XF 1.5 2FA Emails rejected by Amazon SES

[MattW]

So, I send all mail from the forum via Amazon SES, which requires you to verify each sending address being used.

I've had a member try and activate 2FA (from what I can tell looking at the error logs), and the 2FA email is being sent from his own address - XXXXXX@gmail.com (changed address and username in below stack trace)

Zend_Mail_Protocol_Exception: Email to XXXXXX@gmail.com failed: Message rejected: Email address is not verified. - library/Zend/Mail/Protocol/Abstract.php:431
Generated By: Unknown Account, 9 minutes ago
Stack Trace
#0 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail/Protocol/Smtp.php(324): Zend_Mail_Protocol_Abstract->_expect(Array, 600)
#1 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail/Transport/Smtp.php(232): Zend_Mail_Protocol_Smtp->data('Subject: MattWS...')
#2 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail/Transport/Abstract.php(348): Zend_Mail_Transport_Smtp->_sendMail()
#3 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail.php(1194): Zend_Mail_Transport_Abstract->send(Object(Zend_Mail))
#4 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Mail.php(175): Zend_Mail->send(Object(Zend_Mail_Transport_Smtp))
#5 /home/nginx/domains/mattwservices.co.uk/public/library/SV/EmailQueue/XenForo/Mail.php(17): XenForo_Mail->sendMail(Object(Zend_Mail))
#6 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Mail.php(152): SV_EmailQueue_XenForo_Mail->sendMail(Object(Zend_Mail))
#7 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Tfa/Email.php(41): XenForo_Mail->send('XXXXXX@gma...', 'MEMBER')
#8 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/ControllerHelper/Login.php(113): XenForo_Tfa_Email->triggerVerification('login', Array, 'XXX.XXX.XXX.XXX', Array)
#9 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/ControllerPublic/Login.php(198): XenForo_ControllerHelper_Login->triggerTfaCheck(Array, 'email', Array, Array)
#10 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/FrontController.php(351): XenForo_ControllerPublic_Login->actionTwoStep()
#11 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#12 /home/nginx/domains/mattwservices.co.uk/public/index.php(13): XenForo_FrontController->run()
#13 {main}
Request State
array(3) {
  ["url"] => string(99) "https://mattwservices.co.uk/login/two-step?redirect=https%3A%2F%2Fmattwservices.co.uk%2F&remember=0"
  ["_GET"] => array(3) {
    ["/login/two-step"] => string(0) ""
    ["redirect"] => string(28) "https://mattwservices.co.uk/"
    ["remember"] => string(1) "0"
  }
  ["_POST"] => array(0) {
  }
}

Any ideas how to get around this, or should it be sent from the standard board address?

 

[Chris D]

I don't see any evidence in that log output that it's being sent FROM the user's address.

Certainly the code itself isn't doing this.

If you check line 41 of library/Tfa/Email.php we only pass in a to email and to name. The rest are left blank so the from email is set to the default board address by default:

if ($fromEmail)
{
   $mailObj->setFrom($fromEmail, $fromName);
}
else
{
   $mailObj->setFrom($options->defaultEmailAddress, $fromName);
}

An add-on is mentioned in the stack trace, I don't know whether this is doing anything odd here.

 

[MattW]

Thanks Chris, that's @Xon 's mail queue addon. I know Amazon SES sets that error message when the FROM address is one that isn't verified, as you have to verify each sending address in their control panel.

 

[MattW]

Ignore me Chris, I'm being a bit "special" this morning. I changed the bounce address on my site this morning, and I've not verified it