I’ve been using AWS EC2 instances, and thinking of moving the email function over there for some clients.
This is what I’ve come up with as options, and wanted to see if there are any AWS email experts out there to share confirm if this is the standard approach for enterprise level e-mail.
**
Receiving email**
EC2 instance will be Amazon Linux 2 installed with Postfix and Dovecot. Will use this for receiving e-mail through port 25 open in the inbound Security Group. Email users will then use either pop or imap their mailboxes on the EC2 instance. Hmm…does Firewall-cmd/iptables need to also be used to open port 25 too?
**
Sending email**
For sending e-mail, instead of having to deal with it being marked possibly as spam, and to avoid any concern with sending limits, the outbound email AWS SES service would be used. AWS SES can receive e-mail, but currently it dumps it in an S3 bucket and there is no SMTP pop/imap interface for that. I know through AWS Lambda it can be forwarded to another e-mail address, but that’s kind of messy. All the send and received e-mail needs to be employee@ourcompany.com on it.
I looked into the AWS Workmail thing, but the cost of $4.00 a month per mailbox sounds expensive if you have a 1,000 users.
Users would be using e-mail clients on their desktop/laptops and mobile.
Is using EC2 postfix/dovecot for receiving email and AWS SES for sending email a standard way this is done? Or am I missing other better options?
Honestly I can’t think of a good reason to try to host a full suite of end back office services at scale in AWS. You might be able to make it work, but you’re going to have to hand roll all of the integration and compliance processes for what’s fundamentally a crappy end user experience (even if you hit all of the functional expectations for an email system.)
365 and GSuite are popular because they’re good. For a thousand users, you should be able to negotiate some pretty hefty discounts.
I manage roughly $20m/year in AWS spend across 150 or so accounts, and the only thing we use SES for is internally-oriented alerting (OEM and ELK do need an SMTP relay…) We use Workmail for certificate expirations and that’s it.
No idea currently - I’m on the client facing infrastructure side and our Office365 spend is managed by an entirely different group. We have 8,000 employees and are basically 100% Office365 on our back office.
In my prior company (~50 employees) I managed a transition from Rackspace email to Office365. IIRC, it was $10/user/month. So $120/user/year.
Seems expensive, but Office365 included subscription pricing for all of the other Office stuff. Word, Excel, Powerpoint, Lync/Skype, discounted Visio, cloud-hosted Sharepoint, easy federation with our local AD, etc. When somebody quit or got fired, they got locked out with one click, and we stopped paying for their services at the end of the month.
If you looked at it from a pure messaging perspective, we were paying a lot on a per-mailbox basis. The ROI was in the subscription pricing for all the other services and the ease of integration with HR and compliance processes.
Honestly I can’t imagine forcing 1,000 people into POP in 2019. Do they have meetings? Does anybody ever need to book a conference room? Do they need to view emails more than once or twice per day?
I totally understand that there are certain workplaces where POP could be a legitimate MUA model. I’d just lose my shit pretty quickly if I worked there.