File tree Expand file tree Collapse file tree 4 files changed +61
-1
lines changed
Expand file tree Collapse file tree 4 files changed +61
-1
lines changed Original file line number Diff line number Diff line change @@ -31,11 +31,32 @@ resource "aws_route53_record" "coders_dkim" {
3131 records = " ${ module . ses_email_forwarder . ses_dkim_tokens [count . index ]} .dkim.amazonses.com"
3232}
3333
34+ # Custom MAIL FROM domain - MX record
35+ resource "aws_route53_record" "coders_bounce_mx" {
36+ zone_id = . aws_route53_zone . operationcode . zone_id
37+ name = " bounce.coders.operationcode.org"
38+ type = " MX"
39+ ttl = 300
40+ records = " 10 feedback-smtp.us-east-1.amazonses.com"
41+ }
42+
43+ # Custom MAIL FROM domain - SPF record
44+ resource "aws_route53_record" "coders_bounce_spf" {
45+ zone_id = . aws_route53_zone . operationcode . zone_id
46+ name = " bounce.coders.operationcode.org"
47+ type = " TXT"
48+ ttl = 300
49+ records = " v=spf1 include:amazonses.com ~all"
50+ }
51+
3452# DMARC record for email policy
53+ # p=quarantine: Failed authentication emails are sent to spam
54+ # adkim=r, aspf=r: Relaxed alignment (allows subdomain alignment like bounce.coders.operationcode.org)
55+ # pct=100: Apply policy to 100% of failing messages
3556resource "aws_route53_record" "coders_dmarc" {
3657 zone_id = . aws_route53_zone . operationcode . zone_id
3758 name = " _dmarc.coders.operationcode.org"
3859 type = " TXT"
3960 ttl = 300
40- records = " v=DMARC1; p=none; rua=mailto:admin@operationcode.org "
61+ records = " v=DMARC1; p=quarantine; adkim=r; aspf=r; pct=100 "
4162}
Original file line number Diff line number Diff line change @@ -30,3 +30,16 @@ output "ses_dkim_tokens" {
3030 description = " DKIM tokens for DNS configuration"
3131 value = . ses_email_forwarder . ses_dkim_tokens
3232}
33+
34+ output "ses_mail_from_domain" {
35+ description = " Custom MAIL FROM domain for DMARC alignment"
36+ value = . ses_email_forwarder . mail_from_domain
37+ }
38+
39+ output "ses_mail_from_dns_records" {
40+ description = " DNS records required for custom MAIL FROM domain"
41+ value =
42+ mx_record = " MX: ${ module . ses_email_forwarder . mail_from_domain } -> ${ module . ses_email_forwarder . mail_from_mx_record } "
43+ spf_record = " TXT: ${ module . ses_email_forwarder . mail_from_domain } -> ${ module . ses_email_forwarder . mail_from_spf_record } "
44+ }
45+ }
Original file line number Diff line number Diff line change @@ -204,6 +204,17 @@ resource "aws_ses_domain_dkim" "coders" {
204204 domain = . coders . domain
205205}
206206
207+ # Custom MAIL FROM domain for DMARC alignment
208+ # This configures SES to use bounce.coders.operationcode.org as the envelope sender
209+ resource "aws_ses_domain_mail_from" "coders" {
210+ domain = . coders . domain
211+ mail_from_domain = " bounce.${ aws_ses_domain_identity . coders . domain } "
212+
213+ # BehaviorOnMXFailure: UseDefaultValue = use amazonses.com if DNS fails
214+ # RejectMessage = reject emails if DNS fails (more strict)
215+ behavior_on_mx_failure = " UseDefaultValue"
216+ }
217+
207218# SES Receipt Rule Set
208219resource "aws_ses_receipt_rule_set" "main" {
209220 rule_set_name = " coders-email-forwarding"
Original file line number Diff line number Diff line change @@ -48,3 +48,18 @@ output "ses_configuration_set_name" {
4848 description = " Name of the SES configuration set"
4949 value = . main . name
5050}
51+
52+ output "mail_from_domain" {
53+ description = " Custom MAIL FROM domain for DMARC alignment"
54+ value = . coders . mail_from_domain
55+ }
56+
57+ output "mail_from_mx_record" {
58+ description = " MX record value for the custom MAIL FROM domain (add this to DNS)"
59+ value = " 10 feedback-smtp.us-east-1.amazonses.com"
60+ }
61+
62+ output "mail_from_spf_record" {
63+ description = " SPF TXT record value for the custom MAIL FROM domain (add this to DNS)"
64+ value = " v=spf1 include:amazonses.com ~all"
65+ }
You can’t perform that action at this time.
0 commit comments