1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 2FA Emails rejected by Amazon SES

Discussion in 'Troubleshooting and Problems' started by MattW, Feb 4, 2016.

Tags:
  1. MattW

    MattW Well-Known Member

    So, I send all mail from the forum via Amazon SES, which requires you to verify each sending address being used.

    I've had a member try and activate 2FA (from what I can tell looking at the error logs), and the 2FA email is being sent from his own address - XXXXXX@gmail.com (changed address and username in below stack trace)

    Code:
    Zend_Mail_Protocol_Exception: Email to XXXXXX@gmail.com failed: Message rejected: Email address is not verified. - library/Zend/Mail/Protocol/Abstract.php:431
    Generated By: Unknown Account, 9 minutes ago
    Stack Trace
    #0 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail/Protocol/Smtp.php(324): Zend_Mail_Protocol_Abstract->_expect(Array, 600)
    #1 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail/Transport/Smtp.php(232): Zend_Mail_Protocol_Smtp->data('Subject: MattWS...')
    #2 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail/Transport/Abstract.php(348): Zend_Mail_Transport_Smtp->_sendMail()
    #3 /home/nginx/domains/mattwservices.co.uk/public/library/Zend/Mail.php(1194): Zend_Mail_Transport_Abstract->send(Object(Zend_Mail))
    #4 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Mail.php(175): Zend_Mail->send(Object(Zend_Mail_Transport_Smtp))
    #5 /home/nginx/domains/mattwservices.co.uk/public/library/SV/EmailQueue/XenForo/Mail.php(17): XenForo_Mail->sendMail(Object(Zend_Mail))
    #6 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Mail.php(152): SV_EmailQueue_XenForo_Mail->sendMail(Object(Zend_Mail))
    #7 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/Tfa/Email.php(41): XenForo_Mail->send('XXXXXX@gma...', 'MEMBER')
    #8 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/ControllerHelper/Login.php(113): XenForo_Tfa_Email->triggerVerification('login', Array, 'XXX.XXX.XXX.XXX', Array)
    #9 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/ControllerPublic/Login.php(198): XenForo_ControllerHelper_Login->triggerTfaCheck(Array, 'email', Array, Array)
    #10 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/FrontController.php(351): XenForo_ControllerPublic_Login->actionTwoStep()
    #11 /home/nginx/domains/mattwservices.co.uk/public/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
    #12 /home/nginx/domains/mattwservices.co.uk/public/index.php(13): XenForo_FrontController->run()
    #13 {main}
    Request State
    array(3) {
      ["url"] => string(99) "https://mattwservices.co.uk/login/two-step?redirect=https%3A%2F%2Fmattwservices.co.uk%2F&remember=0"
      ["_GET"] => array(3) {
        ["/login/two-step"] => string(0) ""
        ["redirect"] => string(28) "https://mattwservices.co.uk/"
        ["remember"] => string(1) "0"
      }
      ["_POST"] => array(0) {
      }
    }
    Any ideas how to get around this, or should it be sent from the standard board address?
     
  2. Chris D

    Chris D XenForo Developer Staff Member

    I don't see any evidence in that log output that it's being sent FROM the user's address.

    Certainly the code itself isn't doing this.

    If you check line 41 of library/Tfa/Email.php we only pass in a to email and to name. The rest are left blank so the from email is set to the default board address by default:
    PHP:
    if ($fromEmail)
    {
       
    $mailObj->setFrom($fromEmail$fromName);
    }
    else
    {
       
    $mailObj->setFrom($options->defaultEmailAddress$fromName);
    }
    An add-on is mentioned in the stack trace, I don't know whether this is doing anything odd here.
     
  3. MattW

    MattW Well-Known Member

    Thanks Chris, that's @Xon 's mail queue addon. I know Amazon SES sets that error message when the FROM address is one that isn't verified, as you have to verify each sending address in their control panel.
     
    Xon likes this.
  4. MattW

    MattW Well-Known Member

    Ignore me Chris, I'm being a bit "special" this morning. I changed the bounce address on my site this morning, and I've not verified it :oops:
     
    Xon and Chris D like this.

Share This Page