How to setup noreply#<domain> google Cloud Composer? - sendgrid

I am trying to use sendGrid with Google Cloud Composer and providing SENDGRID_MAIL_FROM value noreply-composer#domain (noreply-composer#gmail.com), while running the airflow dag receiving error 403: Forbidden
. I did some research and got to know that from should be verified in the sender list. But if I just want to send alert mail with noreply user, this username physically doesn't exist and can not be verified.
Does anybody know workaround for the same, so I can send the mail with noreply username?

Elaborating more to my comment, according to SendGrid documentation pages, each sender identity should be verified using either Domain Authentication or Single Sender Verification. Based on the intro of Single Sender Verification as of most common use case restriction:
You can send only from the address you verify rather than any address
on an authenticated domain.
With said this, you might have to validate email account ownership for each FROM email address entry.
Domain Authentication will probably help to overcome the above mentioned limitation, however it requires to edit DNS records of the domain provider name resolution service:
You can send from any email address on your authenticated domain.
After adding CNAME, TEXT or MX particular records to your DNS service, they need to be validated in SendGrid UI.
I encourage you to check out the relevant tutorial to give more essential outcome.

Related

Mail Forwarder with static sender address - the chicken-egg-problem

this is a pretty specific case, but it drives me crazy...
We recently migrated our email service to google workspace. We do have an invoice#mydomain.com address which earlier was configured to forward emails to someinbox#datev.com. someinbox is a mail upload feature for tax related invoices of our company. The problem started when i was trying to set up the mail filter in Gmail.
All emails with an attachment should be forwarded to someinbox#datev.com. To forward emails with Gmail, google needs to verify that I am allowed to forward to that specific address. It therefore now sends a confirmation email with a link to that address. that email is being sent by eg. noreply-forwarding#google.com, which is being rejected (550 5.7.1 Security policy violation: sender address not authorized). The problem is, datev only accepts emails from "verified sender addresses". It does that verification by also sending an email verification to that "verified sender address". Which in my case now becomes the noreply-forwarding#google.com, which I obviously not maintain and therefore i am unable to verify that address.
So I am unable to add the forwarding email address in Gmail, because of the sender google uses to verify the forwarding address.
We use google workspace, so I am able to use the pretty cool routing feature of Gmail. First I created an email-alias called datev#mydomain.com. I then setup a rule which simply changes the envelope-sender to someinbox#datev.com if the envelope-sender is datev#mydomain.com. that part works. If I send an email from the invoice#mydomain.com to datev#mydomain.com it changes datev#mydomain.com to someinbox#datev.com.
The next problem was, every forwarding (which the Gmail filter was doing) works by sending the same email to someinbox#datev.com while keeping the original sender. That also happened when I tried to do the same workaround by creating a new email forwarder (or even a mailbox) on a different domain without google workspace. I also tried it using posteo. The original sender is being used as the sender address and therefore datev rejects it. It wouldn't be possible to register all sender address as we get a lot of invoices from business partners.
Does anybody know or see a way of doing this? Aren't there any secure email forwarder which replace the sender address to the one of the forwarder instead of keeping the original one? I know, this is in most cases a pretty nice feature as you can see who the email originally sent, in my case it makes me nuts.

ASW SES not sending emails with no-reply#my.domain

I have a verified domain configured in SES. When I send an email with no-reply#my.domain, SES is not sending the email. If I use a valid email address from that domain, SES delivers them.
Does anyone know why this is happening? If my memory doesn't fail me, this used to work just fine as I've had this setup for years. Did something change recently in the AWS SES service?
I have looked for any mention regarding this and all I found is that the domain needs to be verified which it is.
Any help/insight would be greatly appreciated.
According to AWS SES documentation, such emails are hight not recommended
Avoid using a no-reply address, such as no-reply#example.com, as your
"From" or "Reply-to" address. Using a no-reply# email address sends
your recipients a clear message: that you aren't offering them a way
to contact you, and that you're not interested in their feedback.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/tips-and-best-practices.html
In addition to the domain being verified, the sender email address that you want to use should be verified too. AWS will send you a mail to this address to confirm that it exists. If it doesn't exist, you can create a email receiving rule that will save the email into S3. You can then dig the verification link from there.

