XF 2.0 Bounce Email

[JoyFreak]

Are these options ok as they are?

What goes in the host, port, username and password fields? Do I also check the SSL since my site uses https?

 

[BoostN]

Usually you setup a bounced email address that XF will connect to and report back the bounced address. This new email box has to be only used for this purpose.

In my case, I created a new separate gmail inbox and I'm using Gmail's IMAP settings:

 

[JoyFreak]

okay the username would be the full email and the password for that email? so i.e bouncejf@gmail.com

 

[BoostN]

okay the username would be the full email and the password for that email? so i.e bouncejf@gmail.com

Correct, email login username/password.

 

[JoyFreak]

Ok and the Bounced email address option (1) do I use the Gmail one I've made or keep it as bounce@joyfreak.com ? Which I have also just made.
and (2) do I Enable variable bounced email address values or not?

 

[BoostN]

The bounced email address field will be the new email you've created that will contain the bounced email. Usually the same as the "Login" email you used in the screenshot I put above.

 

[JoyFreak]

The bounced email address field will be the new email you've created that will contain the bounced email. Usually the same as the "Login" email you used in the screenshot I put above.

Ah so "bouncejf@gmail.com " ?

Also did you "enable variable bounced email address values" or not necessary?

 

[BoostN]

Ah so "bouncejf@gmail.com " ?

Also did you "enable variable bounced email address values" or not necessary?

Yes, and yes.

 

[JoyFreak]

Yes, and yes.

Thank you so much you are the best!

 

[JoyFreak]

Also what did you have your Email transport method as?
Default with Set return path with -f parameter (recommended, but does not work on all servers) ?

 

[BoostN]

Also what did you have your Email transport method as?
Default with Set return path with -f parameter (recommended, but does not work on all servers) ?

I don't have that option in XF2.0x

 

[JoyFreak]

You do because I have it and I am on XF2.0x.

 

[BoostN]

You do because I have it and I am on XF2.0x. View attachment 188486

Sorry, I use SMTP and that field is hidden for me.

 

[JoyFreak]

Sorry, I use SMTP and that field is hidden for me.

I see. So will I need to use SMTP as well for the above discussed configurations to work?

 

[MaximilianKohler]

Also did you "enable variable bounced email address values" or not necessary?

Yes, and yes.

I followed these instructions and enabled IMAP in gmail's settings https://support.google.com/mail/answer/7126229
and got these errors:

All I did was add a bounce@gmail to /admin.php?options/groups/emailOptions/. My Default email address and Contact email address are both the same @mydomain emails, which I previously tested to be working. But now when I try to send a test email via admin.php?tools/test-email it seems to be trying to send it from the bounce@gmail:

++ XF\Mail\SmtpTransport started
>> MAIL FROM:<myforumbounce123+91234520+bounce=simulator.amazonses.com@gmail.com>
<< 250 Ok
>> RCPT TO:<bounce@simulator.amazonses.com>

or

++ XF\Mail\SmtpTransport started
>> MAIL FROM:<myforumbounce123+ca4saff+admin=mysite.com@gmail.com>
<< 250 Ok
>> RCPT TO:<admin@mysite.com>

And I get these errors:
Errors were encountered while trying to send the email.

<< 554 Message rejected: Email address is not verified. The following identities failed the check in region US-WEST-1: myforumbounce123+91234520+bounce=simulator.amazonses.com@gmail.com...

!! Expected response code 250 but got code "554", with message "554 Message rejected: Email address is not verified. The following identities failed the check in region US-WEST-1: myforumbounce123+91234520+bounce=simulator.amazonses.com@gmail.com...
" (code: 554)

A Xenforo developer said I might need to verify the gmail bounce email in SES. Is that what you experienced as well? Unchecking that option is the opposite of what @BoostN did.

Per the error message, you will need to verify the identity of the bounce email address in SES. Since you will need to verify the individual email address (you can't verify the gmail.com domain of course), you may have to disable VERP by unchecking the 'Enable variable email address values for automated email handling' option in XF as well.

@BoostN are you using Amazon SES or another SMTP?

I thought we only have to verify "send from" emails in SES, and it's odd that XF seems to be trying to send email from my bounce gmail address.

