Thursday, April 16, 2015

Allow IP address in the SMTP Connection Control

My colleague got a tough job to enable SMTP on a Windows 2012 R2 server as requested by client...and yes, the client still want to use legacy SMTP services (don't be shocked !! ). One of the road blocks he faced was adding multiple IP addresses in the SMTP connection control settings.

SMTP Connection Control

Our friend Google couldn't help much in finding a script to add multiple IP addresses easily and he didnt want to do it manually 1200+ times.. So thanks to him for being lazy and poking me to write up something :)

So, as usual i tried looking up on the internet but couldn't find much and i also wanted it to be in PowerShell not VB.. (I love modern shell, make me look young )... Anywas time to hunt and kick my brain to find something to start with..

I remembered working on IIS6 using WMI, therefore i was quite confident that WMI is what i need to look into. So, i logged in to the SMTP server, opened up the Namespaces but couldn't find any reference for IIS but later i releazied its Server 2012 so i need to enable IIS 6 WMI compatiblity feature to get the legacy Namespace registerred..



Cool, so now i have what i wanted :)... It was time to go in depth and find the right class and instance to get the IP addresses updated automatically.

After looking alot in WMI ..i found the following:

Namespace - root\MicrosoftIISv2
Class - IIsIPSecuritySetting

IIsIPSecuritySetting class stores the related information, therefore i queried the WMI class using PowerShell 

Get-CimInstance -Namespace "root\MicrosoftIISv2" -Class "IIsIPSecuritySetting"

I could see my SMTP services in the list and one of the object i could see in there was IPGrant.. Woohoo, thats where SMTP connections allowed IP addresses are stored.. Now, it was time to update the list..

So here's what i did:

-- Created an array to store all the IPs

$NewIps = @(
                     "1.1.1.1, 255.255.255.255";
                     "2.2.2.2, 255.255.255.255";
                      )

-- Get the SMTP settings filterred with SMTP services i want to configure 

$GetSMTP = Get-CimInstance -Namespace "root\MicrosoftIISv2" -Class "IIsIPSecuritySetting" -Filter "Name ='SmtpSvc/1'"

-- Add the new IP addresses

$GetSMTP.ipgrant += $NewIps

-- Save the updated config:

Set-CimInstance -InputObject $GetSMTP

In case you got the same job as my friend [to build the SMTP from the scratch], please make sure you enable this setting [as shown in the image below]
 
 
 
Note: this is just a temp fix, till I find the time to update the script to do this automatically for you..[special thanks to ponvimal for highlighting this]
 



1 comment:

  1. hi nikhil

    the above code works great in already configured smtp. if i enabling the smtp feature for first time and executing the above script it is not working, ie it runs without error but connection not showing in window

    ponvimal

    ReplyDelete