Wcf – Sending Email from IIS 7 using local SMTP relay

iis-7smtpwcf

I am using Windows Server 2008 R2 and IIS 7.5.7600
So I have installed the SMTP service and it is running. I have tested that it works using the following powershell script:

$emailFrom = "user@yourdomain.com"
$emailTo = "user@yourdomain.com"
$subject = "your subject"
$body = "your body"
$smtpServer = "your smtp server"
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)

The email gets sent using "localhost" as the server.

However, after configuring the WCF services' web.config:

<system.net>
  <mailSettings>
    <smtp deliveryMethod="Network" from="user@yourdomain.com">
      <network
        host="localhost"
        port="25" 
      />
    </smtp>
  </mailSettings>
</system.net>

I receive a generic meaningless error when my code calls:

var mail = new MailMessage();
mail.To.Add("user@yourdomain.com");
mail.Subject = "[Smtp Client] TEST";
mail.Body = "TEST";
mail.IsBodyHtml = false;
var smtpMail = new SmtpClient();
smtpMail.Send(mail);

I get:

Failure sending mail.

    at System.Net.Mail.SmtpClient.Send(MailMessage message)

I am at a loss as to what else to check? Yes I have installed the application server role on the server. Yes the WCF service is working properly, all of my other code runs as expected, only sending of the email is failing. It seems as though there is some disconnect between IIS and the local SMTP relay but I have not been able to find anything discussing this particular problem (only people who can't get the smtp up and running or can't sort out their configs).

Thank you for your time and attention.

Best Answer

So the answer turned out to be permissions with the Metabase. I had found this mentioned before but the sources I had previously encountered only said to give read permissions to the LM\SMTPSVC path and had no mention of the LM\SMTPSVC\1 (I thought the permissions would cascade down to sub folders/paths). For a more detailed explanation see below :

Taken from HERE.

In 2008/IIS7+ the ApplicationPoolIdentity accounts are hidden accounts that have dynamically assigned SID's (created and assigned when the ApplicationPool is started). But the accounts live as (hidden) users under the IIS_IUSRS group on the local machine (this makes giving them permissions to the AppPools pretty easy, since you can use the normal GUI interface for perms or use scripts while specifying the local user group). To fix the issue with ASP sites running under IIS7.5 not being able to send email:

Give Read/Write permissions for the IIS_IUSRS group to the Mailroot folder (permissions will inherit down to Pickup/etc folders).
Now use a Metabase Permissions modifier (Metabase Explorer works, so does METAACL.VBS from 2003), Open LM\SMTPSVC and SMTPSVC\1 and add IIS_IUSRS with read permissions to those branches of the metabase.

cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC %computername%\IIS_IUSRS R cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC/1 %computername%\IIS_IUSRS R

Those permissions will allow any of the ApplicationPoolIdentity users to create and send email using the local SMTP service. This can be tested with SMTP service on the local machine stopped, which will force the .EML files to show up in the mailroot\pickup folder. The reason sending email works for NetworkService and LocalService and not the ApplicationPoolIdentity is that the Metabase, by default, has read permissions for SYSTEM and NetworkService. This is an yet another example of why running AppPools as ApplicationPoolIdentity provides more security than running as NetworkService: the applications must be given explicit privileges to any registry entry, folder hierarchy, file, etc that it must read or write.

Related Solutions

C# – Sending email in .NET through Gmail

Be sure to use System.Net.Mail, not the deprecated System.Web.Mail. Doing SSL with System.Web.Mail is a gross mess of hacky extensions.

using System.Net;
using System.Net.Mail;

var fromAddress = new MailAddress("from@gmail.com", "From Name");
var toAddress = new MailAddress("to@example.com", "To Name");
const string fromPassword = "fromPassword";
const string subject = "Subject";
const string body = "Body";

var smtp = new SmtpClient
{
    Host = "smtp.gmail.com",
    Port = 587,
    EnableSsl = true,
    DeliveryMethod = SmtpDeliveryMethod.Network,
    UseDefaultCredentials = false,
    Credentials = new NetworkCredential(fromAddress.Address, fromPassword)
};
using (var message = new MailMessage(fromAddress, toAddress)
{
    Subject = subject,
    Body = body
})
{
    smtp.Send(message);
}

Additionally go to the Google Account > Security page and look at the Signing in to Google > 2-Step Verification setting.

If it is enabled, then you have to generate a password allowing .NET to bypass the 2-Step Verification. To do this, click on Signing in to Google > App passwords, select app = Mail, and device = Windows Computer, and finally generate the password. Use the generated password in the fromPassword constant instead of your standard Gmail password.
If it is disabled, then you have to turn on Less secure app access, which is not recommended! So better enable the 2-Step verification.

Php – Send email using the GMail SMTP server from a PHP page

// Pear Mail Library
require_once "Mail.php";

$from = '<fromaddress@gmail.com>';
$to = '<toaddress@yahoo.com>';
$subject = 'Hi!';
$body = "Hi,\n\nHow are you?";

$headers = array(
    'From' => $from,
    'To' => $to,
    'Subject' => $subject
);

$smtp = Mail::factory('smtp', array(
        'host' => 'ssl://smtp.gmail.com',
        'port' => '465',
        'auth' => true,
        'username' => 'johndoe@gmail.com',
        'password' => 'passwordxxx'
    ));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {
    echo('<p>' . $mail->getMessage() . '</p>');
} else {
    echo('<p>Message successfully sent!</p>');
}

Best Answer

Related Solutions

C# – Sending email in .NET through Gmail

Php – Send email using the GMail SMTP server from a PHP page

Related Topic