Page MenuHomePhabricator

Amazon SES mailer does not allow specifying endpoint
Closed, ResolvedPublic

Assigned To
None
Authored By
swisspol
May 20 2014, 1:11 AM
Tokens
"Like" token, awarded by r0bbie."Like" token, awarded by arcdigital."Like" token, awarded by renatomassaro."Like" token, awarded by john.sandall."Like" token, awarded by mikn.

Description

Please add a amazon-ses.endpoint config setting.

Event Timeline

swisspol raised the priority of this task from to Needs Triage.
swisspol updated the task description. (Show Details)
swisspol added a subscriber: swisspol.

FYI Amazon SES does have different endpoints per region:
http://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region

Is there any downside to sending to the wrong endpoint?

For instance production access is per endpoint (http://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html). Same for SMTP settings e.g. "email-smtp.us-west-2.amazonaws.com".

In our case since we set up our dev servers all in US-West-2 and not the default US-East-1, the emails would be rejected.

In general, any AWS service that Phabricator uses and that has region specific endpoints should expose the endpoint setting.

We use SES on this install without issues (this server is in US West) but maybe we were grandfathered in.

You probably just config'ed it in us-east1 (which i think was the only region it was in for a while). The location of the originating server doesn't matter, though you're basically paying some fractional amount more in $$$ for the outgoing bandwidth twice since it has to cross regions.

I'm just asking to get authorized in that region too in the meantime so i can unpatch my server.

I have a local fix for this and am figuring out how to commit now.

My SES got created in the 'Oregon' region, which is not the default region used by the SES api. All email is rejected with the response 'Unverified Sender'.

I just had this problem as well, since our SES only has been verified by Amazon for the region eu-west-1 we either had to contact them for verification in us-east-1 or be able to set something like:

public function executeSend($body) {
  $key = PhabricatorEnv::getEnvConfig('amazon-ses.access-key');
  $secret = PhabricatorEnv::getEnvConfig('amazon-ses.secret-key');
  $host = PhabricatorEnv::getEnvConfig('amazon-ses.host-url'); // read host-url from config

  $root = phutil_get_library_root('phabricator');
  $root = dirname($root);
  require_once $root.'/externals/amazon-ses/ses.php';

  $service = new SimpleEmailService($key, $secret, $host); // added host argument
  $service->enableUseExceptions(true);
  return $service->sendRawEmail($body);
}

In [phabricator]/src/applications/metamta/adapter/PhabricatorMailImplementationAmazonSESAdapter allowing to inject a customized amazon-ses target.

Will check back tonight and see if @disciplezero has committed a fix.

Can confirm this is still unfixed on head, we're having trouble as our Amazon region is only eu-west-1 as well. For now we are going to manually edit the SES adapter to pass the hostname, but a config option seems like the best bet here.

mikn added a subscriber: mikn.

We've also hit this, but we had our SES configured in the EU-west region, I used the diff attached and updated it to the current code base.

Same story as @mikn, hit exactly the same problems although didn't know what they were at first. I'm relatively new to the world of server admin so took a while to understand why New Relic was sending me emails every few minutes with PhutilProxyException errors, then I saw the Unverified Sender messages in the daemons log and arrived here.

For me, SES is verified in eu-west-1 and doing the 72h DNS verification dance for us-east-1 seemed less fun than just patching my install. Patching manually using D10505 (adapting to use the new JSON config file instead) worked perfectly for me, and my inbox is suddenly full of all those backlogged email updates! Be good to get this landed.