Receiving Email is not working in Amazon SES

Asked 8/9, 2017 at 9:33 Answered 7/5 at 2:0

amazon-web-services amazon-s3 amazon-ses

I tried to access the email and tried to store email in S3 bucket but it is not working.

SES configuration:

domain verified
email address verified
created rule set in rule set Recipient has provided
In S3 action bucket name given
AMAZON_SES_SETUP_NOTIFICATION has received.

After that if I receive any email from particular recipient it is not stored in S3.

Hama answered 8/9, 2017 at 9:33 Comment(8)

Have you found any solution? – Marva 6/12, 2017 at 4:35

Did you find a solution? I am encountering the same problem – Dundalk 14/12, 2017 at 18:47

while doing domain verification DKIM setting has to verify – Hama 19/12, 2017 at 6:17

It is convoluted. I can't verify the email address as the domain was set up in Route 53 - there are no mail servers to receive the verification mail and I can't receive in thunderbird for probably the same reason that verification mail doesn't appear in the S3 bucket.. – Scotney 7/1, 2018 at 0:15

Did anyone find a solution? I also facing the same problem. – Radices 3/5, 2018 at 10:23

I found a solution and posted the answer. – Edraedrea 28/6, 2018 at 2:22

Any solution for this? – Samathasamau 7/8, 2020 at 2:19

any updates on that one? having the same issue, checked everything at least 5 times - no chance of receiving mails. the "solution" below does not apply for my use-case – Tribadism 13/11, 2022 at 23:29

If you are using Route53 for your domain management, you may have forgotten to set up MX record for it.

Here is an instruction of how to do it.

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-mx-record.html

Edraedrea answered 28/6, 2018 at 2:22 Comment(1)

#76400138 could you please help me with this issue? – Charlyncharm 4/6, 2023 at 19:14

TL;DR

Don't add AWS's MX record to an existing MX record; you need to create a new MX record with a domain that you're not currently using for emails.

Background

I wasn't entirely familiar with MX records and SES, and I already had an MX Record-Set in AWS Route53, I'm using GMAIL (G Suite).

So I followed all the necessary steps - SES-Receive-Inbound-Emails AWS Blog Post - and I still didn't understand why I don't see new emails in my S3 bucket; I could only see AMAZON_SES_SETUP_NOTIFICATION in the bucket.

As already mentioned in previous answers, you must add the AWS's MX record to receive emails, that will eventually be stored in your S3 bucket.

Lesson learned

Having multiple MX records in the same Record-Set is for backup purposes only. If the server is unreachable, it moves on to the next record on the list. Do not expect the email to be received by all the MX records, that will never happen.

Bad Solution

1 ASPMX.L.GOOGLE.COM
5 ALT1.ASPMX.L.GOOGLE.COM
5 ALT2.ASPMX.L.GOOGLE.COM
10 ALT3.ASPMX.L.GOOGLE.COM
10 ALT4.ASPMX.L.GOOGLE.COM
10 inbound-smtp.eu-west-1.amazonaws.com # <-- added this one

I also tried changing the priority of AWS MX from 10 to 1, which is silly, since I still want to receive emails to my mailbox via GMAIL.

Good Solution

Create a new aliased-subdomain and use it for SES.

Here's how:

Assuming I own mydomain.com, and my email address is [email protected], I want to use the aliased-subdomain ses.mydomain.com
Add the aliased domain in your GSuite - Login with Admin account and go to Admin Console > Domains > Follow the steps - Add a domain alias > verify and confirm ownership > Domain Name provider = Other
Create a TXT record in AWS Route53 according to the guide in the previous step; this will verify that you own the aliased-subdomain

Back to AWS, Create a new Record-Set in Route53

- Name:  ses.mydomain.com # replace 'ses' if necessary
- Type:  MX
- Value: # this is temporary, we'll change it in the next steps
1 ASPMX.L.GOOGLE.COM
5 ALT1.ASPMX.L.GOOGLE.COM
5 ALT2.ASPMX.L.GOOGLE.COM
10 ALT3.ASPMX.L.GOOGLE.COM
10 ALT4.ASPMX.L.GOOGLE.COM

Setup SES to S3 - Follow the steps - SES-Receive-Inbound-Emails AWS Blog Post
- Verify the aliased-subdomain ses.mydomain.com
- Verify an email address - [email protected] - check your regular inbox [email protected] open the email from AWS and verify this email address by clicking the verification link
- Create a rule and add [email protected] as a recipient

Edit the previously created MX Record-Set in Route53

- Name:  ses.mydomain.com
- Type:  MX
- Value: 10 inbound-smtp.${AWS_REGION}.amazonaws.com  # replace ${AWS_REGION}

Send an email (from any mailbox) to [email protected] - you'll see the email in your S3 bucket! Object name is hashed, you need to download and change its extension to .eml

I hope this helps. I was banging my head for a few hours about this one.

