Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SRS Question in connection with AWS SES

Discussion in 'E-mail Discussions' started by PeteS, Mar 17, 2018.

Tags:
  1. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    84
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    Maybe this should be it's own thread, but I'll start here...

    I'm having a tough time getting AWS SES to accept forwards that come from a server on a verified domain but where the sender is an outside address. It appears that SES *only* looks at the From: and not the Sender: header, so this tweak doesn't help, though I thought it might, since it adds the sending server domain to the Sender: header.

    I have considered trying to find a way to have EXIM rewrite the From: to something verified (like the forward To: or the sending server domain) but that seems more complicating, and then the Replyto: would have to be rewritten to the original sender in case it wasn't already. And I figure some mail clients still might mess it up.

    Has anyone else run into this trying to use SES for SMTP for a server?

    Any ideas, hints...?

    -Pete
     
    #1 PeteS, Mar 17, 2018
    Last edited: Mar 18, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    84
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Thank you for splitting this off. (You might consider adding "in connection with AWS SES" to the title as that would help more of the right people find it.)

    I'm currently considering a simpler solution, since rewriting headers opens up a whole other area of concern regarding DKIM, SPF, and DMARC. I'm considering just having EXIM only use SES when the message is *not a forward* AND not local. I'm using SES for deliverability reasons, and that's not such a problem for me with forwards anyway (most of them are local, and the ones that aren't were doing fine without SES).
     
    cPanelMichael likes this.
  4. mrdigitalau

    mrdigitalau Registered

    Joined:
    Mar 2, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey PeteS

    I'm in the exact same predicament as you, I find my CPANEL server does not send email very well, so wanted to go via SES. I'm using Sendgrid right now, but more expensive, it works though, as you do not have to verify each domain. But there is "via sendgrid" added to each email address unless you whitelist the domain.

    Did you have any luck with that EXIM code to make SES only send with remote domains and use another router for local/forwarded emails? It would help so much!
     
  5. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    84
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Hi @mrdigitalau,

    I tried SendGrid for a few days, but left because of way too many IPs in RBLs and just not great delivery results. I get better with the sending locally. They were the easiest to set up though, I'll grant that.

    I also tried MailGun, and will keep them as a back up. I LOVE their dashboard, but their is one huger deal-killer with them: they don't send bounces back to the original sender, and aren't willing to move that feature request forward. (There has been one in for it for well over a year.) Initially I verified just the server's host domain and that allowed me to send from all accounts, but it sets the sender header to something that some email clients can't decode if they use it instead of From: or Replyro:, which causes a failure when a recipient clicks Reply in that case. (I trap this error with a route that collects those and sends them to me; I then forward them to the proper recipient.) This is an obvious issue if the mail volume is high enough, even though it only happens rarely. Sending with Replyto set decreases the occurrence of this. The ultimate solution is to verify each sending domain (as with SES) and then modify the EXIM config to programmatically send per domain, which works great! I didn't complete that verification on all domains (just a test set) because I discovered they don't send bounces (I was initially misinformed that they did). But I keep the code around as a backup, because they do deliver well with few blocked IPs, and if the IP is blocked and mail bounces you can instantly change the shared IP you're on! (SendGrid didn't offer that.)

    Both MailGun and SES have better deliverability than my low volume, <1 year old, server IP. But SES is clearly the best of the two. By the way, how old is your server's IP? I believe I am noticing improvements in the deliverability of mine after a few months of sending 200-400+ emails per day. I assume your reason for wanting to send through SES is the same as mine - because MS (Live, Outlook, Hotmail, etc.), Yahoo, and others count no reputation as bad reputation (guilty until proven innocent) and thus much email goes to Junk folders. Initially MS was bouncing me until registered in their management program and received a conditional allowance; after that I only had to deal with being sent to Junk...

    Finally, to SES... I have all my domains verified with SES, and it works great. Local email (between server accounts) doesn't go through SES, but is handled locally. Isn't that how you set it up? The third line in the following code placed in the PREROUTERS section of the EXIM config file takes care of not sending local email through SES.

    Code:
    send_via_ses:
    driver = manualroute
    domains = ! +local_domains
    transport = ses_smtp
    route_list = * email-smtp.us-west-2.amazonaws.com;
    Docs here: Integrating Amazon SES with Exim - Amazon Simple Email Service

    Most of my forwards go locally already thanks to that routing, but I eventually discovered that forwards sent to SES were bouncing! I have a few clients that do all email through Gmail. They send through their domain on my server, and thus SES, and they have domain based email addresses that forward to their Gmail, where they have the appropriate domain based aliases set up. When I noticed that incoming email to them was being declined by SES I had to switch away from SES immediately.

    Initially I opened up a support request with AWS but they showed little interest at solving what I feel is a shortcoming on their part. I also found some discussion of it on their forum, with an AWS rep indicating he would submit it to team, but it looks like nothing came of it (https://forums.aws.amazon.com/thread.jspa?messageID=836149).

    Then I wanted to rewrite the forward headers so SES would accept them, since they ignore other headers that clearly show it being sent from a verified domain, but that quickly sounded like it would create more issues, so I then came up with the current idea-to keep all forwards local. This would be a perfect solution for me, barring AWS fixing it on their end...

    So to finally directly answer you question about forwards: I'm still working on it. I have some ideas but don't know the EXIM config syntax well enough to try it on my own. I was hoping for clues here, but it looks like I'm a pioneer on this one. I've posted to the EXIM users' list ([exim] How to rewrite From: header of offsite forwards only to prevent Amazon SES 554 error) and continue to Google and read EXIM docs a bit each day. I feel like it would not be a complicated thing to implement but I don't really know the right question to ask in order to find that simple solution.

    Thanks for listening... I've been thinking of writing all this up, including my thoughts and experiences with SendGrid, MailGun and SES.

    I'll certainly post here if I find a solution and make it work.
     
    cPanelMichael likes this.
  6. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    84
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    [POST REMOVED DUE TO ERRONEOUS CONTENT]
     
    #6 PeteS, Mar 24, 2018
    Last edited: Mar 25, 2018
  7. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    84
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Stop!

    An EXIM developer just pointed out a flaw in the method posted earlier!

    I will post the solution again after I sort it out.

    Do not implement it at this time...
     
    #7 PeteS, Mar 24, 2018
    Last edited: Mar 25, 2018
Loading...

Share This Page