Mautic Community Forums

Mautic & Amazon SES-SNS bounce handling


I have configured SES and Mautic as described here:
Bounce management | Mautic

However, I’m not sure that bounce handling is actually working.
The segment that contains all bounced emails (Filtering Bounced - Emails equal Yes) has 0 contacts.

The SNS topic is confirmed.

Is there a webhook log or a log can help me identify what’s going on in the background with the Amazon SNS?

Or any other log for that matter?


My Mautic version is: 4.1.0
My PHP version is: 7.4.27
My Database type and version is: MySQL 8.0.27

Same problem here and same configuration.
Let me add some information.

when I edit SNS in the log file I can see this entries:

[2022-01-02 11:23:15] mautic.NOTICE: PHP Notice - Undefined index: Type - in file /mnt/BLOCKSTORAGE/home/ - at line 156 {“payload”:{“notificationType”:“AmazonSnsSubscriptionSucceeded”,“message”:“You have successfully subscribed your Amazon SNS topic ‘arn:aws:sns:us-east-1:4x9587392918:xxxBounceComplaints’ to receive ‘Bounce’ notifications from Amazon SES for identity ‘’.”},“type”:“AmazonSnsSubscriptionSucceeded”}
[2022-01-02 11:23:15] mautic.WARNING: Received SES webhook of type ‘’ but couldn’t understand payload

Also Cloudwatch confirm that SNS is working successfully

No idea how to deal … right now added forward to email and fetching using old email this is working

Additional test:

  • Moved to a different region (eu-central-1) nothing changed
  • In my configuration Cloudflare is between
  • Setting up debug mode NO ERROR and NO COMMUNICATION from SNS

You need to be in the same region for SNS and SES. I assume it was the same in the beginning.

Yes Joeyk, they are synced so in domain1 they are in N. Virginia (for both SES and SNS)and domain2 is in eu.central (for both SES and SNS)

The notification are verified so, I presume, communication is established. also cloudwatch show that notification are successfully delivered. Seems that mautic is fully ignoring that information.

I’m worried about this:
Received SES webhook of type ‘’ but couldn’t understand payload

Me too. Any additional test or place to look for information? the most frustrating thing is not finding any error or information …

Do the bounce configuration have any impact in
Configuration->Email>Bounce settings if we are using API , should no in my understanding.

The only workaround is to work using IMAP in bounce management.
not efficient and very slow … hopefully, we’ll find a solution since we would like to stay with Mautic after all the time we have invested in preparing the environment.

Any idea? Next step is give up with aws

I’m having the same issue. I checked the logs for SNS and the message is being sent correctly, with a 200 response from mautic:
“notification”: {
“messageId”: “88f3827b-58f9-4315-9aca-123456789”,
“topicArn”: “arn:aws:sns:eu-west-1:1234567899:bounces”,
“timestamp”: “2022-01-11 05:19:21.594”
“delivery”: {
“deliveryId”: “xyz”,
“destination”: “”,
“providerResponse”: “OK”,
“dwellTimeMs”: 317,
“attempts”: 1,
“statusCode”: 200
“status”: “SUCCESS”

But there is nothing in my logs in Mautic (System Information > Logs) and the contacts aren’t being flagged.

I don’t have any Monitored Inbox Settings set as I am using the Amazon_API setup.

Any idea where to look to see if things aren’t set up correctly?

I can confirm, that something is off with the bounce management. I’m trying to get more logs.
I does work with emails sent from M3 versions, but M4 seems not to work. It is not the capturing events, but my theory is, that we are sending wrong, and this is why the data is not coming back right.

I’m doing some tests now, soon back with results.

1 Like

I set up a log for all incoming json notifications from amazon sns.

There are 2 major type of bounces.

Part 1: Permanent

In case of permanent failure this arrives from SNS:

  "Type" : "Notification",
  "Message" : "{\"notificationType\":\"Bounce\",\"bounce\":{\"bounceType\":\"Permanent\",\"bouncedRecipients\":[{\"emailAddress\":\"\",\"diagnosticCode\":\"smtp; 550 no such address here\"}]},\"mail\":{\"destination\":[\"\"]}}"

If you want to test if it works, you can do it by POST curl to https://yourdomain/mailer/amazon_api/callback

with the JSON body above.
Choose an email address existing in your system and NOT in the lead_donotcontact table.
Once you post this content to the right URL, a new entry will be added to the table and the person will have a DNC, similar to this:


Important to know: the json feedback is not coming right away from Amazon SNS, as they also need to get some answer from the postbox of the recipient. This makes it really hard to test.

