Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Your 'from email', (or its domain) is not verified in your SES console, your emails cannot be sent
  • Vote Up0Vote Down travelltravell
    Posts: 3Sendy user

    I've searched the forums and unfortunately I think I've covered all the bases. I'm using the same exact credentials in the app I wrote. It would be helpful if there was a page in Sendy for debugging the response from SES. It looks like my credentials are being used just fine since it's pulling the right stats about my quota. My email is verified and is a simple noreply@domain.com, all lowercase.

    Update.

    I put a print_r($rest) after the call to SES in ses.php for ListIndentities. The result:

    stdClass Object ( [error] => Array ( [curl] => [Error] => Array ( [Type] => Sender [Code] => AccessDenied [Message] => User: arn:aws:iam::xxxxxxxxxxxxxxxx:user/xxxxx.dev is not authorized to perform: ses:ListIdentities ) [RequestId] => 026daf5c-b9c3-11e2-8737-2f28b5576cca ) [code] => 403 )

    Now I'm reminded that I'm using a lower privileged user. I think it's useful for you to also return the raw response from AWS. Maybe a Detail link in the error message that when clicked can show what AWS thinks the problem is (the raw response). I think you may be rolling up errors.

    It may also be sufficient for you to add a setting so that Power users can say, yes this account is verified; ListIdentities is a security hole for production use.

    Maybe you can override this in config.php as well. My quick fix was to manually add my sender inside of the ListIndentities which is an uber bad short term fix since I had to suppress the error logging and return of false in the method. .Thoughts?

    Thanks,

    Travell

  • 4 Comments
  • Vote Up0Vote Down travelltravell
    Posts: 3Sendy user

    Eh, to be on the safe side I just relaxed my permissions for SES. I can't tell what other calls you are leveraging without seeing the full source. Mail was delivered after that.

  • Vote Up0Vote Down BenBen
    Posts: 3,484Sendy support

    Hi @travell,

    Are you using IAM for AWS creds?

    Ben

  • Vote Up0Vote Down travelltravell
    Posts: 3Sendy user

    Yes. Changed specific actions to just ses:*

  • Vote Up0Vote Down BenBen
    Posts: 3,484Sendy support

    Ok. Did you attach user policy for full ses and sns access like so:

    Thanks.

    Ben

This discussion has been closed.
All Discussions