Need help setting up SMTP with Amazon SES

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
User avatar
horseguards
Registered User
Posts: 74
Joined: Sun Oct 26, 2008 12:18 pm
Location: Mar del Plata [Argentina]
Name: P C

Need help setting up SMTP with Amazon SES

Post by horseguards » Mon Feb 04, 2019 2:35 am

I am trying to send my emails with Amazon SES, but so far I haven't been able to set it up properly. I have phpBB 3.2.4 with PHP 7.2.14

I found this https://stackoverflow.com/questions/889 ... -on-phpbb3, but following this article I haven't been able to send anything.

this is the info I get from Amazon:

server name: email-smtp.us-east-1.amazonaws.com
Port: 25, 465 or 587
Use Transport Layer Security (TLS): Yes
Authentication: Your SMTP credentials

Could anyone give me a hand with this?

Thanks!

User avatar
Lumpy Burgertushie
Registered User
Posts: 66559
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Need help setting up SMTP with Amazon SES

Post by Lumpy Burgertushie » Mon Feb 04, 2019 4:19 am

why are you trying to relay your email through amazons servers?

just use the php mail from your host.

create a email account at your host specifically for your board.
use that email in the email settings and do not check the use smtp box.

if that doesn't work, then check the smtp box and fill in the blanks using the smtp info from your host.

luck,
robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
horseguards
Registered User
Posts: 74
Joined: Sun Oct 26, 2008 12:18 pm
Location: Mar del Plata [Argentina]
Name: P C

Re: Need help setting up SMTP with Amazon SES

Post by horseguards » Mon Feb 04, 2019 1:37 pm

I want to send my newsletters thru AmazonSES, and I need to build reputation, so I will send all my transactional email thru them. A few thousand emails cost cents.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21420
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: Need help setting up SMTP with Amazon SES

Post by Mick » Mon Feb 04, 2019 2:29 pm

If you want to use SMTP you need the correct information from your mail provider. phpBB doesn't send email itself it uses whatever is available to it on the server and whatever information you've typed in the boxes of course. It could be that the host doesn't like what you've put in there or the information you've been given is wrong. Ask your host about the settings you've been given, they may be able to shed some light on it.
"The more connected we get the more alone we become" - Kyle Broflovski

User avatar
EA117
Registered User
Posts: 829
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Need help setting up SMTP with Amazon SES

Post by EA117 » Mon Feb 04, 2019 6:28 pm

I am not an Amazon SES user; just talking from generic SMTP perspective.

The first thing I would do is make sure credentials are no part of the issue. i.e. Put this same configuration into another SMTP client you're familiar with, and make sure you're able to send mail using the same settings. Since of course if it won't work there, you're just making things more difficult trying to additionally involve phpBB in the diagnosis process.

Once you know the DNS name and credentials are for sure being accepted and working, the next decision is which port and phpBB authentication method to attempt. This can ultimately be different than what "worked easily" in your alternate SMTP client test above. Since each SMTP client can support things slightly differently, including phpBB's built-in SMTP client (/includes/functions_messenger.php).

What I'm unsure of is best advice for encryption settings. Not "from a generic SMTP perspective", but specifically within phpBB. From what I can glean from functions_messenger.php, it appears that their SMTP client is going to attempt explicit TLS on any unencrypted connection, whether you asked it to or not. (i.e. Explicit TLS, where the STARTTLS command will be issued to begin negotiation.)

Which makes it unclear for me what to recommend in terms of benefit/functionality from specifying "tls://" as the protocol in the SMTP server name field. So you might want to try it "with and without"; i.e. the SMTP server specified with "tls://" prefixed on it, and also test separately without that or any other prefix specified. Presumably "ssl://" would also provide "implicit TLS" behavior, which requires encryption to be established before any commands are issued, as would be expected on port 465 / 2465. But "tls://" might behave that way too; I've not tested or investigated to confirm, and is why I'm equivocating in my response.

On top of all that, we also cannot assume your hosting service isn't outright blocking some of these ports for outbound connections. So one thing to keep an eye on is your phpBB error log, to see if "connection refused" or similar is being reported as the SMTP failure after you've made a particular change. (Talking about the error log visible from the ACP Maintenance tab in phpBB.) "If" your host is blocking anything at all, it's likely the common ports, such as 25 and 465 and 587. The 2465 and 2587 ports might have a better shot at avoiding having been blocked, but probably still common enough they may be blocked too. if your host is thinking along these lines at all.

