Why does postfix on AWS give me "Invalid MAIL FROM address provided"? I have production access

amazon-web-services email postfix

I'm running the postfix mail server on my AWS box. My domain is mydomain.com. I have set up virtual mapping such that emails sent [email protected] should be forwarded to [email protected].

I have used Amazon SES to verify certain email addresses. When emails from those verified addresses are sent to [email protected], it properly forwards them to [email protected]. However, when emails from non-verified addresses try to do the same, it fails. It fails even though I have been granted production access to Amazon SES.

Below are the logs from my postfix during this failure. You can clearly it says Message rejected: Email address is not verified. Why? And how can this be resolved?

Oct 24 01:25:49 ip-172-XX-XX-XX postfix/smtpd[20215]: connect from mail-yh0-f50.google.com[209.85.213.50]
Oct 24 01:25:49 ip-172-XX-XX-XX postfix/smtpd[20215]: CCC61FA93: client=mail-yh0-f50.google.com[209.85.213.50]
Oct 24 01:25:49 ip-172-XX-XX-XX postfix/cleanup[20236]: CCC61FA93: message-id=<CAN+z9YGrkNunh9ueJ-i=9eNpV5QAK97Z9muVHATfACbG7gWgYw@mail.gmail.com>
Oct 24 01:25:49 ip-172-XX-XX-XX postfix/qmgr[20120]: CCC61FA93: from=<[email protected]>, size=2295, nrcpt=1 (queue active)
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/smtpd[20215]: disconnect from mail-yh0-f50.google.com[209.85.213.50]
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/smtp[20237]: CCC61FA93: to=<[email protected]>, orig_to=<[email protected]>, relay=ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com[54.69.13.41]:25, delay=0.47, delays=0.21/0.01/0.12/0.13, dsn=5.0.0, status=bounced (host ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com[54.69.13.41] said: 554 Message rejected: Email address is not verified. (in reply to end of DATA command))
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/cleanup[20236]: 3D156FA95: message-id=<[email protected]>
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/qmgr[20120]: 3D156FA95: from=<>, size=4332, nrcpt=1 (queue active)
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/bounce[20238]: CCC61FA93: sender non-delivery notification: 3D156FA95
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/qmgr[20120]: CCC61FA93: removed
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/smtp[20237]: 3D156FA95: to=<[email protected]>, relay=ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com[54.187.176.120]:25, delay=0.11, delays=0/0/0.1/0, dsn=5.0.0, status=bounced (host ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com[54.187.176.120] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))
Oct 24 01:25:50 ip-172-XX-XX-XX postfix/qmgr[20120]: 3D156FA95: removed

Production SES access doesn't give you unrestricted ability to send mail from any address. It only raises limits on the number of e-mails you can send, etc., as per Limits in Amazon SES.

Maybe you were confused by this page, which states "Emails can be sent only from verified email addresses or domains." This is also true for Production SES access; maybe it wasn't in the past. See the "Sender and Recipient Limits" section of Limits in Amazon SES.


I recieved this related(?) message

Mail command failed: 501 Invalid MAIL FROM address provided

While mailing with githubactions dawidd6/action-send-mail@v2 using SES.

Changing the from email from [email protected] to "User" <[email protected]> fixed it

Related

How to setup Handler Mapping for IIS 10 to serve mkv files?
Is there an adjectival form for "good etiquette"?
Word meaning "likely to cause controversy?"
Why isn't a definite article used before "a labyrinth"?
Can I use TL;DR in a formal email? [closed]
Respectful word that means "desiring power"
What is a good antonym for "commiserate"?
What’s a non-vulgar alternative for “covering one’s ***”? [duplicate]
Term for "pretending outrage to escape a conversation" [closed]
What do you call a '>' relation between two unknowns? [duplicate]
What is the correct word for a person whom I am interacting with?
Calling up a cat