Amazon SES questions

[beerForo]

A few SES questions

• Can we still use the bounce handler in XF?
• When it is set up if we have been using an email client like Thunderbird to send and receive non-transactional emails can we still use that to send, or does that count toward SES billing? In other words does all mail now go through SES or can we still setup email like before for other mail at the same address?
• If we have been using the same email address for years should we create a new one? It's a chance to separate the transactional emails from the contact emails and start fresh, but also, perhaps people have whitelisted the old email, or it has reputation?
• Are the 62K emails on the free tier per email address, domain, or for the entire SES account? Wondering about second websites, etc. (Pretty sure I know this one.)

Thanks

 

[beerForo]

Any insights from those that use it?

 

[beerForo]

 

[TPerry]

OK.. here's my input.

I recently enabled Amazon SES for SENDING from my site using a specific email address and the SMTP server being a subdomain of my main domain. All my email successfully is delivered to every recipient that it has been sent to, including hotmail/outlook/live accounts, which are notorious for blocking emails.



One of the "digs" was I didn't have DMARC set up.. the other stuff had more to do with the crappy quality of the test email sent.

I receive my email on the main domain for bounce/no_reply/unsubscribe my admin user account and my personal user account. There are some hoops you have to jump through to get your users authenticated and some of the DNS entries that have to be done (like DKIM for the SMTP Amazon SES instance are entirely different than those on the base domain), and you have to authenticate your SMTP instance. The Amazon SES documents can get you lost, but if you'll step away after reading them for a bit, grab 2 ounces of a quality bourbon that you consume and then come back to it, it's generally easier to understand.

If you plan on Amazon SES actually processing your bounced/unsubscribe email, you either have to subscribe to the workmail setup or use S3 and create a bucket and then configure SES for sending to that bucket according to rules. It was WAY simpler for me to have another service (in my case ZoHo) host the main astrowhat.com domain and use it for the bounced, unsubscribe, admin and my personal domain emails.. then set up XF to check the ZoHo accounts for bounced/unsubscribe via IMAP/POP3. Been working great so far, and I'm on the (currently) free Amazon SES tier.

 

[TPerry]

Forgot to mention... it looks like the free tier is total emails set up under THAT Amazon SES account.. so you if have 2 or 3 domains, it will be split amongst them.. but if you have that many domains, you probably aren't (if they are active) going to be worrying about the free tier... even the paid is not that bad for sending. So that's 50K emails a month. And that's 50K for your root account, not for each verified user/domain you have configured.
For sending, I still use the same email I had set up 2 years ago for the site... I have it sending my email from a subdomain of my main email.. and then I receive all my email at the base domain (bounce/unsubscribe). So far, as I've said, it is working fine, but there are some hoops you have to jump through to get it configured correctly.... of of which is to have your accounts verified (even the one you send from) you HAVE to be able to receive an email from Amazon SES to verify it... so you will need a POP/IMAP receive set up for that email account.

As I said.. the documents can be your friend.. but some of them it helps to have imbibed in a slight quantity of relaxation.

 

[motowebmaster]

When I used SES I couldn't utilize the bounce handler in XF. It's not the reason I don't use SES now.

 

[beerForo]

Understood, thank both.

 

[TPerry]

When I used SES I couldn't utilize the bounce handler in XF. It's not the reason I don't use SES now.

It's not that hard to do... I have the default MX entries in my DNS for the sub-domain that they insist you create for your verified domain (I think they called it) and then you have MX records for your base domain (which in my case point at Zoho).
Since Amazon SES is not set up to receive any mail in case, it's not even that vital it be configured (other than Amazon SES requiring it to get verified). So far seems to be working fine for me... my outbound emails from XF get delivered via XF, and they show to use the bounced/unsubscribe defined emails in header and any responses go to my Zoho accounts I have set up.

 

[GW2]

I have a different Amazon SES question.
I am using XF 2.2.11

Since February 2022, Our forum has been receiving daily email messages returned by Yahoo.com and AOL.com (both are owned by the same company). Looking at other threads, it seems there are XF admins that have had a similar problem with Yahoo & AOL returned emails.

So, I decided to follow the advice above and establish an Amazon SES account.

I established an Amazon SES account.
My domain is verified by Amazon SES
My DKIM configuration is "successful"
My MAIL FROM configuration is "successful"
Both outgoing and receiving email addresses have been "verified". I am in the "sandbox"

So when I send a test message, the message is actually sent and goes through to the recipient OK. However, each message generates this server error log:


Any ideas about what is causing this error?

 

[TPerry]

Yeah... looks like for some reason it shows that your email is being sent from an outlook account. Is that what your Default email address in the ACP is configured to use?
If you have done Amazon SES correctly, it should be set up to send from your domain account that you configured on Amazon SES.
Did you change your information in the ACP to use the Email Transport Method data from your Amazon SES account?

Do you by chance use any caching of any type that may have your data cached on the server?

 

[GW2]

I think SES is set up correctly. Yes, I am using the default email address in the ACP (admin@xxxx.com). I am using the SMTP Email Transport Method (email-smtp.us-west-2.amazonaws.com)

Here is what Amazon SES developer guide says about the code 530 error .




