Smtp

SMTP IIS 中繼 - 附件在電子郵件正文中編碼

  • September 13, 2019

Server 2008 R2,MS IIS build 7.5 僅用作傳出 SMTP 中繼。會話/消息限制和附件限制設置為每個附件和會話 500 MB。附件大小在 10-20 KB 之間。

通過我們的 發送大量電子郵件時GoldMine CRM software,附件以 base64 編碼形式出現在正文中。如果我通過 Outlook 發送它,它工作正常。將帶有附件的電子郵件發送GoldMine給個人就可以了。僅在發送給多個收件人時。這也包括HTML基於電子郵件。HTML 將以純文字形式出現,而不是經過解析。

如果我更改傳出 SMTP 以使用我們的 ISP 的伺服器,該伺服器也是 IIS 7.5 中繼 (relay.somedomain.com – 66.110.xx),它會成功通過。

xmail*.myhosting.com 是我們用來接收電子郵件的第 3 方電子郵件託管服務提供商。我們停止使用它們作為傳出主機,因為我們經常被 RBL 列入黑名單。

這是電子郵件伺服器日誌:

#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2016-05-17 13:12:32
#Fields: date time c-ip cs-username s-computername s-ip s-port cs-method cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) 
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 EHLO +MAILSVR01.localdomain.com 250 0 231 36 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 MAIL +FROM:<me@ourdomain.com> 250 0 46 33 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email1@ourdomain.com> 250 0 35 32 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email2@ourdomain.com> 250 0 33 30 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email3@ourdomain.com> 250 0 32 29 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email4@ourdomain.com> 250 0 38 35 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email5@ourdomain.com> 250 0 37 34 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email6@ourdomain.com> 250 0 34 31 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 DATA +<SjQ5TkVLTShMNzFHJD5QNTk3ODk5NzEy@MAILSVR01> 250 0 130 43284 15 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 220+relay.COC.com+Microsoft+ESMTP+MAIL+Service,+Version:+7.5.7600.16385+ready+at++Tue,+17+May+2016+09:12:31+-0400+ 0 0 114 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 EHLO MAILSVR01.localdomain.com 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250-relay.somedomain.com+Hello+[66.110.xx.xxx] 0 0 39 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 MAIL FROM:<sender1@ourdomain.com>+SIZE=43574 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.0+sender1@ourdomain.com....Sender+OK 0 0 44 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email1@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email2@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email3@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email4@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email5@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email6@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email1@ourdomain.com+ 0 0 33 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email2@ourdomain.com+ 0 0 31 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email3@ourdomain.com+ 0 0 35 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email4@ourdomain.com+ 0 0 31 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.6.0+<RELAYbnGjke2bgzMnJt00001ab6@relay.somedomain.com>+Queued+mail+for+delivery 0 0 78 0 344 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 QUIT - 0 0 4 0 344 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 221+2.0.0+relay.somedomain.com+Service+closing+transmission+channel 0 0 60 0 344 SMTP - -
2016-05-17 13:12:34 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 QUIT MAILSVR01.localdomain.com 240 1794 79 4 0 SMTP - -

這是接收帶有標題的電子郵件的方式:

Return-Path: <myemail@ourdomain.com>
Delivered-To: myemail@ourdomain.com
Received: (qmail 26071 invoked from network); 17 May 2016 12:33:54 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on xsa04.softcom.biz
X-Spam-Level: 
X-Spam-DCC: : xsa04 1323; Body=1 Fuz1=1
X-Spam-Pyzor: 
X-Spam-Status: No, score=-0.1 hits=-0.1 required=5.0 tests=AWL,BAYES_00,
   MISSING_HEADERS,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.1
Received: from unknown (HELO relay.somedomain.com) ([66.110.xx.xx])
         (envelope-sender <myemail@ourdomain.com>)
         by xmail04.myhosting.com (qmail-ldap-1.03) with SMTP
         for <email1@ourdomain.com>; 17 May 2016 12:33:48 -0000
Received: from MAILSVR01.localdomain.com  ([66.110.xx.xx]) by relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385);
    Tue, 17 May 2016 08:30:14 -0400
Received: from MAILSVR01.localdomain.com  ([192.168.x.xx]) by MAILSVR01.localdomain.com with Microsoft SMTPSVC(7.5.7601.17514);
    Tue, 17 May 2016 08:30:15 -0400
Date: Tue, 17 May 2016 08:30:15 -0400
From: Travis <myemail@ourdomain.com>
Subject: Test Day 2 #1
Bcc:
Return-Path: myemail@ourdomain.com
Message-ID: <RELAYz2hW3BdeUJt3qL00001ab4@relay.somedomain.com>
X-OriginalArrivalTime: 17 May 2016 12:30:14.0665 (UTC) FILETIME=[DCECC790:01D1B037]

To:  ---redacted--
Message-ID: <SjQ5S09PSyFKWDEgJD5QNTk1MzYyNTEy@MAILSVR01>
Mime-Version: 1.0
Organization: Company Name
X-Mailer: GoldMine [2014.1.0.489]
X-GM-Attachments-Sync-Time: 20160517083014
Content-Type: multipart/mixed; boundary="nqp=nb64=()17phzZSPf"
Return-Path: myemail@ourdomain.com
X-OriginalArrivalTime: 17 May 2016 12:30:15.0874 (UTC) FILETIME=[DDA54220:01D1B037]