Stench answered 18/6, 2020 at 14:59 Comment(4)

aws official guide doesn't mention half the things you have listed here. docs.aws.amazon.com/ses/latest/dg/… – Wartime 4/8, 2022 at 0:47

And what if I don't want to use the 'ses'-prefix in '[email protected]'? – Kalakalaazar 27/8, 2022 at 8:22

These solution save my day. I just add the MX record with the subdomain and and verified it and I was able to see the email in the S3 – Skidproof 24/10, 2023 at 3:11

For those that dont want to use prefix you can always use mail forwarding from primary inbox to ses prefixed sub domain specially if you have an existing email you want to use with external parties – Prothalamion 6/6 at 17:1

Just make sure that your rule set is shown in "Active rule set". Once you create the rule, it is by default goes into "inactive rule set" and you need to mark it is a "Set as a active rule set" and once you do that, it will go in the "Active rule set" section and it will be visible by clicking on "View Active Rule set" button.

Vincent answered 8/10, 2018 at 13:14 Comment(1)

#76400138 could you please help me with this issue? – Charlyncharm 4/6, 2023 at 19:15

In case anyone else's registrar has a confusing settings menu:

I the SES setup menu they show MX record name = your domain, value = 10 inbound-smtp.us-east-1.amazonaws.com. The "10" is meant to be the priority, I just copy/pasted it directly into the server field with my registrar, which was causing the record to be invalid.

Etherize answered 25/11, 2018 at 17:2 Comment(0)

The issue for me was that I had not made the rule set Active. Was losing my mind on the details of the setup but they were all correct.

Make sure you go to "View Active Rule Set" and ensure the inbound rule you created is listed there.

Schoolroom answered 24/5, 2020 at 13:53 Comment(3)

Please expand the answer, for example illustrate how to check if the rule set is active. Via the CLI or via the website. – Schmuck 24/5, 2020 at 14:20

This is the correct answer, as neither in the docs nor in the video has being mentioned. I had to contact the AWS support for this. What a shame... – Samathasamau 8/8, 2020 at 8:15

Just a bit more insight, when you create a ruleset, it doesn't automatically make it "active" even if it's the only one there. Hence, it requires a manual enabling – Nice 4/1, 2021 at 3:30

If anyone else is still having trouble with this, here are things to check:

All of your 'pieces' are on the same region (S3 bucket, Route53 hosted zone, SES configuration)
SES has the permission to write to the S3 bucket (see this tutorial)
Bucket name is the same name as your domain name
Route53 hosted zone has MX records, which are injected automatically by SES configuration. You just have to pay attention when you do the setup

Rotberg answered 10/8, 2018 at 18:55 Comment(1)

> Bucket name is the same name as your domain name Are you sure about this? It is not mentioned in the official tutorial – Samathasamau 7/8, 2020 at 1:50

You will want to verify the rule set you are working with is active. Go to SES and click "Rule Sets" under the email receiving section in the sidebar. Click the "View Active Rule Set" button. Make sure this is the rule set you are currently expecting to be used. To activate the rule set from the "Rule Sets" screen, click on the checkbox next to the rule set and click "Set as Active Rule Set".

Campman answered 20/3, 2019 at 20:50 Comment(0)

The MX record's hostname must end with "." like so:

10 inbound-smtp.us-east-1.amazonaws.com.

Otherwise the record's hostname will be suffixed by your domain name, which is not intended here.

Oarlock answered 18/7, 2019 at 11:14 Comment(1)

Are you sure about this? The official tutorial does not mention this and I added it automatically with Route53 and there was not "." – Samathasamau 7/8, 2020 at 1:52

I had the same problem at first. But I notice that the "access denied" was not a configuration question, but something related to access this information directly in the Browser. After downloading the file with "Aws Cli" through the Terminal in Visual Studio Code, I could read the data. Pay attention to activate the rule - in the SES Panel - because NOTIFICATION MESSAGE is something wrong there. ;)

Salomesalomi answered 21/5, 2019 at 21:30 Comment(0)

I'm not a expert, but in my expirience probably you have to assing privilegies to the bucket before SES can write elements, i was have similar problems at the begining, so i chose the option create Bucket in the action selection when configurating the rules, then the bucket is created automated with the permisions configured in correct way.

Pearson answered 11/1, 2018 at 18:34 Comment(0)

This might only be impacting very few folks out there, but just in case, the AWS Route53 GUI when I was editing an MX record was showing a dash (-) that was just showing the next line continuation of a record and not actually the character of that record value.

While this record looks correct, it is not, when you drag out the UI, there is no longer a dash so the value that looked correct was actually "10 inbound-smtp.us-west2.amazonaws.com". This amazingly was both when view and editing until I make the GUI area larger. Hope this helps someone out there!

Marchpast answered 7/5 at 2:0 Comment(0)

TL;DR

Background

Lesson learned

Bad Solution

Good Solution

Recommended topics

Hot tags