symfony: Symfony Amazon SES Mailer does not work(Authentication issue)

Symfony version(s) affected: Symfony 5.0.8

Description
Symfony Amazon SES mailer not sending emails. Deprecated signature is used, we should migrate to Signature Version 4 signing process

Unable to send an email: The security token included in the request is invalid. (code 0).

Response from amazon

   +"Type": "Sender"
    +"Code": "InvalidClientTokenId"
    +"Message": "The security token included in the request is invalid."

it seems like they do not support V3 Authentication anymore, or something else. I tried with multiple different credentials and still, it does not work.

How to reproduce

        $email = (new Email())
            ->from('hello@mydomian.com')
            ->to(new Address('myemail@gmail.com'))
            ->subject('Thanks for signing up!')

            ->text('Hello')
            ->html('Hello');

        $this->mailer->send($email);

Config

framework:
    mailer:
        dsn: 'ses+api://KEY:SECRET@default?region=eu-central-1'

Possible Solution
Change Authentication to v4

Additional context
I tried to send emails with amazon PHP sdk

       $this->client = new SesClient([
            'credentials' => [
                'key' => 'KEY',
                'secret' => 'SECRET'
            ],
            'version' => 'latest',
            'region'  => 'eu-central-1'
        ]);

it does work, they are using V4 authorization(for more than two years).

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 19 (10 by maintainers)

Commits related to this issue

minor #15106 add a warning about Amazon SES signature (garak) This PR was merged into the 4.4 branch. Discussion ---------- add a warning about Amazon SES signature We need to warn users of Symfon... — committed to symfony/symfony-docs by OskarStark 3 years ago

Most upvoted comments

Symfony 5.1 already includes a new implementation of the SES transport, which uses the v4 signature rather than the v2 one.

So I’m closing this issue as being already solved by the next Symfony version.

stof on May 25, 2020

I tried it with Symfony 5.1 and got the same error. I checked the source code and it seems to me that it still uses the v2 signature. $auth = sprintf('AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=HmacSHA256,Signature=%s', $this->accessKey, $this->getSignature($date));

lnorby on Jul 17, 2020

Unfortunately, there is no way we can fix it in 4.4 as we never add a new feature in patch releases (and supporting this new feature is non trivial anyway). So, the only possibilities I see here is to upgrade to a newer version of Symfony or to switch to another email provider (or maybe try to upgrade only symfony/amazon-mailer to 5.2).

fabpot on Feb 25, 2021

since symfony 4.4 is still the last LTS, shouldn’t this issue be resolved for symfony/amazon-mailer 4.4 ?

719media on Feb 24, 2021

If you still facing this issue, you can fix it by installing a new lib composer require async-aws/ses and use ses+api But make sure to urlencode any special characters that you have in your secret key.

neok on Nov 12, 2020

This worked for me: ses+smtp://$AWS_MAILER_USER:$WS_MAILER_PASSWORD@default?region=eu-west-1 using symfony/amazon-mailer and after urlencode the password.

kundukundu on Jan 15, 2021

Sorry to blow up the closed thread, but the reason I commented above is because amazon is currently phasing out signature 2 on SES by March 27 or so, so this current LTS 4.4 will NO LONGER WORK with ses, so I would think it should be fixed in 4.4

719media on Feb 24, 2021