 

[Jeremy P]

The bounce email is set as the return-path address (which is sort of like a separate "from" address), so yes it will need to be verified in SES as the error message describes.

 

[MaximilianKohler]

That seemed to work! Thank you Jeremy!

When sending a test email to any/all of these emails:

bounce@simulator.amazonses.com
complaint@simulator.amazonses.com
suppressionlist@simulator.amazonses.com

Sending test emails in Amazon SES with the simulator - Amazon Simple Email Service

Send an email to yourself from the Amazon SES console for the easiest way to experiment with sending emails using Amazon SES.

docs.aws.amazon.com

Is it the expected behavior that nothing shows up in the admin.php?logs/email-bounces email bounce log? How else would I verify bounce & complaint handling are working?

EDIT: Or maybe it's not the expected behavior and has to do with this server error?:

Server error log
Laminas\Mail\Exception\RuntimeException: Bounce connection error: cannot login, user or password wrong
src/XF/Mail/Storage/Imap.php:34

Generated by: Unknown account
              
Jul 13, 2023 at 1:56 AM

Stack trace
#0 src/XF/EmailBounce/Processor.php(256): XF\Mail\Storage\Imap::setupFromHandler(Array)
#1 src/XF/SubContainer/Bounce.php(15): XF\EmailBounce\Processor::getDefaultBounceHandlerStorage(Object(XF\Pub\App))
#2 src/XF/Container.php(31): XF\SubContainer\Bounce->XF\SubContainer\{closure}(Object(XF\Container))
#3 src/XF/SubContainer/Bounce.php(43): XF\Container->offsetGet('storage')
#4 src/XF/Job/EmailBounce.php(20): XF\SubContainer\Bounce->storage()
#5 src/XF/Job/Manager.php(260): XF\Job\EmailBounce->run(7.99911)
#6 src/XF/Job/Manager.php(202): XF\Job\Manager->runJobInternal(Array, 7.99911)
#7 src/XF/Job/Manager.php(86): XF\Job\Manager->runJobEntry(Array, 7.99911)
#8 job.php(43): XF\Job\Manager->runQueue(false, 8)
#9 {main}

Request state
      
           array(4) {
["url"] => string(8) "/job.php"
["referrer"] => string(63) "https://forum.mysite.com/admin.php?logs/email-bounces"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}

I redid my email and password twice, as noted above in #3 and #4 https://xenforo.com/community/threads/bounce-email.156547/post-1298673

 

[Jeremy P]

Is it the expected behavior that nothing shows up in the admin.php?logs/email-bounces email bounce log? How else would I verify bounce & complaint handling are working?

Bounce handling is a periodic process so results may not show up immediately, but they should show up in the log within an hour of the bounce message appearing in the bounce inbox. You can check the inbox manually (ie. via the Gmail web interface) to make sure it was receieved.

EDIT: Or maybe it's not the expected behavior and has to do with this server error?:

Yeah, that error means XF was unable to authenticate with the inbox. Gmail is saying the username or password is not what they are expecting. If regular IMAP authentication does still work (vs. OAuth), then you'd have to troubleshoot with Gmail. Note the following from their instructions:

Check that IMAP is turned on
[...]
Use an App Password: If you use 2-Step Verification, try signing in with an App Password.
[...]
Allow less secure apps: If you don't use 2-Step Verification, you might need to allow less secure apps to access your account.

The last option links to a page which notes that signing in with your Gmail password is no longer supported, so it might be worth enabling 2FA on the account and trying an App Password. If that doesn't work, you will need to use OAuth authentication instead of IMAP authentication.

 

[MaximilianKohler]

The last option links to a page which notes that signing in with your Gmail password is no longer supported, so it might be worth enabling 2FA on the account and trying an App Password. If that doesn't work, you will need to use OAuth authentication instead of IMAP authentication.

Ah! Thank you!

I thought this would be the easiest and most foolproof method, but I hate 2FA and don't like giving Google my phone number, so I decided to go with the potentially-buggy SES SNS addon. It seems to be working, and would probably be the easiest method for most people.

More info:

One problem I noticed is that I'm not getting email notifications when I test send to the Amazon test emails even though I have "Email feedback forwarding" turned on.

