A previous entry from 2011 on the subject on using SES and Exim still comes up in web searches. As with the 2011 config, this assumes a standard Debian/Ubuntu exim4 deployment using a split-file config.
SES now allows authenticated relay via port 25, but also submission (port 587). Logically it makes more sense to think of SES as a Submission host since it uses ESMTPSA and makes modifications to the mail in transit, so I explicitly create a submission transport at /etc/exim4/conf.d/transport/40_local_submission
remote_submission: debug_print = "T: remote_submission for $local_part@$domain" driver = smtp port = 587 hosts_require_auth = * hosts_require_tls = *Then I add in a router which activates based on the sender at /etc/exim4/conf.d/router/180_local_aws-ses
aws_ses: debug_print = "R: send_via_ses for mail from $sender_address" driver = manualroute host_find_failed = freeze domains = ! +local_domains senders = AWS_SES_SENDER transport = remote_submission route_list = * AWS_SES_SERVERThe site specific configuration /etc/exim4/conf.d/main/00_local_aws-ses
## sender email addresses to be routed via SES, one-per-line AWS_SES_SENDER = lsearch*@;/etc/exim4/ses_senders ## nearest SES ingress point AWS_SES_SERVER = email-smtp.eu-west-1.amazonaws.comAnd assuming the standard auth handling is in place, add a line to /etc/exim4/passwd.client
*.amazonaws.com:Yourusername:YourpasswordNote, these are SMTP specific credentials and not the AWS credentials previously used. Run update-exim4.conf and then restart exim.