Send email from contact form, when not hosting MX records

Hi,

I’m hosting a website, but only the www A record is pointing to my server. The site has a contact form which is supposed to trigger an email to an administrator.

Trouble is, because I’m not using the email service on this domain, I can’t simply use the SMTP settings in my config files, as there is no SMTP service on this server for this domain. I’ve contacted the people hosting the mail on this domain and they don’t support external connections on the Exchange server.

So I need to be able to use the SMTP service on my server to send mail on behalf of this domain.

I’ve tried putting test .txt file into C:\Inetpub\mailroot\Pickup and it sends fine, so the SMTP service is definitely running. However, when I try to send a mail from the contact form on the website, this gets written into the error log:

mycms.library.SendMail: Error sending mail. Exception: System.Net.Mail.SmtpException: Failure sending mail. —> System.UnauthorizedAccessException: Access to the path ‘C:\Inetpub\mailroot\Pickup\0fce8ff3-545a-4889-b373-787438b1b4e1.eml’ is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream…ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream…ctor(String path, FileMode mode) at System.Net.Mail.SmtpClient.GetFileMailWriter(String pickupDirectory) at System.Net.Mail.SmtpClient.Send(MailMessage message) — End of inner exception stack trace — at System.Net.Mail.SmtpClient.Send(MailMessage message) at mycms.library.SendMail(String FromMail, String ToMail, String Subject, String Body, Boolean IsHtml) in d:\TeamCity\buildAgent\work\7380c184e9fcd3ea\mycms\presentation\library.cs:line 1800

So there’s a permissions problem in writing from the web app to the pickup directory.

Does anyone know how to overcome this without opening up my server to spammers?

Any help very much apprecaited!

Thanks…

Again, you don’t need all users, you need to figure out what user your application pool is using. It probably isn’t IUSER_machinename either.

Also, your server admins are confused. You can allow relaying for specific hosts and not be an open relay in the “hey, send my spam through here” sense.

Ahhh, this is proving to be impossible.

I contacted my server admins (who don’t really want anything to do with this as it’s outside their normal remit) and they said it’s not possible to send email locally without opening up the relay - hence opening it wide open to spam.

There HAS to be a way to do this, surely!? What are the consequences of allowing full write permissions to all users on C:\Inetpub\mailroot\Pickup?

Ah, that makes sense. So to confirm, do I need to do both of these things (allow localhost relaying and set permissions for user) or can I just do the permissions thing?

Which is more secure?

How do I find out which app pool it’s running as?

Sorry for so many questions, just way out of my depth on this one and need to make sure I’m not going to create horrendous holes in the security of the server, or create problems elsewhere.

Thanks again!

Its probably not IUSER–you need to figure out what context the app pool is running as.

You can open up relaying for specific hosts, such as localhost. That security advice is to not be a generally open relay. Now, if something gets compromised it could allow for spamming, but in that case, you’ve got some other problems on your hand as it means your server is compromised.

Thanks wwb_99. I’ve added granted the IUSR_mydomain.com full permissions to that folder, and still get the same issue. Could it be that the permissions aren’t effective until I reboot the server?

The server doesn’t allow relay as I’ve been advised that it would create a big security hole (spam) if it did. Is there a way to open up relaying safely only for this one domain, or can I get the mail to be sent without opening up relay?

Presuming the site is running in the default context of NT AUTHORITY\NETWORK SERVICE you just need to give that user modify permossions on that mail pickup folder you are using.

You should be able to use localhost as the SMTP server presuming you allow it to relay, you don’t need MX records and such for that.