Windows
Windows SMTP:腳本出站安全
在 PowerShell 中建構配置腳本以配置 Web 伺服器的 SMTP 服務以使用 AWS SES(簡單電子郵件服務)進行出站郵件傳遞。手動操作很容易,但是當我們進入一個負載平衡的世界時,我正在為它編寫腳本而苦惱。
我的主要挑戰似乎是打開基本身份驗證並提供信用。我似乎無法弄清楚那些可能是什麼 WMI 欄位…我認為 cred 欄位是
RouteUserName
andRoutePassword
,但似乎找不到正確的選項來打開 BasicAuth 來證明這一點。檢查 TLS 加密框也在逃避我。我是否遺漏了一些明顯的東西,或者只是沒有使用正確的變數?
到目前為止我建構的範例腳本。中繼 IP 有效,RouteUserName 和 RoutePassword 欄位已確認設置。但其餘的是什麼?
$smtpuser = Get-SSMParameter -Name SMTP_User $smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true $smtpfqdn = "$env:computername.$env:userdnsdomain" $SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting" $RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 ) $SmtpConfig.RelayIPList = $RelayIPList $SmtpConfig.AllowAnonymous = $false $SmtpConfig.AuthBasic = $true $SmtpConfig.RouteUserName = $smtpuser.Value $SmtpConfig.RoutePassword = $smtppass.Value $SmtpConfig.AlwaysUseSsl = $true $SmtpConfig.DefaultDomain = $smtpfqdn $SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com" $SmtpConfig.Put() Restart-Service "SMTPSVC" -ErrorAction
通過大量實驗解決。這是我腳本的相關部分。請注意,我將 SMTP 使用者憑據保存在 AWS Systems Manager 參數儲存中。
$smtpuser = Get-SSMParameter -Name SMTP_User $smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true $smtpfqdn = "$env:computername.$env:userdnsdomain" Set-Service "SMTPSVC" -StartupType Automatic -ErrorAction SilentlyContinue Start-Service "SMTPSVC" -ErrorAction SilentlyContinue $SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting" $RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 ) $SmtpConfig.RelayIPList = $RelayIPList $SmtpConfig.AuthFlags = "1" $SmtpConfig.AuthBasic = $false $SmtpConfig.RouteAction = "268" $SmtpConfig.RouteUserName = $smtpuser.Value $SmtpConfig.RoutePassword = $smtppass.Value $SmtpConfig.AlwaysUseSsl = $true $SmtpConfig.SmartHostType = "2" $SmtpConfig.DefaultDomain = $smtpfqdn $SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com" $SmtpConfig.RemoteSmtpPort = "587" $SmtpConfig.Put() Restart-Service "SMTPSVC" -ErrorAction SilentlyContinue