Windows

Windows SMTP:腳本出站安全

  • June 24, 2019

在 PowerShell 中建構配置腳本以配置 Web 伺服器的 SMTP 服務以使用 AWS SES(簡單電子郵件服務)進行出站郵件傳遞。手動操作很容易,但是當我們進入一個負載平衡的世界時,我正在為它編寫腳本而苦惱。

我的主要挑戰似乎是打開基本身份驗證並提供信用。我似乎無法弄清楚那些可能是什麼 WMI 欄位…我認為 cred 欄位是RouteUserNameand RoutePassword,但似乎找不到正確的選項來打開 BasicAuth 來證明這一點。檢查 TLS 加密框也在逃避我。

我是否遺漏了一些明顯的東西,或者只是沒有使用正確的變數?

我正在努力解決的領域: 在此處輸入圖像描述

到目前為止我建構的範例腳本。中繼 IP 有效,RouteUserName 和 RoutePassword 欄位已確認設置。但其餘的是什麼?

$smtpuser = Get-SSMParameter -Name SMTP_User
$smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true
$smtpfqdn = "$env:computername.$env:userdnsdomain"

$SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting"
$RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )
$SmtpConfig.RelayIPList = $RelayIPList
$SmtpConfig.AllowAnonymous = $false
$SmtpConfig.AuthBasic = $true
$SmtpConfig.RouteUserName = $smtpuser.Value
$SmtpConfig.RoutePassword = $smtppass.Value
$SmtpConfig.AlwaysUseSsl = $true
$SmtpConfig.DefaultDomain = $smtpfqdn
$SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com"

$SmtpConfig.Put()

Restart-Service "SMTPSVC" -ErrorAction 

通過大量實驗解決。這是我腳本的相關部分。請注意,我將 SMTP 使用者憑據保存在 AWS Systems Manager 參數儲存中。

$smtpuser = Get-SSMParameter -Name SMTP_User
$smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true
$smtpfqdn = "$env:computername.$env:userdnsdomain"

Set-Service "SMTPSVC" -StartupType Automatic -ErrorAction SilentlyContinue
Start-Service "SMTPSVC" -ErrorAction SilentlyContinue

$SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting"
$RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )
$SmtpConfig.RelayIPList = $RelayIPList
$SmtpConfig.AuthFlags = "1"
$SmtpConfig.AuthBasic = $false
$SmtpConfig.RouteAction = "268"
$SmtpConfig.RouteUserName = $smtpuser.Value
$SmtpConfig.RoutePassword = $smtppass.Value
$SmtpConfig.AlwaysUseSsl = $true
$SmtpConfig.SmartHostType = "2"
$SmtpConfig.DefaultDomain = $smtpfqdn
$SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com"
$SmtpConfig.RemoteSmtpPort = "587"

$SmtpConfig.Put()

Restart-Service "SMTPSVC" -ErrorAction SilentlyContinue

引用自:https://serverfault.com/questions/971792