Hi, I’ve recently received this eMail from Amazon after previously (successfully) using PHP List with the “AWS_ACCESSKEYID/AWS_SECRETKEY/AWS_POSTURL” configuration parameters:
Amazon Simple Email Service (SES) had extended support for Signature Version 3 to February 28th, 2021. To continue to use Amazon SES, you must migrate to Signature Version 4 which offers enhanced security for authentication and authorization of Amazon SES customers.
We have identified that, between 2021-03-22 and 2021-03-29, your AWS account [REDACTED] used Signature Version 3 to call Amazon SES APIs in the eu-west-1 Region.
Your Signature Version 3 requests were identified to be originating from:
- IAM Users: arn:aws:iam::[REDACTED]:user/[REDACTED]
- IPs: [REDACTED]
- User Agents: phpList (phpList version 3.5.2, https://www.phplist.com/)
Your Signature Version 3 requests were identified to be using the following SES actions:
- APIs: SendRawEmail
Example Request ID using Signature Version 3: [REDACTED]
You can identify API requests that use Signature Version 3 by looking at the request headers. Requests that use the Signature Version 3 resemble the following example (note the "AWS3"):
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=[REDACTED],Algorithm=HMACSHA256,Signature=[REDACTED] ...
To move to Signature Version 4:
- If you are self-signing your requests, refer to our documentation for Authenticating requests to the Amazon SES API [1] and creating a canonical request for Signature Version 4 [2].
- If you are not self-signing your requests, simply update your SDK/CLI to the latest version.
The Amazon SES team will update the request information weekly and will stop notifications once we identify that Signature Version 3 is no longer being used from your account.
[1] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-ses-api-authentication.html
[2] https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
Sincerely,
Amazon Web Services
What does this eMail mean in my context, do I need to supply new values for the phpList config parameters from Amazon or is phpList’s SES functionality broken by this change?
Anything else I should know?