Windows SMTP:脚本出站安全

tag-icon tag-icon windows powershell smtp wmi
Windows SMTP:脚本出站安全

在 PowerShell 中构建配置脚本,以配置 Web 服务器的 SMTP 服务,从而使用 AWS SES(简单电子邮件服务)出站邮件投递。手动操作很容易,但当我们进入一个负载平衡的世界时,我花了很长时间来编写脚本。

我的主要挑战似乎是打开 Basic Auth 并提供凭据。我似乎无法弄清楚那些 WMI 字段可能是什么...我认为凭据字段是RouteUserNameRoutePassword,但似乎找不到打开 BasicAuth 以证明这一点的正确选项。检查 TLS 加密框也让我难以做到。

我是否遗漏了一些明显的内容,或者只是没有使用正确的变量?

我正努力解决的领域如下: 在此处输入图片描述

到目前为止,我已构建的示例脚本。中继 IP 有效,并且已确认设置了 RouteUserName 和 RoutePassword 字段。但其余的是什么?

$smtpuser = Get-SSMParameter -Name SMTP_User
$smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true
$smtpfqdn = "$env:computername.$env:userdnsdomain"

$SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting"
$RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )
$SmtpConfig.RelayIPList = $RelayIPList
$SmtpConfig.AllowAnonymous = $false
$SmtpConfig.AuthBasic = $true
$SmtpConfig.RouteUserName = $smtpuser.Value
$SmtpConfig.RoutePassword = $smtppass.Value
$SmtpConfig.AlwaysUseSsl = $true
$SmtpConfig.DefaultDomain = $smtpfqdn
$SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com"

$SmtpConfig.Put()

Restart-Service "SMTPSVC" -ErrorAction

答案1

经过大量实验,问题已解决。以下是我的脚本的相关部分。请注意,我将 SMTP 用户凭证存储在 AWS Systems Manager 参数存储中。

$smtpuser = Get-SSMParameter -Name SMTP_User
$smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true
$smtpfqdn = "$env:computername.$env:userdnsdomain"

Set-Service "SMTPSVC" -StartupType Automatic -ErrorAction SilentlyContinue
Start-Service "SMTPSVC" -ErrorAction SilentlyContinue

$SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting"
$RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )
$SmtpConfig.RelayIPList = $RelayIPList
$SmtpConfig.AuthFlags = "1"
$SmtpConfig.AuthBasic = $false
$SmtpConfig.RouteAction = "268"
$SmtpConfig.RouteUserName = $smtpuser.Value
$SmtpConfig.RoutePassword = $smtppass.Value
$SmtpConfig.AlwaysUseSsl = $true
$SmtpConfig.SmartHostType = "2"
$SmtpConfig.DefaultDomain = $smtpfqdn
$SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com"
$SmtpConfig.RemoteSmtpPort = "587"

$SmtpConfig.Put()

Restart-Service "SMTPSVC" -ErrorAction SilentlyContinue

相关内容