Part 2:

In case of temporary, or so calles Transient failure you would see something like this:

  "Type" : "Notification",
  "Message" : "{\"notificationType\":\"Bounce\",\"bounce\":{\"bounceType\":\"Transient\",\"bouncedRecipients\":[{\"emailAddress\":\"\",\"diagnosticCode\":\"smtp; 552 5.2.2 Quota exceeded (mailbox for user is full)\"}]},\"mail\":{\"destination\":[\"\"]}}"

But after posting this, I can’t see any trace of this notification in Mautic. It would be logical, that the bounce info is saved in the DNC table as softbounce, but I couldn’t find any info related. Also no new entries in lead_event_log.

Great work Joeyk,
probably the community need to open an issue on this?!
how we can support?

Thanks @joeyk for tagging me in this issue. Let me clarify how the callback function works, I think it would explain the issue:

  1. There is no distinction between soft and hard bounces in the callback, any SNS notification Mautic gets will mark the contact as DNC. Personally, I do not think soft bounces should not be marked as DNC after the first attempt. but because of the complexity of implementation, I made it mark contacts as DNC when a soft bounce happens.

  2. In case you are using ConfigSets in SES, there is no need to configure callbacks from the domain as described in the documentation. just configure the ConfigSet to use SNS. Using ConfigSet and Domain Callbacks will make the JSON object returned to Mautic to who wrong dataset and Mautic will halt.

  3. Becasue you are great, you will go to this PR and review it (fix SES API limits by mabumusa1 · Pull Request #9735 · mautic/mautic · GitHub)

@massimo0307 Please follow these steps just to be sure:

  1. Disable Include Original Headers, in the domain (in your case email address)
  2. Make sure that you are sending from the verified email, if you are sending from the same domain that the verified email is on, you need to add SNS to that domain as well

Thanks - how do I go about setting up a log like this? It works like you said when I curl post but I have emails that should be triggering a permanent failure and they are not getting updated. I’d like to see what amazon is sending.

I wrote a script that captures the incoming payload and writes the log.
You need to code the SNS topic verification part as well in order to be able to register with SNS.
My code is really messy and many things hard coded, let me clean it up and post it here or on my page.

Already done in previous testing with 0 success.
0 bounce while complains seems working.

I just tested the code on the latest version, it works as expected.

to test create a contact with email, and then send a request with the below payload which I took from the test case

    "Type": "Notification",
    "MessageId": "7c2d7069-7db3-53c8-87d0-20476a630fb6",
    "TopicArn": "arn:aws:sns:eu-west-1:918057160339:55hubs-mautic-test",
    "Message": "{\"notificationType\":\"Bounce\",\"bounce\":{\"bounceType\":\"Permanent\",\"bounceSubType\":\"General\",\"bouncedRecipients\":[{\"emailAddress\":\"\",\"action\":\"failed\",\"status\":\"5.1.1\",\"diagnosticCode\":\"smtp; 550 5.1.1 <>: Recipient address rejected: User unknown in virtual alias table\"}],\"timestamp\":\"2016-08-17T07:43:12.776Z\",\"feedbackId\":\"0102015697743d4c-619f1aa8-763f-4bea-8648-0b3bbdedd1ea-000000\",\"reportingMTA\":\"dsn;\"},\"mail\":{\"timestamp\":\"2016-08-17T07:43:11.000Z\",\"source\":\"\",\"sourceArn\":\"arn:aws:ses:eu-west-1:918057160339:identity/\",\"sendingAccountId\":\"918057160339\",\"messageId\":\"010201569774384f-81311784-10dd-48a8-921f-8316c145e64d-000000\",\"destination\":[\"\"]}}",
    "Timestamp": "2016-08-17T07:43:12.822Z",
    "SignatureVersion": "1",
    "Signature": "GNWnMWfKx1PPDjUstq2Ln13+AJWEK/Qo8YllYC7dGSlPhC5nClop5+vCj0CG2XN7aN41GhsJJ1e+F4IiRxm9v2wwua6BC3mtykrXEi8VeGy2HuetbF9bEeBEPbtbeIyIXJhdPDhbs4anPJwcEiN/toCoANoPWJ3jyVTOaUAxJb2oPTrvmjMxMpVE59sSo7Mz2+pQaUJl3ma0UgAC/lrYghi6n4cwlDTfbbIW+mbV7/d/5YN/tjL9/sD3DOuf+1PpFFTPsOVseZWV8PQ0/MWB2BOrKOKQyF7msLNX5iTkmsvRrbYULPvpbx32LsIxfNVFZJmsnTe2/6EGaAXf3TVPZA==",
    "SigningCertURL": "",
    "UnsubscribeURL": ""


Ehy can you share how you get this information? I’ll test with the email offered by amazon for this kind of tests

This is the first time I see the address, we test using the simulator of SES

For JSON Payload samples, you can find them here