I have configured postfix to relay mail to Amazon SES by following their integration guide and sending email is working without issue.
However, I recently wrote a PHP application using a framework which produced a malformed email message.
SES rejects the email with "554 Transaction failed: Expected MIME type, got =" which is acceptable.
However, my local postfix server then attempts to send a sender non-delivery notification with a from=<> which gets pushed through to the relay address.
SES rejects stating "501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))" and postfix removes the bounce message from the queue.
Question is, what is the easier way to ensure I get the original 554 bounce message sent to me? I don't see a way to make the SES relay accept empty from fields, so I believe the solution would lay in configuring postfix to deliver the bounce message directly to me.
Note, I use the term 'bounced mail' perhaps incorrectly. The mail is perhaps rejected but I'm not sure of the correct nomenclature for this scenario. The key point is that the message is not accepted by the SES relay, so it hasn't in fact gone 'out the door' so to speak.
Jun 12 03:11:21 myserver postfix/smtp[6353]: 411BA21795: to=<valid#validdomain.com>, relay=email-smtp.us-east-1.amazonaws.com[54.243.192.132]:25, delay=0.29, delays=0.05/0.02/0.15/0.07, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[54.243 .192.132] said: 554 Transaction failed: Expected MIME type, got = (in reply to end of DATA command))
Jun 12 03:11:21 myserver postfix/cleanup[6351]: 93F202179B: message-id=
Jun 12 03:11:21 myserver postfix/qmgr[895]: 93F202179B: from=<>, size=4673, nrcpt=1 (queue active)
Jun 12 03:11:21 myserver postfix/bounce[6354]: 411BA21795: sender non-delivery notification: 93F202179B
Jun 12 03:11:21 myserver postfix/qmgr[895]: 411BA21795: removed
Jun 12 03:11:21 myserver postfix/smtp[6353]: 93F202179B: to=<valid#validdomain.com>, relay=email-smtp.us-east-1.amazona ws.com[23.21.161.144]:25, delay=0.17, delays=0.01/0/0.15/0, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[23. 21.161.144] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))
Jun 12 03:11:21 myserver postfix/qmgr[895]: 93F202179B: removed
If you just need to get the Postfix bounce messages delivered to your inbox just set the next bounce related configuration params (/etc/postfix/main.cf file for Ubuntu):
# The list of error classes that are reported
notify_classes = bounce, delay, policy, protocol, resource, software
# The recipient of postmaster bounce notifications
bounce_notice_recipient = bounceuser
# The recipient of postmaster notifications about mail delivery problems that
# are caused by policy, resource, software or protocol errors.
error_notice_recipient = bounceuser
# The recipient of postmaster notifications with the message headers of mail
# that cannot be delivered within $delay_warning_time time units
delay_notice_recipient = bounceuser
bounceuser is the recipient that will get bounce related messages. If you need to forward the message to non-local recipient just edit /etc/aliases to make postfix forward the message to you:
# /dev/null will just delete the message from local
bounceuser: /dev/null, <YOUR_EMAIL_ADDRESS_HERE>
Don't forget to recreate the alias database and restart the postfix service:
sudo newaliases
sudo service postfix restart
^_^
In order to received the bound message, you must set an envelope sender address which is delivered locally on your postfix installation.
Check
postconf mydestination
to see which domains are delivered locally.
Your application then needs to set the envelope sender address to a valid, locally delivered address. Something like root#name.of.your.machine
You can't convince postfix to fill out the MAIL FROM with anything other than <> because it is hardcoded.
What you can do is enable double-bounce notifications in main.cf:
# enable double bounce notifications (resource, software are the defaults)
notify_classes = 2bounce, resource, software
# Set the sender address for 2bounce
# #myhostname will be appended even if you have an # in the sender
double_bounce_sender = postmaster
# Set the recipient address for 2bounce
2bounce_notice_recipient = bounce.notify#company.com
# (and resource, software)
error_notice_recipient = bounce.notify#company.com
You'll end up with something like this.
