Mautic 7.1 / SES hack

jeffg · May 9, 2026, 1:59am

Mautic 7.1 installed with Docker on Ubuntu. Install is about a week old and still in testing. I began receiving support emails from AWS saying DKIM keys were being created. CloudTrail showed that somehow the perpetrator had managed to expose the access key id from the Amazon IAM user. I had left that user with SES full instead of SES send only permissions. My mistake there, but the fact that they could expose the key is a problem.

Agent was Botocore 1.42.66 into AWS once they had the key.

jeffg · May 9, 2026, 3:35pm

This was resolved through additional hardening of the Ubuntu server. Still crazy to me that Mautic stores the AWS key in a plain text file.

Topic		Replies	Views
Configuring AWS SES in Mautic 5.1 Product Support	4	2109	August 12, 2024
Struggle to connect Amazon SES to Mautic 5.1 Mautic 5 Install/Upgrade Support	7	1607	March 7, 2025
Mautic 5.1.0 + AWS SES Product Support	0	467	July 30, 2024
Guide on how to properly configure Amazon aws with mautic Product Support	3	351	August 7, 2016
Issue setting up email using Amazone SES on Mautic 6 Mautic 6 Install/Upgrade Support community , discussion , email	4	982	December 24, 2025

Mautic 7.1 / SES hack

Related topics