使用本地SMTP中继从IIS 7发送电子邮件 [英] Sending Email from IIS 7 using local SMTP relay

问题描述

我正在使用Windows Server 2008 R2和IIS 7.5.7600 因此，我已经安装了SMTP服务，并且该服务正在运行.我已经使用以下Powershell脚本测试了它的工作原理:

I am using Windows Server 2008 R2 and IIS 7.5.7600 So I have installed the SMTP service and it is running. I have tested that it works using the following powershell script:

$emailFrom = "user@yourdomain.com"
$emailTo = "user@yourdomain.com"
$subject = "your subject"
$body = "your body"
$smtpServer = "your smtp server"
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)

使用"localhost"作为服务器发送电子邮件.

The email gets sent using "localhost" as the server.

但是，在配置WCF服务的web.config之后:

However, after configuring the WCF services' web.config:

<system.net>
  <mailSettings>
    <smtp deliveryMethod="Network" from="user@yourdomain.com">
      <network
        host="localhost"
        port="25" 
      />
    </smtp>
  </mailSettings>
</system.net>

当我的代码调用时，我收到一个通用的无意义错误:

I receive a generic meaningless error when my code calls:

var mail = new MailMessage();
mail.To.Add("user@yourdomain.com");
mail.Subject = "[Smtp Client] TEST";
mail.Body = "TEST";
mail.IsBodyHtml = false;
var smtpMail = new SmtpClient();
smtpMail.Send(mail);

我得到:

Failure sending mail.

    at System.Net.Mail.SmtpClient.Send(MailMessage message)

我不知道还要检查什么?是的，我已经在服务器上安装了应用程序服务器角色.是的，WCF服务正常运行，我所有其他代码均按预期运行，仅发送电子邮件失败.似乎IIS与本地SMTP中继之间存在断开连接，但是我无法找到任何讨论此特定问题的信息(只有无法启动并运行smtp或无法整理其配置的人)

I am at a loss as to what else to check? Yes I have installed the application server role on the server. Yes the WCF service is working properly, all of my other code runs as expected, only sending of the email is failing. It seems as though there is some disconnect between IIS and the local SMTP relay but I have not been able to find anything discussing this particular problem (only people who can't get the smtp up and running or can't sort out their configs).

感谢您的时间和精力.

推荐答案

因此，答案原来是对Metabase的许可.我之前发现了这个问题，但是我以前遇到的源只说过要授予LM \ SMTPSVC路径的读取权限，而没有提及LM \ SMTPSVC \ 1(我认为这些权限将级联到子文件夹/路径) .有关更详细的说明，请参见下文:

So the answer turned out to be permissions with the Metabase. I had found this mentioned before but the sources I had previously encountered only said to give read permissions to the LM\SMTPSVC path and had no mention of the LM\SMTPSVC\1 (I thought the permissions would cascade down to sub folders/paths). For a more detailed explanation see below :

来自此处.

在2008/IIS7 +中，ApplicationPoolIdentity帐户是已动态分配SID(在启动ApplicationPool时创建和分配)的隐藏帐户.但是，这些帐户以(隐藏的)用户身份(在本地计算机上的IIS_IUSRS组下)生活(这使向他们授予对AppPools的权限非常容易，因为您可以在指定本地用户组的同时使用普通的GUI界面进行烫发或使用脚本).要解决在IIS7.5下运行的ASP网站无法发送电子邮件的问题，请执行以下操作:

In 2008/IIS7+ the ApplicationPoolIdentity accounts are hidden accounts that have dynamically assigned SID's (created and assigned when the ApplicationPool is started). But the accounts live as (hidden) users under the IIS_IUSRS group on the local machine (this makes giving them permissions to the AppPools pretty easy, since you can use the normal GUI interface for perms or use scripts while specifying the local user group). To fix the issue with ASP sites running under IIS7.5 not being able to send email:

1. 将IIS_IUSRS组的读/写权限授予Mailroot文件夹(权限将继承到Pickup/etc文件夹).

2. 现在使用元数据库权限"修饰符(Metabase Explorer可以运行，2003年的METAACL.VBS可以使用)，打开LM \ SMTPSVC和SMTPSVC \ 1，然后将具有读取权限的IIS_IUSRS添加到元数据库的那些分支.

1. Give Read/Write permissions for the IIS_IUSRS group to the Mailroot folder (permissions will inherit down to Pickup/etc folders).

2. Now use a Metabase Permissions modifier (Metabase Explorer works, so does METAACL.VBS from 2003), Open LM\SMTPSVC and SMTPSVC\1 and add IIS_IUSRS with read permissions to those branches of the metabase.

cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC％计算机名％\ IIS_IUSRS R cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC/1％computername％\ IIS_IUSRS R

cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC %computername%\IIS_IUSRS R cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC/1 %computername%\IIS_IUSRS R

这些权限将允许任何ApplicationPoolIdentity用户使用本地SMTP服务创建和发送电子邮件.可以使用本地计算机上停止的SMTP服务进行测试，这将强制.EML文件显示在mailroot \ pickup文件夹中.发送电子邮件适用于NetworkService和LocalService而不适用于ApplicationPoolIdentity的原因是，默认情况下，配置数据库具有对SYSTEM和NetworkService的读取权限.这是为什么将AppPools作为ApplicationPoolIdentity运行比提供作为NetworkService运行的安全性更高的又一个示例:必须为应用程序赋予必须读取或写入的任何注册表项，文件夹层次结构，文件等的显式特权.

Those permissions will allow any of the ApplicationPoolIdentity users to create and send email using the local SMTP service. This can be tested with SMTP service on the local machine stopped, which will force the .EML files to show up in the mailroot\pickup folder. The reason sending email works for NetworkService and LocalService and not the ApplicationPoolIdentity is that the Metabase, by default, has read permissions for SYSTEM and NetworkService. This is an yet another example of why running AppPools as ApplicationPoolIdentity provides more security than running as NetworkService: the applications must be given explicit privileges to any registry entry, folder hierarchy, file, etc that it must read or write.

这篇关于使用本地SMTP中继从IIS 7发送电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！