Seems to me the last time I looked at Amazon SES SMTP documentation, 80 was listed in the ports as well. That one would have the best chance of avoiding an outright port-level block, so you should try that one too if the others all prove to be blocked/refused. I've been ignoring port 25, because in addition to Amazon saying it will be throttled, that's one your host is likely to have blocked just from a best-practices standpoint, even if they didn't block any others. But I guess testing 25 should be the last-ditch effort, too.

To summarize and confirm the tests I'm describing here, many of which I'm sure you've probably already done:
  • Make sure you can rule out your SMTP credentials or server name as being any part of the issue, by making sure they work from an SMTP client independently outside of phpBB.
  • In phpBB, with those same credentials entered and "Use SMTP for email.." set to "Yes", try tls://email-smtp.us-east-1.amazonaws.com and port 587, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try ssl://email-smtp.us-east-1.amazonaws.com and port 465, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try tls://email-smtp.us-east-1.amazonaws.com and port 2587, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try ssl://email-smtp.us-east-1.amazonaws.com and port 2465, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try email-smtp.us-east-1.amazonaws.com (no protocol prefix) and port 587, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try email-smtp.us-east-1.amazonaws.com (no protocol prefix) and port 2587, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try tls://email-smtp.us-east-1.amazonaws.com and port 80, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try email-smtp.us-east-1.amazonaws.com (no protocol prefix) and port 80, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try tls://email-smtp.us-east-1.amazonaws.com and port 25, and confirm what if any errors appear in the log when attempting to send after making this change.
  • In phpBB, try email-smtp.us-east-1.amazonaws.com (no protocol prefix) and port 25, and confirm what if any errors appear in the log when attempting to send after making this change.
I'm not aware of anyone having created an extension that would attempt to invoke the Amazon SES APIs directly for phpBB mail sending tasks, so I expect we do indeed have to find a path to success using the SMTP interface.

Interested to hear what you figure out. Using the Amazon SES service has looked interesting to me, but neither my volume or my needs can currently justify the time needed to commit to it myself.

User avatar
horseguards
Registered User
Posts: 74
Joined: Sun Oct 26, 2008 12:18 pm
Location: Mar del Plata [Argentina]
Name: P C

Re: Need help setting up SMTP with Amazon SES

Post by horseguards » Mon Feb 04, 2019 10:49 pm

Thanks!

I got this PM from a seasoned phpBB developer. Could this be the cause?
Dion wrote:I saw your post on phpbb.com about SMTP. There are two bugs in the SMTP support code in phpBB 3.1 and 3.2, and the staff/devs on phpbb.com seem to be too stubborn to recognize that there are problems with SMTP in phpBB. First, in many (most?) cases, phpBB 3.1+ sets TLS 1.0 with the stream_socket_enable_crypto() function. Many (most?) servers have upgraded their security and require at least TLS 1.1 or 1.2. The cause of this bug is described here:

https://secure.php.net/manual/en/functi ... php#119122

And second, a PHP warning will be generated on every email delivery attempt if the SMTP hostname starts with tls:// or ssl://. This is due to STARTTLS being hardcoded for SMTP in phpBB 3.1+, and TLS/SSL already being enabled via the hostname.

These bugs are why so many people submit support requests on phpbb.com that SMTP doesn't work.

User avatar
warmweer
Registered User
Posts: 2604
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: Need help setting up SMTP with Amazon SES

Post by warmweer » Mon Feb 04, 2019 10:54 pm

horseguards wrote:
Mon Feb 04, 2019 10:49 pm
I got this PM from a seasoned phpBB developer. Could this be the cause?
Do you have that user's permission to publish his PB?
My board's not broken, it just went peculiar

User avatar
horseguards
Registered User
Posts: 74
Joined: Sun Oct 26, 2008 12:18 pm
Location: Mar del Plata [Argentina]
Name: P C

Re: Need help setting up SMTP with Amazon SES

Post by horseguards » Mon Feb 04, 2019 11:02 pm

Yes, I do.

User avatar
EA117
Registered User
Posts: 829
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Need help setting up SMTP with Amazon SES

Post by EA117 » Tue Feb 05, 2019 12:43 am

horseguards wrote:
Mon Feb 04, 2019 10:49 pm
I got this PM from a seasoned phpBB developer. Could this be the cause?
Yes, it's possible one or both of those two things are happening. If you find a working email configuration before reaching the end of the bullet list of tests described earlier, all we can say for sure is that they aren't both happening.

If you aren't able to find a working configuration, then there is still work to do in order to prove whether it's one of these two issues or "something else" (like your hosting provider blocking all possible ports) that is the actual source of failure.