Mail routing with mailgun

I'm setting mailgun route to xx#me.com to forward an email to a server at http://xxx:7000/reply.
I tested already the email route and it's fine as well as the server is up both in browser and using curl. However sending an email to xx#me.com still nothing happens.
There is already a similar question but nobody answered:
Can't recieve incoming mail with Mailgun
There are a few requirements for handling incoming emails with Mailgun.
Your account must be verified (email/SMS message)
The domain or subdomain must be added to the account.
SPF & DKIM must be verified and have MX records configured with Mailgun's values. Details for DNS record information
Route filters configured with the recipient domain or subdomain matching. (Example: Domain "bar.com" is added to the account. The expression can match_recipient("foo#bar.com"). If a subdomain is added, then it will need to match the subdomain, e.g. match_recipient("foo#mg.bar.com"))
The error from the linked question would be due to one of the above requirements wasn't fulfilled. A rejection of "550 5.7.1 Relaying denied" from Mailgun's incoming mail servers indicates a domain or subdomain has MX records pointed toward Mailgun's but the domain does not exist within an account.
**Disclaimer I work at Mailgun
I know this is 6 months old, but since I spent 4 hours trying to figure this out, I will share my solution:
There is another cause of the 5.7.1 Relaying denied message: My mailgun account wasn't verified. I saw someone suggest this but I figured they just meant that I had to verify the address I was forwarding to. Nope, when I logged in today I saw a banner at the top saying click here to resend your verification email. I did that, it went through a text message verification process, and all immediately started working!
I know this is quite a stale thread, but I also wanted to chime in here in hopes of saving folks a few hours of their life trying to solve the "550 5.7.1 Relaying denied" caper.
For me? It was what has plagued me on several occasions. I was able to verify via Gmail > 'Settings' > 'Accounts and Import' > 'Add another email address' only after I disconnected from my software-based VPN (Private Internet Access).
[Your sigh or wince here]
Now, go get it... make it happen. ;-)
If you're using MailGun with cPanel (for example, after following this tutorial) and you're getting the 550 5.7.1 Relaying denied error, make sure you're using the MailGun SMTP credentials given after adding your domain (as opposed to your MailGun username and password as the documentation suggests). That was the origin of my own problem.
Another reason for this error code may well be that you are trying to send stuff over SMTP whereas you've indicated on the sending properties of mailgun settings for your domain that you want to use the API...

Send email from my custom mailgun SMTP address

Sorry if I have not understood something but (I believe) I have searched enough for this.
First things first: I have successfully set up my domain (mydomain.gr) which has been verified.
I have created a custom SMTP address (contact#mydomain.gr).
I have created a route which forwards everything sent at *#mydomain.gr to my personal Gmail address.
Test 1: If I send an email from an external address (something#something.eu) to contact#mydomain.gr it is forwarded to my personal Gmail. OK!
Test 2: If I send from contact#mydomain.gr to any external address (something#something.eu) I get the error Free accounts are for test purposes only. Please upgrade or add the address to authorized recipients in Account Settings. Of course the password is correct while sending. Otherwise another error is raised.
I think I have missunderstood some things...
So here comes my question:
How can I send email from my custom SMTP email address? (I do not wish to upgrade my account since this -free- Mailgun account will handle very small amount of emails. So, 10K are more than enough for me.)
OK. After some emails with the mailgun team I finally figure it out!
All I had to do was to upgrade my account (just enter credit card info). Now I can send email from contact#mydomain.gr to anyone.
Thank you mailgun!
I have also contacted Mailgun for the issue and get response back within few minutes:
This error occurs whenever utilizing either a sandbox domain or a free account without inviting users called Authorized Recipients.
Sandbox domains always require Authorized Recipients. With free plans, which are intended for test usage, all custom domains require Authorized Recipients. With upgraded plans, which are intended for production usage, custom domains no longer require Authorized Recipients.
Please take a look at the following Help Center article for more information about the Authorized Recipient process:
https://help.mailgun.com/hc/en-us/articles/217531258-Authorized-Recipients
Then I have add the Authorize Recipients and it works like a champ!

JavaMail to send email out which server?

Here is my issue, I'm creating a website with a little login and resetting password. It's basic stuff, when user forget the password they can click the link and my application will send an email with a link to reset the password. Now, I'm using Google App to send/receive email so I created a new alias like noreply#company.com.
And I just got a confirm email from Google that I'm not allowed to use Google Server to send out email by JavaMail, because they do not support JavaMail as a mail client, the issue that I'm having is I'm getting AuthenticationException back from smtp.google.com.
Moreover, I'm using Amazon EC2 to host the application as well, and amazon provides SES service to send out emails. So, the question would be can I use Google App to host our company email for every employee, but can I still use Amazon SES to send out emails by JavaMail within the same domain name as we are using with Google Apps?. So, the emails that we'll be sending out would be noreply#company.com but will be from Amazon SES.
I'm not sure if I'm making this clear enough, my concern would be we redirect email MX Record to Google App already, I think we cannot redirect to Google and Amazon at the same time?
The application we are writing is based on Grails, so the email would be from Spring Email
Cheers,
Based on my usage of Amazon SES, you should be able to use the configuration you are suggesting without any issues. You do not need to add/change any MX record when using SES, because SES does not allow you to receive emails. It is only a service for sending (relaying) email messages, i.e., as far as I understood your needs, it will serve you perfectly, and your source email address will be the same as you use today.
When you sign up for SES and want to start sending test messages, you need to verify your source and destination email addresses before actually sending emails. You can achieve this verification through either scripting (ses-verify-email-address.pl) or API (VerifyEmailAddress on AWS SDK). After sending the verification request, you should receive an email address on the verified account. Just follow the message instructions and you can safely send some test messages.
When you are satisfied with your testing, you should request production access, and after this step, you no longer need to perform verification on destination e-mail addresses.
In order to call the API, I think you can use the AWS SDK for Java without problems in your application.
See more on:
http://aws.amazon.com/ses/
http://aws.amazon.com/sdkforjava/