AWS SES Signature Version 4

Hi,

we are already using the signature version 4 and we will also switch to the official AWS SDK in one of the next releases, which does that automatically as well, so this should not be an issue when they deprecate the old version 3.

Thanks and have a nice day!

Hi @nikdow,

I’ve only seen this post now and I forgot to update it…

As it turns out the library that we are currently using in the plugin for AWS SES integration is not supporting the Signature version 4. Sorry for the confusion in my above reply.

In our next release targeted at around mid September, we’ll be switching to the official AWS PHP SDK library.

This will guarantee that the requests are signed correctly with the new signature version 4.

The plugin settings will remain the same since the “Access Key ID” and “Secret Access Key” are needed to produce the new signature as well. They are just used differently to generate the v4 signature.

So the only thing you’ll have to do is update to that version of the plugin and send a test email.

Sorry again for the misinformation in the above reply.

Have a nice weekend!

Hi @capuderg, is this fixed already in WP Mail SMTP PRO version 2.4.0? Do I need to do sth or upgrade the plugin will fix this issue? I am using a PRO version

• This reply was modified 4 years, 2 months ago by minhtran91.

Hi @minhtran91,

yes in the version 2.4.0 we switched to the official AWS PHP SDK library and it’s using the v4 signature for SES requests.

You should update to this latest version of the plugin and it should work OK.

Let me know if anything is not working as it should.

Take care!

While using your plugin with AWS SES configured as the sender, I just go this error from AWS:

`Hello,

Amazon Simple Email Service (SES) had extended support for Signature Version 3 to February 28th, 2021. To continue to use Amazon SES, you must migrate to Signature Version 4 which offers enhanced security for authentication and authorization of Amazon SES customers.

We have identified that, between 2021-03-08 and 2021-03-15, your AWS account 37732428XXXX used Signature Version 3 to call Amazon SES APIs in the us-west-2 Region.

Your Signature Version 3 requests were identified to be originating from:
– IAM Users: arn:aws:iam::37732428XXXXX:user/emailer
– IPs: 54.185.220.XXX, 34.216.201.111
– User Agents: SimpleEmailService/php

Your Signature Version 3 requests were identified to be using the following SES actions:
– APIs: SendRawEmail

Example Request ID using Signature Version 3: d2697150-b3f9-4b6b-a369-c989054f085d

You can identify API requests that use Signature Version 3 by looking at the request headers. Requests that use the Signature Version 3 resemble the following example (note the “AWS3”):
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE,Algorithm=HMACSHA256,Signature=lBP67vCvGl …

To move to Signature Version 4:
– If you are self-signing your requests, refer to our documentation for Authenticating requests to the Amazon SES API [1] and creating a canonical request for Signature Version 4 [2].
– If you are not self-signing your requests, simply update your SDK/CLI to the latest version.`

Can you please assist me in resolving?

We have version 2.6.0 of the plugin and are a pro subscriber.

Hi James,

we switched to the official AWS PHP SDK library in version 2.4.0 of our plugin which uses the version 4 signature. It looks like you might be using the old version of our plugin (v2.3.x or lower), which used a library with the SimpleEmailService class or a totally different implementation on some other site?

Do you have multiple WP sites using the same AWS user? I would recommend checking all of those sites.

The emails on your main site are sending OK with our Amazon SES mailer, right?

Take care!

I think you might be right, might have been another older install. Will monitor and come back if continues.

Hi I am using Amazon Web Services plugin for wordpress site, i recieved a mail to migrate Signature Version 4, what Can I do?
currently plugin version is 1.0;
when I update latest plugin version I can see is Version: 1.0.5.
to fix migrate Signature Version 4 issue, should I update to latest version i.e 1.0.5

plugin which I am using is:
Amazon Web Services
(7total ratings)
Houses the Amazon Web Services (AWS) PHP SDK v2 libraries and manages access keys.

• This reply was modified 3 years, 7 months ago by naveenautkoor.

Hi @naveenautkoor,

this is a forum thread for the WP Mail SMTP plugin, where we offer the integration with the AWS SES product to send emails (in our Pro version of the plugin).

It looks like you are using the “Amazon Web Services” plugin, so you would have to contact their support, but it looks like that plugin was not updated in a while, so I don’t think they support the Signature Version 4.

I would recommend switching to a different email sending plugin.

Take care!