SMTP IIS 中繼 - 附件在電子郵件正文中編碼
Server 2008 R2,MS IIS build 7.5 僅用作傳出 SMTP 中繼。會話/消息限制和附件限制設置為每個附件和會話 500 MB。附件大小在 10-20 KB 之間。
通過我們的 發送大量電子郵件時
GoldMine CRM software
,附件以 base64 編碼形式出現在正文中。如果我通過 Outlook 發送它,它工作正常。將帶有附件的電子郵件發送GoldMine
給個人就可以了。僅在發送給多個收件人時。這也包括HTML
基於電子郵件。HTML 將以純文字形式出現,而不是經過解析。如果我更改傳出 SMTP 以使用我們的 ISP 的伺服器,該伺服器也是 IIS 7.5 中繼 (relay.somedomain.com – 66.110.xx),它會成功通過。
xmail*.myhosting.com 是我們用來接收電子郵件的第 3 方電子郵件託管服務提供商。我們停止使用它們作為傳出主機,因為我們經常被 RBL 列入黑名單。
這是電子郵件伺服器日誌:
#Software: Microsoft Internet Information Services 7.5 #Version: 1.0 #Date: 2016-05-17 13:12:32 #Fields: date time c-ip cs-username s-computername s-ip s-port cs-method cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 EHLO +MAILSVR01.localdomain.com 250 0 231 36 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 MAIL +FROM:<me@ourdomain.com> 250 0 46 33 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email1@ourdomain.com> 250 0 35 32 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email2@ourdomain.com> 250 0 33 30 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email3@ourdomain.com> 250 0 32 29 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email4@ourdomain.com> 250 0 38 35 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email5@ourdomain.com> 250 0 37 34 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email6@ourdomain.com> 250 0 34 31 0 SMTP - - 2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 DATA +<SjQ5TkVLTShMNzFHJD5QNTk3ODk5NzEy@MAILSVR01> 250 0 130 43284 15 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 220+relay.COC.com+Microsoft+ESMTP+MAIL+Service,+Version:+7.5.7600.16385+ready+at++Tue,+17+May+2016+09:12:31+-0400+ 0 0 114 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 EHLO MAILSVR01.localdomain.com 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250-relay.somedomain.com+Hello+[66.110.xx.xxx] 0 0 39 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 MAIL FROM:<sender1@ourdomain.com>+SIZE=43574 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.0+sender1@ourdomain.com....Sender+OK 0 0 44 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email1@ourdomain.com> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email2@ourdomain.com> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email3@ourdomain.com> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email4@ourdomain.com> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email5@ourdomain.com> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email6@ourdomain.com> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email1@ourdomain.com+ 0 0 33 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email2@ourdomain.com+ 0 0 31 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email3@ourdomain.com+ 0 0 35 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email4@ourdomain.com+ 0 0 31 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.6.0+<RELAYbnGjke2bgzMnJt00001ab6@relay.somedomain.com>+Queued+mail+for+delivery 0 0 78 0 344 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 QUIT - 0 0 4 0 344 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 221+2.0.0+relay.somedomain.com+Service+closing+transmission+channel 0 0 60 0 344 SMTP - - 2016-05-17 13:12:34 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 QUIT MAILSVR01.localdomain.com 240 1794 79 4 0 SMTP - -
這是接收帶有標題的電子郵件的方式:
Return-Path: <myemail@ourdomain.com> Delivered-To: myemail@ourdomain.com Received: (qmail 26071 invoked from network); 17 May 2016 12:33:54 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on xsa04.softcom.biz X-Spam-Level: X-Spam-DCC: : xsa04 1323; Body=1 Fuz1=1 X-Spam-Pyzor: X-Spam-Status: No, score=-0.1 hits=-0.1 required=5.0 tests=AWL,BAYES_00, MISSING_HEADERS,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.1 Received: from unknown (HELO relay.somedomain.com) ([66.110.xx.xx]) (envelope-sender <myemail@ourdomain.com>) by xmail04.myhosting.com (qmail-ldap-1.03) with SMTP for <email1@ourdomain.com>; 17 May 2016 12:33:48 -0000 Received: from MAILSVR01.localdomain.com ([66.110.xx.xx]) by relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385); Tue, 17 May 2016 08:30:14 -0400 Received: from MAILSVR01.localdomain.com ([192.168.x.xx]) by MAILSVR01.localdomain.com with Microsoft SMTPSVC(7.5.7601.17514); Tue, 17 May 2016 08:30:15 -0400 Date: Tue, 17 May 2016 08:30:15 -0400 From: Travis <myemail@ourdomain.com> Subject: Test Day 2 #1 Bcc: Return-Path: myemail@ourdomain.com Message-ID: <RELAYz2hW3BdeUJt3qL00001ab4@relay.somedomain.com> X-OriginalArrivalTime: 17 May 2016 12:30:14.0665 (UTC) FILETIME=[DCECC790:01D1B037] To: ---redacted-- Message-ID: <SjQ5S09PSyFKWDEgJD5QNTk1MzYyNTEy@MAILSVR01> Mime-Version: 1.0 Organization: Company Name X-Mailer: GoldMine [2014.1.0.489] X-GM-Attachments-Sync-Time: 20160517083014 Content-Type: multipart/mixed; boundary="nqp=nb64=()17phzZSPf" Return-Path: myemail@ourdomain.com X-OriginalArrivalTime: 17 May 2016 12:30:15.0874 (UTC) FILETIME=[DDA54220:01D1B037] --nqp=nb64=()17phzZSPf Content-Type: text/plain Test day 2 --nqp=nb64=()17phzZSPf Content-Type: image/jpeg; name="image9.jpeg" Content-Disposition: attachment; filename="image9.jpeg" Content-Transfer-Encoding: base64 /9j/4Q/+RXhpZgAATU0AKgAAAAgACwEPAAIAAAAGAAAAkgEQAAIAAAAJAAAAmAESAAMAAAAB AAYAAAEaAAUAAAABAAAAogEbAAUAAAABAAAAqgEoAAMAAAABAAIAAAExAAIAAAAGAAAAsgEy -----removed fluff to cut down for Server Fault character limit---- AKGhrCvfip8DkRkktNfYf9d7fj6/uqwm+K/wSBaSHT9dcdCDcwdPUYhqPrstbN/cy3RXl+B/ /9l= --nqp=nb64=()17phzZSPf--
通過我們的 ISP 的 SMTP 成功發送電子郵件附件的標頭。
Subject:Test Day 2 #2 Date:Tuesday, May 17, 2016 8:43 am From:Travis <myemail@ourdomain.com> To:<redcated recipients> Org:Western Plastics X-Mailer:GoldMine [2014.1.0.489] MIME Version:1.0 MIME Type:multipart/mixed; boundary="nqp=nb64=()J6Ske6A0R" Message-id:<SjQ5TEtDMSA5QF9JJD5QNTk2MTgyODU4@MAILSVR1> Return-Path:<myemail@ourdomain.com> Delivered-To:myemail@ourdomain.com Received:(qmail 1683 invoked from network); 17 May 2016 12:47:28 -0000 X-Spam-Checker-Version:SpamAssassin 3.3.1 (2010-03-16) on xsa09.softcom.biz X-Spam-DCC:: xsa09 1323; Body=1 Fuz1=1 X-Spam-Status:No, score=0.5 hits=0.5 required=5.0 tests=AWL,BAYES_50, RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.1 Received:from unknown (HELO relay.COC.com) ([66.110.220.12]) (envelope-sender <myemail@ourdomain.com>) by xmail08.myhosting.com (qmail-ldap-1.03) with SMTP for <email1@ourdomain.com>; 17 May 2016 12:47:24 -0000 Received:from MAILSVR1.localdomain.com ([66.110.xx.xx]) by relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385); Tue, 17 May 2016 08:43:54 -0400 Return-Path:myemail@ourdomain.com X-OriginalArrivalTime:17 May 2016 12:43:54.0806 (UTC) FILETIME=[C5C45D60:01D1B039] Attachments:\\192.168.x.x\MailBox\Attach\TRAVIS\image7.jpeg Test Email 2
經過大量審查日誌文件後終於弄清楚了。
電子郵件客戶端正在發送
DATA
,但內部 SMTP 伺服器正在將其發送到智能主機BDAT
,顯然這是一個潛在的 DDoS 問題,我猜在此過程中的某個地方它不允許它正確處理。我們的SonicWall
防火牆也有可能在某種程度上搞砸了。違規線路:
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - -
所以解決方案是在本地 SMTP 伺服器上禁用 BDAT、BINARYMIME 和 CHUNKING。
信用/來源連結:
https://adaptivethinking.wordpress.com/2010/12/21/smtp-esmtp-and-the-bdat-baddie/
https://joekiller.com/2007/09/19/bdat-causing-smtp-service-to-drop-email/
如果連結不再可用,這裡是他們概述的步驟。
Telnet 到郵件主機並發出
ehlo
命令。檢查伺服器返回的動詞。它應該有BINARYMIME
並CHUNKING
列出。在這些步驟之後,您將沒有這些。驗證
BINARYMIME
並CHUNKING
打開。:
telnet localhost 25
Type ehlo
220 MAILSVR Microsoft ESMTP MAIL Service, Version: 7.5.76 01.17514 ready at Tue, 14 Mar 2017 12:18:50 -0400 ehlo 250-MAILSVR Hello [168.1.1.1] 250-TURN 250-SIZE 51200000 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-BINARYMIME 250-CHUNKING 250-8bitmime 250-VRFY 250-TLS 250-STARTTLS 250 OK
打開
IIS Metabase Explorer
導航
LM\SmtpSvc\1
尋找
SmtpInboundCommandSupportOptions
這裡的預設值為
7697601
. 我知道我想禁用 BINARYMIME 和 CHUNKING 動詞,所以使用此處的表格,我從以下內容中減去2097152
(BINARYMIME) 和1048576
(CHUNKING)7697601
:
7697601 - (2097152 + 1048576) = 4551873
將
SmtpInboundCommandSupportOptions
值設置為4551873
禁用 BDAT
導航
LM\SmtpSvc
將值
SmtpOutboundCommandSupportOptions
從更改7
為5
關閉
IIS Metabase Explorer
並重新啟動IIS Admin Service
(這反過來又重新啟動Simple Mail Transfer Protocol
(SMTP)服務)。重複這些步驟以連接到伺服器,
telnet
並驗證它們已被刪除。如果他們沒有確保您\1
在進行更改時位於子目錄中。