PHP app (From: <your-app#company.com>) --> SES (To: <some-offiste#customer.com>)
: 5xx Rejected
Postfix (From: <>) -> SES (<your-app#company.com>)
: 501 Rejected Invalid MAIL FROM
Postfix (From: <postmaster#company.com>) -> SES (<bounce.notify#company.com>)
Whilst this strictly answers the question in that bounce messages will sort of be attempted via SES, it's worth noting that in the situation where e-mail one failed due to configuration problems, this is not necessarily more useful than setting bounce recipient to a local mailbox as suggested in the other answers - the 2bounce mail would be subject to the same configuration issues and would presumably also not be able to be sent.
Related
Prerequisites
I use AWS SES to send an email with event publishing to track the delivery status.
Problem
I'm looking for an event to make sure that an email is successfully sent to the end-user.
Description
Following AWS documentation, this type is suitable:
Deliveries – Amazon SES successfully delivered the email to the
recipient's mail server.
However, this event I get also in case Hard bounces.
For example, email status flow is:
Sends -> Deliveries - in case of successfull delivery
Sends -> Deliveries -> Hard bounces - in case I provide invalid recipient name, e.g. invalid#domain.com or 1234567890#domain.com
I don't expect Hard bounces after Deliveries.
If this behavior is correct then I need some additional event for sure success.
Something like this is expected in case of successfull delivery:
Sends -> Deliveries -> Success
I know that there are other "success" events like Opens, Clicks, Subscriptions, but they require additional action from the end-user.
Implementation details
I use Verified identity as an email sender.
A configuration set is used to redirect status events to SNS.
Finally, SQS is subscribed to this SNS to have all events in one place.
I tried several ways to send an email:
Java code using AWS SES SDK
Sending simulator with predefined and custom recipient's
The result is the same (as described above)
I think it is impossible to have a Success status because AWS cannot guarantee when the recipient mail server will reply with a Hard Bounce. You yourself have to define how long to you want to wait until you consider a delivery as successful. For example, if no hard bounce after 5 minutes, then it is a success.
If your use case is for analytics, I will simply capture more event types (for example log both Deliveries and Hard Bounces), and then count my success as Count of Deliveries - Count of Hard Bounces.
If your use case is for event-driven workloads, we need to define first what is considered a Success. For example, if we define Success as no Hard Bounce after 5 minutes, we can configure a Lambda function to trigger 5 minutes after a Delivery event. In the function, check if a subsequent Bounce event occurred. If not, the delivery is considered successful and then you can proceed to do what you want to do.
This is what I got from aws support about delivery status of an email.
Amazon SES will continue making several delivery attempts until
receiving a successful response from the recipient mail server, or
until 840 minutes elapse. If Amazon SES is still unable to deliver
the email/message during this period, it stops sending the email and
will then return a bounce message/notification.
According to this you can't be sure about the bounce or any other status within 5 minutes.
AWS does not have visibility to confirm if the Recipient Mail Server was able to deliver the message to the recipient email address when you get a 250 OK(it's confirmation that aws has delivered the message to recipient's mail server).
So there is no way you can be sure.
I am running a mailing list with Mailman which uses Postfix to send the emails through Mailgun. I'm on Mailgun's (paid) Flex plan with a verified (non-sandbox) account.
The mailing list has about 30 members and the traffic is low. Still, when an email is sent, the log (/var/log/mail.log) contains entries with Domain ... is not allowed to send large batches yet.
postfix/smtp[33682]: 019053E815: to=<...>, relay=smtp.mailgun.org[44.231.238.210]:587,
delay=1181, delays=1179/0.02/2/0.13, dsn=4.0.0, status=deferred (host smtp.mailgun.org[44.231.238.210]
said: 421 Domain ... is not allowed to send large batches yet (in reply to DATA command))
I was unable to find any information about this error message. What's a good workaround for this issue – should the outgoing emails be throttled or should I request an increase of the batch sizes from Mailgun?
The solution was to contact Mailgun support. They raised the limits on my account and after that, the emails got delivered – the mail.log file now has status=sent (250 Great success) entries.
I'm getting bounce when I send an email to a specific address using SES, from gmail the mail is delivered correctly
For Transient -> General AWS says The recipient's email provider sent a general bounce message. You might be able to send a message to the same recipient in the future if the issue that caused the message to bounce is resolved.
