Getting started with Yandex Cloud Postbox
Use this guide to create your address and send a verification email.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Create a service account and keys
- Create a service account named
postbox-userwith thepostbox.senderrole. - Create static access keys. Save the ID and secret key to a secure location. You will not be able to view the secret key parameters again after you close the window.
- Generate a key to create a DKIM signature:
openssl genrsa -out privatekey.pem 2048
Create an address
-
In the management console, select the folder where you created the service account.
-
Select Cloud Postbox.
-
Click Create address.
-
Specify the Domain from which you will be sending emails. The domain can be of any level.
-
Specify Selector:
postbox.Note
You can specify a selector other than
postbox. You should only use the specified selector in a single resource record: the one you create at Pass domain ownership verification. -
Copy the contents of the
privatekey.pemfile you created earlier and paste it into the Private key field. -
Optionally, configure logging.
-
Click Create address.
Pass domain ownership verification
To send emails, confirm domain ownership. After creating an address, DKIM signature settings will be generated on its page. Specify them as the values of the resource record you need to add to your domain zone. You can add a record with your registrar or in Yandex Cloud DNS if you have delegated your domain.
Example of creating a resource record in Cloud DNS
-
In the management console, select the folder containing the address and your domain zone.
-
Select Cloud DNS.
-
Select your domain zone.
-
Click Create record.
-
In the Name field, specify the name generated when creating the address, omitting the domain. For example,
postbox._domainkey..Note
For other DNS services, you may need to copy the entire record. The final record must look like this:
postbox._domainkey.example.com.. -
In the Type list, select
TXT. -
Copy the contents of the Value field from the Signature verification section and paste it into the Data field. Note that the record value must be enclosed in quotes, for example:
"v=DKIM1;h=sha256;k=rsa;p=M1B...aCA8" -
Click Create.
-
Go to Cloud Postbox.
-
Select the address you created.
-
Click Verify address. If the record is correct, the verification status on the address page will change to
Success.
DNS server responses are cached, so delays may occur when updating a resource record.
Send a verification email
You can send a verification email using:
- AWS CLI
- SMTP protocol
AWS CLI
-
Install the AWS CLI.
-
Set up the AWS CLI:
- Launch the interactive profile setup:
aws configure - Specify the previously obtained key ID of the
postbox-userservice account:AWS Access Key ID [****************ver_]: <service_account_key_ID> - Specify the previously obtained secret key of the
postbox-userservice account:AWS Secret Access Key [****************w5lb]: <service_account_secret_key> - Specify the ru-central1 default region name:
Default region name [ru-central1]: ru-central1 - Specify
JSONas the default format for output data:Default output format [None]: json
- Launch the interactive profile setup:
-
Prepare two JSON files:
-
destination.json: File with a list of destination addresses:{ "ToAddresses": ["test@example.com"] } -
message.json: File with the subject and content of the email:{ "Simple": { "Subject": { "Data": "Test message", "Charset": "UTF-8" }, "Body": { "Text": { "Data": "Test message. Hello!", "Charset": "UTF-8" } } } }
-
-
Send an email using the AWS CLI:
aws sesv2 send-email --from-email-address mail@example.com --destination file://destination.json --content file://message.json --endpoint-url https://postbox.cloud.yandex.net -
Check the mailbox specified in
destination.jsonfor the test email.
SMTP
-
Get a password by using the secret key of the
postbox-userservice account. To do this, run thegenerate.pyscript. Use Python 3 or higher.python generate.py <service_account_secret_key>generate.py
#!/usr/bin/env python3 import hmac import hashlib import base64 import argparse import sys # These values are required to calculate the signature. Do not change them. DATE = "20230926" SERVICE = "postbox" MESSAGE = "SendRawEmail" REGION = "ru-central1" TERMINAL = "aws4_request" VERSION = 0x04 def sign(key, msg): return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest() def calculate_key(secret_access_key): signature = sign(("AWS4" + secret_access_key).encode("utf-8"), DATE) signature = sign(signature, REGION) signature = sign(signature, SERVICE) signature = sign(signature, TERMINAL) signature = sign(signature, MESSAGE) signature_and_version = bytes([VERSION]) + signature smtp_password = base64.b64encode(signature_and_version) return smtp_password.decode("utf-8") def main(): if sys.version_info[0] < 3: raise Exception("Must be using Python 3") parser = argparse.ArgumentParser( description="Convert a Secret Access Key to an SMTP password." ) parser.add_argument("secret", help="The Secret Access Key to convert.") args = parser.parse_args() print(calculate_key(args.secret)) if __name__ == "__main__": main() -
Specify the following parameters in your email client:
- Server name:
postbox.cloud.yandex.net. - Port:
587. - Username: Static key ID of the
postbox-userservice account. - Password you obtained in the previous step.
Note
Your email client must support the STARTTLS extension to encrypt emails you send.
- Server name:
-
Send an email using your email client and make sure the specified recipients receive it.