Building a config script in PowerShell to configure web servers' SMTP service to use the AWS SES (simple email service) for outbound mail delivery. Easy to do manually, but as we enter a load-balanced world, I'm having a helluva time getting it scripted.
My main challenge seems to be turning on Basic Auth and providing the creds. I can't seem to figure out what WMI fields those might be... I'm thinking the cred fields are RouteUserName
and RoutePassword
, but can't seem to find the right option to turn on BasicAuth to prove that. Checking the TLS encryption box is evading me as well.
Am I missing something obvious or just not using the right variables?
Fields I'm struggling with illustrated:
Sample script that I've built so far. Relay IP works and the RouteUserName and RoutePassword fields are confirmed set. But what are the rest?
$smtpuser = Get-SSMParameter -Name SMTP_User
$smtppass = Get-SSMParameter -Name SMTP_Password -WithDecryption $true
$smtpfqdn = "$env:computername.$env:userdnsdomain"
$SmtpConfig = Get-WMIObject -Namespace root/MicrosoftIISv2 -ComputerName localhost -Query "Select * From IisSmtpServerSetting"
$RelayIpList = @( 24, 0, 0, 128, 32, 0, 0, 128, 60, 0, 0, 128, 68, 0, 0, 128, 1, 0, 0, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 76, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 127, 0, 0, 1 )
$SmtpConfig.RelayIPList = $RelayIPList
$SmtpConfig.AllowAnonymous = $false
$SmtpConfig.AuthBasic = $true
$SmtpConfig.RouteUserName = $smtpuser.Value
$SmtpConfig.RoutePassword = $smtppass.Value
$SmtpConfig.AlwaysUseSsl = $true
$SmtpConfig.DefaultDomain = $smtpfqdn
$SmtpConfig.SmartHost = "email-smtp.us-west-2.amazonaws.com"
$SmtpConfig.Put()
Restart-Service "SMTPSVC" -ErrorAction
Solved with much experimentation. Here's the pertinent bits of my script. Note that I'm keeping the SMTP user creds stored in AWS Systems Manager parameter store.