服务器 Gind.cn
  1. 服务器 Gind.cn
  3. SMTP IIS中继 – 附件在电子邮件正文中编码
Intereting Posts
依赖关系User (失败)在Puppet清单中出现 将VHD转换为VMDK,但缺lessvmx 为什么.NET Folder.CopyHere方法在SQL Server代理PowerShell作业步骤中运行时不允许对.ZIP文件进行对话框抑制? 获得两个networkingcommincate 在同一个局域网上可能有重复的MAC地址? 部署用户是否应将其shell设置为/ bin / false? 使用虚拟PC 2007在虚拟服务器上build立networking 如何在AIX中安装LSOF 系统.service文件中的libexecdir? Powershell过程看门狗 在Centos Start上运行基于单音的应用程序 Debian WPA2-Enterprise(networkingpipe理器)802.1X无提示证书? 如何在从wordpress移植到另一个博客后创build重写 Openswan和sonicwall以及encryption参数 基于位置的Apache身份validation要求

SMTP IIS中继 – 附件在电子邮件正文中编码

Server 2008 R2,MS IIS版本7.5仅用作外发SMTP中继。 会话/邮件限制和附件限制设置为每个附件和会话500 MB。 附件介于10-20 KB之间。

当通过我们的GoldMine CRM software发送大量的电子邮件时,附件以base64编码forms出现在文本的正文中。 如果我通过Outlook发送它工作正常。 通过GoldMine发送附件的电子邮件到个人通过就好了。 只有在发送给多个收件人时。 这也包括基于HTML的电子邮件。 HTML将通过纯文本和不parsing。

如果我改变传出的SMTP使用我们的ISP服务器也是一个IIS 7.5中继(relay.somedomain.com – 66.110.xx)它成功。

xmail * .myhosting.com是我们用来接收电子邮件的第三方电子邮件托pipe服务提供商。 我们停止使用它们作为传出主机,因为我们一直在通过RBL黑名单。

这里是电子邮件服务器日志: 

 #Software: Microsoft Internet Information Services 7.5 #Version: 1.0 #Date: 2016-05-17 13:12:32 #Fields: date time c-ip cs-username s-computername s-ip s-port cs-method cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 EHLO +MAILSVR01.localdomain.com 250 0 231 36 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 MAIL +FROM:<[email protected]> 250 0 46 33 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<[email protected]> 250 0 35 32 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<[email protected]> 250 0 33 30 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<[email protected]> 250 0 32 29 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<[email protected]> 250 0 38 35 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<[email protected]> 250 0 37 34 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<[email protected]> 250 0 34 31 0 SMTP - - 2016-05-17 13:12:32 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 DATA +<SjQ5TkVLTShMNzFHJD5QNTk3ODk5NzEy@MAILSVR01> 250 0 130 43284 15 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 220+relay.COC.com+Microsoft+ESMTP+MAIL+Service,+Version:+7.5.7600.16385+ready+at++Tue,+17+May+2016+09:12:31+-0400+ 0 0 114 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 EHLO MAILSVR01.localdomain.com 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250-relay.somedomain.com+Hello+[66.110.xx.xxx] 0 0 39 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 MAIL FROM:<[email protected]>+SIZE=43574 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - [email protected]+OK 0 0 44 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<[email protected]> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<[email protected]> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<[email protected]> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<[email protected]> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<[email protected]> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<[email protected]> 0 0 4 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - [email protected]+ 0 0 33 0 0 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - [email protected]+ 0 0 31 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - [email protected]+ 0 0 35 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - [email protected]+ 0 0 31 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.6.0+<[email protected]>+Queued+mail+for+delivery 0 0 78 0 344 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 QUIT - 0 0 4 0 344 SMTP - - 2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 221+2.0.0+relay.somedomain.com+Service+closing+transmission+channel 0 0 60 0 344 SMTP - - 2016-05-17 13:12:34 192.168.xx MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 QUIT MAILSVR01.localdomain.com 240 1794 79 4 0 SMTP - -

这是如何收到的电子邮件标题: 

 Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 26071 invoked from network); 17 May 2016 12:33:54 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on xsa04.softcom.biz X-Spam-Level: X-Spam-DCC: : xsa04 1323; Body=1 Fuz1=1 X-Spam-Pyzor: X-Spam-Status: No, score=-0.1 hits=-0.1 required=5.0 tests=AWL,BAYES_00, MISSING_HEADERS,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.1 Received: from unknown (HELO relay.somedomain.com) ([66.110.xx.xx]) (envelope-sender <[email protected]>) by xmail04.myhosting.com (qmail-ldap-1.03) with SMTP for <[email protected]>; 17 May 2016 12:33:48 -0000 Received: from MAILSVR01.localdomain.com ([66.110.xx.xx]) by relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385); Tue, 17 May 2016 08:30:14 -0400 Received: from MAILSVR01.localdomain.com ([192.168.x.xx]) by MAILSVR01.localdomain.com with Microsoft SMTPSVC(7.5.7601.17514); Tue, 17 May 2016 08:30:15 -0400 Date: Tue, 17 May 2016 08:30:15 -0400 From: Travis <[email protected]> Subject: Test Day 2 #1 Bcc: Return-Path: [email protected] Message-ID: <[email protected]> X-OriginalArrivalTime: 17 May 2016 12:30:14.0665 (UTC) FILETIME=[DCECC790:01D1B037] To: ---redacted-- Message-ID: <SjQ5S09PSyFKWDEgJD5QNTk1MzYyNTEy@MAILSVR01> Mime-Version: 1.0 Organization: Company Name X-Mailer: GoldMine [2014.1.0.489] X-GM-Attachments-Sync-Time: 20160517083014 Content-Type: multipart/mixed; boundary="nqp=nb64=()17phzZSPf" Return-Path: [email protected] X-OriginalArrivalTime: 17 May 2016 12:30:15.0874 (UTC) FILETIME=[DDA54220:01D1B037] --nqp=nb64=()17phzZSPf Content-Type: text/plain Test day 2 --nqp=nb64=()17phzZSPf Content-Type: image/jpeg; name="image9.jpeg" Content-Disposition: attachment; filename="image9.jpeg" Content-Transfer-Encoding: base64 /9j/4Q/+RXhpZgAATU0AKgAAAAgACwEPAAIAAAAGAAAAkgEQAAIAAAAJAAAAmAESAAMAAAAB AAYAAAEaAAUAAAABAAAAogEbAAUAAAABAAAAqgEoAAMAAAABAAIAAAExAAIAAAAGAAAAsgEy -----removed fluff to cut down for Server Fault character limit---- AKGhrCvfip8DkRkktNfYf9d7fj6/uqwm+K/wSBaSHT9dcdCDcwdPUYhqPrstbN/cy3RXl+B/ /9l= --nqp=nb64=()17phzZSPf--

通过我们的ISP的SMTP成功的电子邮件附件头。 

 Subject:Test Day 2 #2 Date:Tuesday, May 17, 2016 8:43 am From:Travis <[email protected]> To:<redcated recipients> Org:Western Plastics X-Mailer:GoldMine [2014.1.0.489] MIME Version:1.0 MIME Type:multipart/mixed; boundary="nqp=nb64=()J6Ske6A0R" Message-id:<SjQ5TEtDMSA5QF9JJD5QNTk2MTgyODU4@MAILSVR1> Return-Path:<[email protected]> Delivered-To:[email protected] Received:(qmail 1683 invoked from network); 17 May 2016 12:47:28 -0000 X-Spam-Checker-Version:SpamAssassin 3.3.1 (2010-03-16) on xsa09.softcom.biz X-Spam-DCC:: xsa09 1323; Body=1 Fuz1=1 X-Spam-Status:No, score=0.5 hits=0.5 required=5.0 tests=AWL,BAYES_50, RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.1 Received:from unknown (HELO relay.COC.com) ([66.110.220.12]) (envelope-sender <[email protected]>) by xmail08.myhosting.com (qmail-ldap-1.03) with SMTP for <[email protected]>; 17 May 2016 12:47:24 -0000 Received:from MAILSVR1.localdomain.com ([66.110.xx.xx]) by relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385); Tue, 17 May 2016 08:43:54 -0400 Return-Path:[email protected] X-OriginalArrivalTime:17 May 2016 12:43:54.0806 (UTC) FILETIME=[C5C45D60:01D1B039] Attachments:\\192.168.xx\MailBox\Attach\TRAVIS\image7.jpeg Test Email 2

最后在仔细检查日志文件之后才弄清楚了。

电子邮件客户BDAT在发送DATA但内部SMTP服务器通过BDAT发送给智能主机,显然这是一个潜在的DDoS问题,我想在某个地方它不允许它正确处理。 有可能我们的SonicWall防火墙也是如此。

出错线:

2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - -

所以解决scheme是禁用本地SMTP服务器上的BDAT,BINARYMIME和CHUNKING。

信用/来源链接

https://adaptivethinking.wordpress.com/2010/12/21/smtp-esmtp-and-the-bdat-baddie/

https://joekiller.com/2007/09/19/bdat-causing-smtp-service-to-drop-email/

如果链接不再可用,这里是他们概述的步骤。

Telnet到邮件主机并发出ehlo命令。 检查服务器返回的动词。 它应该有BINARYMIMECHUNKING列出。 这些步骤后,你将不会有这些。

validationBINARYMIMECHUNKING已打开。
telnet localhost 25

Type ehlo 

 220 MAILSVR Microsoft ESMTP MAIL Service, Version: 7.5.76 01.17514 ready at Tue, 14 Mar 2017 12:18:50 -0400 ehlo 250-MAILSVR Hello [168.1.1.1] 250-TURN 250-SIZE 51200000 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-BINARYMIME 250-CHUNKING 250-8bitmime 250-VRFY 250-TLS 250-STARTTLS 250 OK

安装IIS6.0资源工具包

打开IIS Metabase Explorer

导航到LM\SmtpSvc\1

寻找SmtpInboundCommandSupportOptions

这里默认值是7697601 。 我知道我想要禁用BINARYMIME和CHUNKING动词,所以使用这里我从7697601减去2097152 (BINARYMIME)和1048576 (CHUNKING)的7697601

7697601 - (2097152 + 1048576) = 4551873

SmtpInboundCommandSupportOptions值设置为4551873

禁用BDAT

导航到LM\SmtpSvc

SmtpOutboundCommandSupportOptions值从7更改为5

closuresIIS Metabase Explorer并重新启动IIS Admin Service (进而重新启动Simple Mail Transfer Protocol (SMTP)服务)。

重复这些步骤,通过telnet连接到服务器,并确认它们已被删除。 如果他们在进行更改时没有确定您位于\1子目录中。