- Password generated from the static access key of your service account.
- IAM token of your service account.
-
In the SMTP server settings of your email client, specify the following parameters:
Email client supports STARTTLS
Email client supports SMTPS instead of STARTTLS
Server name
postbox.cloud.yandex.netPort
587465Username
ID of the created API key
Password
Secret part of the created API key
-
Send an email using your email client and make sure the specified recipients receive it.
-
Get a password using the previously created static access key of the service account. To do this, run the
generate.pyscript. Use Python 3 or higher.python generate.py <service_account_secret_key>generate.py
#!/usr/bin/env python3 import hmac import hashlib import base64 import argparse import sys # These values are required to calculate the signature. Do not change them. DATE = "20230926" SERVICE = "postbox" MESSAGE = "SendRawEmail" REGION = "ru-central1" TERMINAL = "aws4_request" VERSION = 0x04 def sign(key, msg): return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest() def calculate_key(secret_access_key): signature = sign(("AWS4" + secret_access_key).encode("utf-8"), DATE) signature = sign(signature, REGION) signature = sign(signature, SERVICE) signature = sign(signature, TERMINAL) signature = sign(signature, MESSAGE) signature_and_version = bytes([VERSION]) + signature smtp_password = base64.b64encode(signature_and_version) return smtp_password.decode("utf-8") def main(): if sys.version_info[0] < 3: raise Exception("Must be using Python 3") parser = argparse.ArgumentParser( description="Convert a Secret Access Key to an SMTP password." ) parser.add_argument("secret", help="The Secret Access Key to convert.") args = parser.parse_args() print(calculate_key(args.secret)) if __name__ == "__main__": main() -
In the SMTP server settings of your email client, specify the following parameters:
Email client supports STARTTLS
Email client supports SMTPS instead of STARTTLS
Server name
postbox.cloud.yandex.netPort
587465Username
ID of the previously created static access key
Password
Password obtained in the previous step
-
Send an email using your email client and make sure the specified recipients receive it.
-
In your SMTP mail client settings, specify the following parameters:
Email client supports STARTTLS
Email client supports SMTPS instead of STARTTLS
Server name
postbox.cloud.yandex.netPort
587465Username
IAM_TOKENPassword
Service account IAM token
-
Send an email using your email client and make sure the specified recipients receive it.
AWS SDK
You can send an email using the AWS SDK for .NET Core, Go, JavaScript, and Python. For more details, see these tutorials: