Sporadic error when sending email via AWS SES and CakePHP

Question

I have a script written in CakePHP 2.10.18 (running on php 5.6, I know, old stuff). The script is set up to use AWS SES as SMTP server, which most of the time works fine, but every once in a while, without changing the code at all, the sending will fail, providing the following error message: SMTP server did not accept the password.

This is the Email configuration in CakePHP:

public $SMTP_config = array(
            'transport' => 'Smtp',
            'host' => 'email-smtp.us-east-1.amazonaws.com',
            'port' => 587,
            'timeout' => 30,
            'username' => 'redacted',
            'password' => 'redacted',
            'client' => null,
            'log' => true,
            'returnPath' => 'my@email.com',
            'replyTo' => 'my@email.com',
            'tls' => true,
            'charset' => 'utf-8',
            'headerCharset' => 'utf-8'
    );

The email address used as the from (same as the return path and reply to) is verified with AWS, everything looks good in the AWS console, DKIM verification ok, the account is in healthy status...

I can't seem to find what's causing this, any ideas? Why would the password be rejected and then accepted just a few seconds later when I run the script again? Any help would be much appreciated.

Answer 1

I was facing exactly the same issue.

AWS support reported us the following solution (pretty simple, altough I could not find any documentation regarding this matter ).

I've just reviewed our logs (3 days after updating the credential's variables) and the issue has gone away.

Hope this works for you.

...

Any SMTP credential that were created before January 10, 2019 is using Sigv2 (Signature version 2) and credentials created after that will use SigV4 (Signature version 4) by default.

Signature version 2 has been deprecated in favor of Signature version 4. If you are receiving the "SMTP server did not accept the password." error in the PHP application, while using the above user credentials, I would suggest to create new set of credentials to make sure the use of Sigv4 auth. To create new SMTP credentials:

1.Sign in to the AWS Management Console and make sure to set the region where the identities are verified (us-east-1)

2.Open the Amazon SES console at https://console.aws.amazon.com/ses/ .

3.Choose SMTP settings in the left navigation pane - this will open the Simple Mail Transfer Protocol (SMTP) settings page.

4.Choose "Create SMTP Credentials" - the IAM console will open.

5.For Create User for SMTP, type a name for your SMTP user in the IAM User Name field. Alternatively, you can use the default value that is provided in this field. When you finish, choose Create in the bottom-right corner.

6.Expand Show User SMTP Security Credentials - your SMTP credentials are shown on the screen.

7.Download these credentials by choosing Download Credentials or copy them and store them in a safe place, because you can't view or save your credentials after you close this dialog box.

Answer 2

I had a similar problem and I discovered that the problem was that I was using an old SES user. When I ran some tests from the command line to test the SES connection it worked OK usually but every now and again (randomly) I would get the error shown in the image below. I created an new SMTP user to connect SES and the problem went away. Maybe I am naive but it seems that someone at AWS thought that a good way to deprecate a feature would be to make it cause intermittent failures randomly.

error message