How can I fix the issue if I do not know the problem?
"eventType":"Bounce",
"bounce":{
"bounceType":"Transient",
"bounceSubType":"General",
"bouncedRecipients":[
{
"emailAddress":"{some_email}",
"action":"failed",
"status":"5.7.8",
"diagnosticCode":"smtp; 535 5.7.8 Error: blocked by Block Address check from 54.240.8.90"
}
],
"timestamp":"2019-07-03T19:48:56.445Z",
"feedbackId":"0100016bb962013a-6cd68815-3c51-4216-9946-50f01b923057-000000",
"reportingMTA":"dsn; a8-90.smtp-out.amazonses.com"
}
Not much you can do, seems like the recipient side is checking IP reputation and found that SES IP (sending IP) 54.240.8.90 is in the blacklist, it also sent you a bounce back with custom message "smtp; 535 5.7.8 Error: blocked by Block Address check from 54.240.8.90".
Seems like they're using SORBS SPAM .
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a54.240.8.90&run=toolpage
http://www.sorbs.net/cgi-bin/db
Couple of things you can try:
Remove the IP from SORBS by yourself (it may get added again)
Contact AWS to contact them to remove it from Blacklist.
Try dedicated IP pool.
I have set up a rule set for inbound emails in AWS SES. This inbound rule receives an email and a lambda function processes the email content.
This worked up until a couple of days ago when I started receiving the error message below when sending emails to the address connected to the inbound rule:
4.3.0 smtp; 451 4.3.0 This message could not be delivered due to a recipient error. Please try again later
However - the rule still triggers the corresponding lambda function which means that the email is actually delivered.
How can I prevent the server from sending this response?
Under Actions in Email receiving add a Stop rule set action where it should stop checking additional rules.
The lambda function that I thought was causing this was not the culprit in this case.
There was another rule in place which failed since it did not have access to the S3 bucket in which is was supposed to save incoming emails.
Lesson learned: This error message is sent back from the email server when an incoming SES rule fails to exit successfully.
If anybody comes across this in future and Karl's solution isn't the issue: I had this exact issue and it turned out the action ordering was causing the error.
If the Lambda function action was before the S3 action, it threw the 4.3.0 smtp; 451 4.3.0 This message could not be delivered due to a recipient error. Please try again later error, even though the flow worked as expected. If you swap them over so it is S3 then lambda, it works fine.
I don't have a ton of experience with Amazon SES. For a client of mine, I maintain a small subscription list (about 1300 people) and I use Amazon SES to send messages through from the WordPress blog that this group is subscribed to, whenever there is a new post. Every so often I get complaint notifications from Amazon, but there is no identifying info to tell me who the complaint is from so that I can remove them from my list. How can I use those emails (or some other part of SES) to effectively remove these recipients? I have no intention of sending to anyone who doesn't want to receive these emails (even if they have not unsubscribed on the blog directly), but I can find no way of addressing these complaints.
The messages contain (in addition to the content of the email), information like the following:
User-Agent: ReturnPathFBL/1.0
Abuse-Type: complaint
Arrival-Date: Thu, 17 Aug 2017 10:22:08 +0000
Feedback-Type: abuse
Version: 1
Source-IP: 54.240.27.23
Original-Rcpt-To: 8516be265e1454635b9a5885efb329a4#comcast.net
Original-Mail-From: 0101015defb6e57b-8068a1db-1011-407e-af0c-1bf96aa38c5f-000000#us-west-2.amazonses.com
Reported-Domain: comcast.net
UPDATE
This is maddening. I have now setup an endpoint on my server, and when subscribed to SNS topic I correctly receive logs that I have been subscribed. But then...NOTHING. I still get the useless emails, but I get zero SNS notifications, despite being verified. Still investigating.
UPDATE II
Success!! It turns out that setting up SNS (or email notifications) on the DOMAIN was meaningless. I had to set it up specifically on the EMAIL SENDING ADDRESS. This was CRUCIAL but not at all obvious (at least to me)
Your question been addressed in amazon blog.
https://aws.amazon.com/blogs/ses/tag/abuse-complaint/
Make sure you are following the procedure to handle bounces and complaints from amazon aws.