Amazon SES - SMTP 错误状态代码 403：SignatureDoesNotMatch

Posted 2023-03-07

【中文标题】Amazon SES - SMTP 错误状态代码 403：SignatureDoesNotMatch

【英文标题】：Amazon SES - SMTP Error Status Code 403: SignatureDoesNotMatch

【发布时间】：2017-01-19 16:26:55

【问题描述】：

我创建了亚马逊跟踪帐户来测试 SES SMTP 服务，但出现以下错误

 [SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.


The Canonical String for this request should have been
'POST
/
host:email.us-west-2.amazonaws.com
x-amz-content-sha256:72ac6f1d5dc1a4218fc4076dea3277a8a676b15e2c5143229cb3503465817440
x-amz-date:20160912T084424Z

host;x-amz-content-sha256;x-amz-date
72ac6f1d5dc1a4218fc4076dea3277a8a676b15e2c5143229cb3503465817440'

The String-to-Sign should have been
AWS4-HMAC-SHA256
20160912T084424Z
20160912/us-west-2/ses/aws4_request
a1b9fe2e23bbd4456f9b2a8f4115bd84571b8ccbbf9612d2e6b9d330ca6975a7'
]
  message: 'The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n\'POST\n/\n\nhost:email.us-west-2.amazonaws.com\nx
-amz-content-sha256:72ac6f1d5dc1a4218fc4076dea3277a8a676b15e2c5143229cb3503465817440\nx-amz-date:20160912T084424Z\n\nhost;x-amz-content-sha256;x-amz-d
ate\n72ac6f1d5dc1a4218fc4076dea3277a8a676b15e2c5143229cb3503465817440\'\n\nThe String-to-Sign should have been\n\'AWS4-HMAC-SHA256\n20160912T084424Z\n
20160912/us-west-2/ses/aws4_request\na1b9fe2e23bbd4456f9b2a8f4115bd84571b8ccbbf9612d2e6b9d330ca6975a7\'\n',
  code: 'SignatureDoesNotMatch',
  time: Mon Sep 12 2016 14:14:27 GMT+0530 (India Standard Time),
  requestId: '1cc26156-78c5-11e6-8397-a55641b47b84',
  statusCode: 403,
  retryable: false,
  retryDelay: 55.79463441390544 

这是我正在使用的 NodeJS 脚本

var aws = require('aws-sdk');
var ses = new aws.SES(
    'accessKeyId': 'KEY',
    'secretAccessKey': 'SECRET',
    'region': 'REGION'
);
var eparam = 
    Destination: 
        ToAddresses: ['mirXXXX@gmail.com']
    ,
    Message: 
        Body: 
            html: 
                Data: '<p>Hello, this is a test email!</p>'
            ,
            Text: 
                Data: 'Hello, this is a test email!'
            
        ,
        Subject: 
            Data: 'SES email test'
        
    ,
    Source: 'mirXXXX@outlook.com',
    ReplyToAddresses: ['mirXXXX@outlook.com'],
    ReturnPath: 'mirXXXX@outlook.com'
;

ses.sendEmail(eparam, function (err, data) 
    if (err) console.log(err);
    else console.log(data);
);

请注意：

电子邮件 mirXXXX@outlook.com 和 mirXXXX@gamil.com 两者都经过验证。我的 SES 区域是 us-west-2

【问题讨论】：

您需要立即使这些 IAM 凭证（如果它们是真实凭证）失效，并且以后不要在网上发布您的密钥。这样做会使您承担潜在的严重责任，并可能使您的帐户受到损害。希望这是一个例子，但它看起来很真实。

【参考方案1】：

我遇到了同样的问题，我最终使用了类似于 tutorial 的 SMTP 设置，并从 2.6 -> 0.7.1 降级到发送邮件。某处存在某种配置问题，但在经过两天的特定 google 搜索后没有足够好的文档记录。