--nqp=nb64=()17phzZSPf
Content-Type: text/plain

Test day 2


--nqp=nb64=()17phzZSPf
Content-Type: image/jpeg; name="image9.jpeg"
Content-Disposition: attachment; filename="image9.jpeg"
Content-Transfer-Encoding: base64

/9j/4Q/+RXhpZgAATU0AKgAAAAgACwEPAAIAAAAGAAAAkgEQAAIAAAAJAAAAmAESAAMAAAAB
AAYAAAEaAAUAAAABAAAAogEbAAUAAAABAAAAqgEoAAMAAAABAAIAAAExAAIAAAAGAAAAsgEy
-----removed fluff to cut down for Server Fault character limit----
AKGhrCvfip8DkRkktNfYf9d7fj6/uqwm+K/wSBaSHT9dcdCDcwdPUYhqPrstbN/cy3RXl+B/
/9l=

--nqp=nb64=()17phzZSPf--

通過我們的 ISP 的 SMTP 成功發送電子郵件附件的標頭。

Subject:Test Day 2 #2
           Date:Tuesday, May 17, 2016 8:43 am
           From:Travis <myemail@ourdomain.com>
           To:<redcated recipients>
           Org:Western Plastics
           X-Mailer:GoldMine [2014.1.0.489]
           MIME Version:1.0
           MIME Type:multipart/mixed; boundary="nqp=nb64=()J6Ske6A0R"
           Message-id:<SjQ5TEtDMSA5QF9JJD5QNTk2MTgyODU4@MAILSVR1>
           Return-Path:<myemail@ourdomain.com>
           Delivered-To:myemail@ourdomain.com
           Received:(qmail 1683 invoked from network); 17 May 2016 12:47:28 
           -0000
           X-Spam-Checker-Version:SpamAssassin 3.3.1 (2010-03-16) on 
           xsa09.softcom.biz
           X-Spam-DCC:: xsa09 1323; Body=1 Fuz1=1
           X-Spam-Status:No, score=0.5 hits=0.5 required=5.0 
           tests=AWL,BAYES_50, RDNS_NONE,URIBL_BLOCKED autolearn=no 
           version=3.3.1
           Received:from unknown (HELO relay.COC.com) ([66.110.220.12])         
            (envelope-sender <myemail@ourdomain.com>)          by 
           xmail08.myhosting.com (qmail-ldap-1.03) with SMTP          for 
           <email1@ourdomain.com>; 17 May 2016 12:47:24 -0000
           Received:from MAILSVR1.localdomain.com ([66.110.xx.xx]) by 
           relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385);  Tue, 17 May 
           2016 08:43:54 -0400
           Return-Path:myemail@ourdomain.com
           X-OriginalArrivalTime:17 May 2016 12:43:54.0806 (UTC) 
           FILETIME=[C5C45D60:01D1B039]

           Attachments:\\192.168.x.x\MailBox\Attach\TRAVIS\image7.jpeg




Test Email 2

經過大量審查日誌文件後終於弄清楚了。

電子郵件客戶端正在發送DATA,但內部 SMTP 伺服器正在將其發送到智能主機BDAT,顯然這是一個潛在的 DDoS 問題,我猜在此過程中的某個地方它不允許它正確處理。我們的SonicWall防火牆也有可能在某種程度上搞砸了。

違規線路:

2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - -

所以解決方案是在本地 SMTP 伺服器上禁用 BDAT、BINARYMIME 和 CHUNKING。

信用/來源連結

https://adaptivethinking.wordpress.com/2010/12/21/smtp-esmtp-and-the-bdat-baddie/

https://joekiller.com/2007/09/19/bdat-causing-smtp-service-to-drop-email/


如果連結不再可用,這裡是他們概述的步驟。


Telnet 到郵件主機並發出ehlo命令。檢查伺服器返回的動詞。它應該有BINARYMIMECHUNKING列出。在這些步驟之後,您將沒有這些。


驗證BINARYMIMECHUNKING打開。

telnet localhost 25

Type ehlo

220 MAILSVR Microsoft ESMTP MAIL Service, Version: 7.5.76
01.17514 ready at  Tue, 14 Mar 2017 12:18:50 -0400
ehlo
250-MAILSVR Hello [168.1.1.1]
250-TURN
250-SIZE 51200000
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-BINARYMIME
250-CHUNKING
250-8bitmime
250-VRFY
250-TLS
250-STARTTLS
250 OK

安裝IIS6.0 資源工具包

打開IIS Metabase Explorer

導航LM\SmtpSvc\1

尋找SmtpInboundCommandSupportOptions

這裡的預設值為7697601. 我知道我想禁用 BINARYMIME 和 CHUNKING 動詞,所以使用此處的表格,我從以下內容中減去2097152(BINARYMIME) 和1048576(CHUNKING) 7697601

7697601 - (2097152 + 1048576) = 4551873

SmtpInboundCommandSupportOptions值設置為4551873


禁用 BDAT

導航LM\SmtpSvc

將值SmtpOutboundCommandSupportOptions從更改75

關閉IIS Metabase Explorer並重新啟動IIS Admin Service(這反過來又重新啟動Simple Mail Transfer Protocol(SMTP)服務)。

重複這些步驟以連接到伺服器,telnet並驗證它們已被刪除。如果他們沒有確保您\1在進行更改時位於子目錄中。

引用自:https://serverfault.com/questions/777277