Signature V4???

Ditto that.

As I mentioned in the newer thread, Offload SES Lite is already using signature v4. I would check to see if you have any other plugins using Amazon, or perhaps an older version of Offload SES Lite or WP-SES.

Thank you @solarcat, that is my thread. I came back here after getting the same “nastygrams”.

I am going to assume that you have this setting enabled as I do:
“Send Mail Using SES – Route all outgoing emails through SES.”

I only use Offload SES Lite to send through Amazona SES; I don’t connect anything else to Amazon SES.

Now, I COULD check the headers to verify, but viewing the emails requires an upgrade. Considering the only reason I need to check the headers is that the plug-in seems to be not working properly, I can’t justify upgrading.

Maybe Amazon is wrong????

On a personal front, the upgrade is a little too pricey for my workloads (but I think I have donated in the past).

Here is the “nastygram” below, with all identifying information redacted (again, I only use Offload Liteto send through SES):

Hello,

Amazon Simple Email Service (SES) had extended support for Signature Version 3 to February 28th, 2021. To continue to use Amazon SES, you must migrate to Signature Version 4 which offers enhanced security for authentication and authorization of Amazon SES customers.

We have identified that, between 2021-03-22 and 2021-03-29, your AWS account ********** used Signature Version 3 to call Amazon SES APIs in the ******* Region.

Your Signature Version 3 requests were identified to be originating from:
– IAM Users: ********, *********
– IPs: **********, ***********
– User Agents: SimpleEmailService/php

Your Signature Version 3 requests were identified to be using the following SES actions:
– APIs: SendEmail

Example Request ID using Signature Version 3: **************

You can identify API requests that use Signature Version 3 by looking at the request headers. Requests that use the Signature Version 3 resemble the following example (note the “AWS3”):
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE,Algorithm=HMACSHA256,Signature=lBP67vCvGl …

To move to Signature Version 4:
– If you are self-signing your requests, refer to our documentation for Authenticating requests to the Amazon SES API [1] and creating a canonical request for Signature Version 4 [2].
– If you are not self-signing your requests, simply update your SDK/CLI to the latest version.

The Amazon SES team will update the request information weekly and will stop notifications once we identify that Signature Version 3 is no longer being used from your account.

[1] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-ses-api-authentication.html
[2] https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

Sincerely,
Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210.`

• This reply was modified 3 years, 7 months ago by makesitechanges.

@makesitechanges It looks like you have an older version of this plugin installed somewhere. I would double check all of your websites and make sure that you don’t have a plugin called “WP SES” installed somewhere, that is an older version of this plugin. Updating that to the latest version should be all you need to do to stop the nastygrams.

The information about the API requests provided in that email from Amazon point to it definitely being caused by that older version.

Hi there. I’m still getting these emails from AWS that I’m using Signature Version 3.

Is there something I can search for or validate to make sure I’ve upgraded correctly?