I also wonder if your issue might be because Snoopy's instructions are to set up the feedback notifications for both the domain and the "send from" email (nvm, see below). My setup for Listmonk, which is working on another domain, is to have both the domain & sender email verified, with "Email feedback forwarding" enabled for both, but only the domain has the "feedback notifications" enabled.

Man, this is frustratingly complicated.

I want to send from "noreply@" but I don't want people to be able to reply to it, but it seems like I have to verify it in SES (maybe not!? See below), thus enabling people to reply to it. It's useless to have a "noreply" if people can reply to it.
With both my Listmonk account/domain, and Xenforo, I verified that I can send from whateveremailiwant@myverifieddomain without having to verify the sender email in SES.

The only use I see for verifying a sender email in SES is to be able to turn on email notifications - "Email feedback forwarding".
nvm, I removed "Feedback notifications" for the sender email and that seemed to prevent bounces from showing up in the logs.

I got the Attempt to read property "recipient" on bool error once, and then later on it came back a lot, even though it's not supposed to keep happening.

I enabled "Feedback notifications" for the sender email as well, and I'm still not getting bounce email notifications from SES, and it's causing that Attempt to read property "recipient" on bool error. Something I did stopped the errors but I still don't get the email notifications.

Enabling Raw message delivery didn't seem to do anything, so I turned it back off.

I'm using this

Which probably makes things even more complicated.

I had to enable "catch all" in Cloudflare in order to get feedback notification emails from Amazon SES for bounce/complaints, but only the "complaint" emails come through.
bounce@simulator.amazonses.com shows up in Xenforo's bounce logs, but I don't get an email notification.

Endpoint - bounce & complaint:
At In the Endpoint section, type the following address https://www.yoursite.com/api/amazon-ses/bounce I thought it would be a good idea to split up the endpoints into "bounce" and "complaint" so that Xenforo registers them distinctly, but https://www.yoursite.com/api/amazon-ses/complaint(s) doesn't work (won't automatically verify).

Not sure if that's a deficit in Xenforo or this addon.


Testing:
I tried registering a new test account on my forum with a fake gmail, as described in Snoopy's guide, and it did show up as a hard bounce. So everything seems to be working properly I guess. I just don't get the email notifications from SES for bounces.

It's probably better to use bounce@simulator.amazonses.com instead of a fake gmail account since SES will count the gmail one against your record but not the simulator one.

I did a search and found:

So using a new user to test may not be the best method. I guess it doesn't matter whether it's a new account or an existing one. Tracy showed in the above link that it will change the user profile in the ACP "User state" to "awaiting email confirmation (from edit)".

I changed the email of an existing user, and I see that they're now greyed out in /admin.php?users/list.

I did some searches and found the following info:

• We can go to /admin.php?logs/email-bounces, click on the bounce, and then look for User state to verify that the bounce changed the user's state.
• List of "blocked emails" that bounced/complained: I was wondering if there is supposed to be a list somewhere of "blocked emails" that bounced/complained? IE: to prevent Xenforo from emailing them again? I guess Xenforo just uses their "user state"?
• /admin.php?users/email can be used to view a list of emails.
• /admin.php?users/search can list all users that are in an invalid state.
• Exporting: Emails can be exported to .csv via /admin.php?users/list
• Importing: it seems that an SQL statement to update the user records may be the only option. Sigh... complicated.

More testing:

Spoiler: more testing

I disabled "catch all" and "noreply@" in cloudflare (meaning that noreply@ cannot receive email), and "Feedback notifications" were turned off for "noreply@" and nothing would show in XF errors or bounce log.

I left the cloudflare stuff disabled, and turned ON "Feedback notifications" for "noreply@" and that caused the bounce to show up ALONG with 8 of the Attempt to read property "recipient" on bool src/XF/EmailBounce/Processor.php:106 errors.

But the error didn't happen again when I resent the email, but it did show up in the bounce log.

I then deleted the "noreply@" from the verified identities, and it still seemed to work fine.

Thus, my conclusion is that verifying the "send from" email is not necessary. BUT if you do add one there you also need to enable "Feedback notifications" for it.

This is contrary to my setup & testing with my Listmonk domain.

I don't know what the deal is with the email notifications, but I give up on that. They don't seem necessary anyway.