So at least from my perspective, it would still be interesting to know what you find in trying to address the points & conduct the tests listed in the earlier email. The "two known issues in phpBB's SMTP client" is certainly news I hadn't seen referenced elsewhere. But I don't think we can just assume "that must be the problem you are having, too."
Dion wrote:First, in many (most?) cases, phpBB 3.1+ sets TLS 1.0 with the stream_socket_enable_crypto() function. Many (most?) servers have upgraded their security and require at least TLS 1.1 or 1.2.
I'm not sure what this error would look like when reported through phpBB, since a connection (the non-encrypted one) was established successfully, but then the STARTTLS activity is what fails. It's not going to look like "connection refused", but I'm not sure what you will see.

If we see something other than "connection refused" in the errors reported in your phpBB log, maybe we will have to suspect &take measures to confirm whether Amazon SES' SMTP interface is refusing to degrade to TLS 1.0.

But if you're asking "should we assume this is the issue", I'd say the answer is no. The issue can still be something else, so we should follow the evidence (i.e. the previous tests & whatever error log entry they produce) and allow it to lead us back here, or allow it to lead us somewhere else.
Dion wrote:And second, a PHP warning will be generated on every email delivery attempt if the SMTP hostname starts with tls:// or ssl://. This is due to STARTTLS being hardcoded for SMTP in phpBB 3.1+, and TLS/SSL already being enabled via the hostname.
Interesting. Well I definitely ended up using a non-"ssl://", non-"tls://" SMTP server specification in my phpBB configuration, but I don't recall seeing an outright failure or PHP warning when attempting otherwise. Still, I agree with the assertion that "TLS is hard-coded in phpBB's SMTP client", and is what I had noted earlier from looking at the functions-messenger.php code, too.

Back when I looked for it, I wasn't able to find definitive information in PHP developer docs for what PHP was going to actually do with the "ssl://" and "tls://" prefixes when creating a connection. Its clear what the prefixes "mean" or imply, but I couldn't find definitive info, such as whether "tls://" would indeed perform and expect explicit TLS instead of implicit.

But perhaps it would make sense to just skip all the tests that would have put "ssl://" or "tls://" prefixes on your SMTP server name. Or at least leave those until last, since it sounds like if any of the listed configurations are going to succeed, it might be the ones without the explicit protocol prefix specified.

User avatar
horseguards
Registered User
Posts: 74
Joined: Sun Oct 26, 2008 12:18 pm
Location: Mar del Plata [Argentina]
Name: P C

Re: Need help setting up SMTP with Amazon SES

Post by horseguards » Tue Feb 05, 2019 3:57 am

Finally I have been able to config phpBB to send thru AmazonSES.

Dion was very kind sending me the instructions to modify /includes/function_messenger.php

Dion wrote:Here is the fixed starttls() function in includes/function_messenger.php:

Code: Select all

	protected function starttls()
	{
		global $config;

		// allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl://
		if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0)
		{
			return true;
		}
		if (!function_exists('stream_socket_enable_crypto'))
		{
			return false;
		}
		if (!isset($this->commands['STARTTLS']))
		{
			return false;
		}
		$this->server_send('STARTTLS');
		if ($err_msg = $this->server_parse('220', __LINE__))
		{
			return false;
		}
		$result = false;
		$stream_meta = stream_get_meta_data($this->socket);
		if (socket_set_blocking($this->socket, 1))
		{
			// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
			$crypto = (version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
			$result = stream_socket_enable_crypto($this->socket, true, $crypto);
			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
		}
		return $result;
	}
I will be sending from Europe (Ireland), so I had to config the email address, domain, etc for the right region.

server name: email-smtp.eu-west-1.amazonaws.com (no tls:// or ssh://)
port: 587
authentincation method: plain

thanks!

User avatar
EA117
Registered User
Posts: 829
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Need help setting up SMTP with Amazon SES

Post by EA117 » Tue Feb 05, 2019 5:53 am

Glad you found the solution, and that Dion saw your message here. I had to go re-read what the "PHP_VERSION >= 5.6.7" definition of STREAM_CRYPTO_METHOD_SSLv23_CLIENT was, but agree those changes make sense.

User avatar
EA117
Registered User
Posts: 829
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Need help setting up SMTP with Amazon SES

Post by EA117 » Wed Feb 06, 2019 11:26 pm

Just in case anyone is looking for a pre-edited copy of phpBB 3.2.5's functions_messenger.php which contains Dion's changes, there is now one attached here.

Also just to confirm what Dion's comments already imply, you do not want to include the ssl:// or tls:// prefixes on the SMTP server name, if your intention is to allow this TLS 1.2 negotiation to occur.

Post Reply

Return to “[3.2.x] Support Forum”