I sent 4 test messages this morning which were all delivered properly by SES using our subdomain name to the recipient (my own personal outlook.com mailbox); and each message generated the same server error log in XF.

So what authentication could be causing this problem? Is it a SwiftMailer problem?

Stack trace​

#0 src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(344): Swift_Transport_AbstractSmtpTransport->assertResponseCode('530 Authenticat...', Array)
#1 src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/EsmtpTransport.php(305): Swift_Transport_AbstractSmtpTransport->executeCommand('MAIL FROM:<admi...', Array, Array, true, NULL)
#2 src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/EsmtpTransport.php(386): Swift_Transport_EsmtpTransport->executeCommand('MAIL FROM:<admi...', Array, Array, true)
#3 src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(485): Swift_Transport_EsmtpTransport->doMailFromCommand('admin@wmowners....')
#4 src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(518): Swift_Transport_AbstractSmtpTransport->doMailTransaction(Object(Swift_Message), 'admin@wmowners....', Array, Array)
#5 src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(206): Swift_Transport_AbstractSmtpTransport->sendTo(Object(Swift_Message), 'admin@wmowners....', Array, Array)
#6 src/XF/Mail/Mailer.php(312): Swift_Transport_AbstractSmtpTransport->send(Object(Swift_Message), Array)
#7 src/XF/Mail/Queue.php(148): XF\Mail\Mailer->send(Object(Swift_Message), Object(XF\Mail\SmtpTransport), Array)
#8 src/XF/Job/MailQueue.php(12): XF\Mail\Queue->run(8)
#9 src/XF/Job/Manager.php(260): XF\Job\MailQueue->run(8)
#10 src/XF/Job/Manager.php(202): XF\Job\Manager->runJobInternal(Array, 8)
#11 src/XF/Job/Manager.php(86): XF\Job\Manager->runJobEntry(Array, 8)
#12 job.php(43): XF\Job\Manager->runQueue(false, 8)
#13 {main}

Request state​

array(4) {
["url"] => string(8) "/job.php"
["referrer"] => string(32) "https://www.wmowners.com/forums/"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}

 

[TPerry]

Most likely it's an Amazon SES smtp issue.
Did you set up your verified identities in Amazon SES?

Honestly.. Amazon SES is not the simplest thing to set up.. .but once you do have it working... it's the cats meow.

If you don't mind sharing your log-in credentials, I can take a look at it, but do not promise anything as even for me it was trial & error.
There are several steps that have to be taken, as when you create each identity, it typically needs to be verified (as in having an actual email account to receive mail through). That will require direct interaction at the time it is being processed to work with.

 

[GW2]

Most likely it's an Amazon SES smtp issue.
Did you set up your verified identities in Amazon SES?

Honestly.. Amazon SES is not the simplest thing to set up.. .but once you do have it working... it's the cats meow.

If you don't mind sharing your log-in credentials, I can take a look at it, but do not promise anything as even for me it was trial & error.
There are several steps that have to be taken, as when you create each identity, it typically needs to be verified (as in having an actual email account to receive mail through). That will require direct interaction at the time it is being processed to work with.

I presume you are referring to Amazon SES log-in credentials?

 

[TPerry]

I presume you are referring to Amazon SES log-in credentials?

Yes... and that can use TeamViewer for remote access to your desktop so you keep all the information on hand.. but it would need to be done at a time when both parties are available.

 

[GW2]

I will start a conversation and send you log-in info.

 

[TPerry]

I will start a conversation and send you log-in info.

Better.. simply install TeamViewer and install it.. and send that login info. It's 11AM here right now and I've been up all night so about to go take a nap.

 

[GW2]

Better.. simply install TeamViewer and install it.. and send that login info. It's 11AM here right now and I've been up all night so about to go take a nap.

OK

 

[TPerry]

Feel free to give some times in Central Time that you would be available if you want some help. I will probably be back up around 3PM Central... but wont' be willing to start doing anything until around 7-8PM Central Time.. and that's only if the skies are not clear... I have a bad habit of taking advantage of any clear sky we have to grab astro captures.

 

[GW2]

OK.. here's my input.

....and you have to authenticate your SMTP instance. The Amazon SES documents can get you lost, but if you'll step away after reading them for a bit, grab 2 ounces of a quality bourbon that you consume and then come back to it, it's generally easier to understand.

I think my problem is lack of SMTP authentication. (Error 530, Authentication required).

From Amazon SES documentation:
"If you receive a 500 error, you have to revise your request to correct an issue before you submit the request again. For example, if your AWS authentication credentials are invalid, you have to update your application to use the correct credentials before you submit your request again." In my case, I think those credentials are missing.

So Xenforo, being an application, has to be identified in SES as an SMTP user with "SMTP credentials" if I understand this correctly ...probably identified by subdomain name?

 

[TPerry]

For logging in, you are given a "username" that they create. It will be a series of numbers and letters usually (at least mine was).
That's what you use for your username.



During the setup process you will end up with an access key id, that is what you use as your "username" for logging in via the SMTP service.