Updating IIS SMTP Relay Restrictions with Powershell

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Updating IIS SMTP Relay Restrictions with Powershell was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, iis, powershell, smtp, .

I’m trying to update the IIS 6 Virtual SMTP server relay restrictions to only allow 127.0.0.1. To do this I’m updating the following setting.

enter image description here

I can do this manually but I’d like to do it from PowerShell.

$settings = get-wmiobject -namespace rootMicrosoftIISv2 -computername localhost -Query "Select * from IIsSmtpServerSetting"
$settings.RelayIpList += @(127,0,0,1)
$settings.Put()

If I query the setting in powershell the value I’ve added is there, but it doesn’t update in the UI. Am I using the correct setting? Or am I missing something else?

Hope it will help someone.

I found out that you can only do something like this to update the relayIPList, below is an example to add 127.0.0.1 to an empty relay ip list:

$SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting"

$RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )

$SmtpConfig.RelayIPList = $RelayIPList

$SmtpConfig.Put()

*Note the spaces in the array. They need to be there to ensure it’s a byte array (it will not work even when you use strong type to create a byte array without the spaces). Also do not try to modify the content of the array

So, following won’t work:

[Byte[]]$RelayIpList = @(24,0,0,128,32,0,0,128,60,0,0,128,68,0,0,128,1,0,0,0,76,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,4,0,0,0,0,0,0,0,76,0,0,128,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,255,255,255,255,127,0,0,1)

either will this:

[Byte[]]$RelayIPList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )
$IPs | ForEach-Object { $RelayIPList = $RelayIPList + ($_.split('.')) }

If you need to migrate from one server to another its even more simple

#Copy the relay list from one server and migrate it to another
$COMP1 = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName server1 -Query "Select * From IisSmtpServerSetting"

$COMP2 = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName server2 -Query "Select * From IisSmtpServerSetting"
$COMP2.RelayIpList = $comp1.RelayIpList
$COMP2.Put()

This is actually possible, and more complicated than one might think. This magical relay IP list object has some collection lengths hard-coded into it.

Here’s part of my script that I used after I figured out that oddity.

param(
    [Parameter(ValueFromRemainingArguments=$true)][object[]]$AllowedIPs
)

$SMTPServerWmi = Get-WmiObject IISSmtpServerSetting -namespace "ROOTMicrosoftIISv2" | Where-Object { $_.name -like "SmtpSVC/1" }
$SMTPServerWmi.RelayIpList = @(24,0,0,128,
32,0,0,128,
60,0,0,128,
68,0,0,128,
1,0,0,0,
76,0,0,0,
0,0,0,0,
0,0,0,0,
1,0,0,0,
$AllowedIPs.Count,0,0,0,
2,0,0,0,
($AllowedIPs.Count + 1),0,0,0,
4,0,0,0,
0,0,0,0,
76,0,0,128,
0,0,0,0,
0,0,0,0,
0,0,0,0,
0,0,0,0,
255,255,255,255) + $AllowedIPs.ForEach({ $_.Split(".")})

$SMTPServerWmi.Put()

If those values aren’t correct, the UI may show your IPs and a lot of random junk, crash, or become broken such that you cannot use it to remove the items from the list using the UI.

Leave a Reply

Your email address will not be published.