Dino9021
技術記事與生活
2025-12-31
Elevate privileges using PowerShell
2025-12-12
Configure IIS SMTP Service to receive mail over TLS and forward to a non-TLS SMTP service on one Windows Server
Scenario
- An older custom SMTP service only accepts unencrypted SMTP connections and does not support TLS.
- A solution is required to receive emails over TLS using IIS SMTP Service and relay them to the custom SMTP service without encryption.
- The goal must be achieved on a single virtual machine.
Environment Setup
Install two network interfaces on a single Windows Server with the following IP addresses:
- Network Interface 1:
10.11.11.11(physical NIC) - Network Interface 2:
10.22.22.22(Description: Microsoft KM-TEST Loopback Adapter)
2025-12-05
批次建立 win-acme 用 DNS Record 取得憑證的任務
批次建立 win-acme 用 DNS Record 取得憑證的任務
$RecordNames = @();
$RecordNames += "www";
$Domain = "contoso.com";
foreach ($RecordName in $RecordNames) {
$FQDN = ($RecordName + '.' + $Domain);
write-host ('Request Certificate for ' + $FQDN);
在 Azure DNS Zone 用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script
前情提要: 在 Microsoft DNS Server 上用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script
AzureDNSZoneVerification.ps1
2025-11-26
PowerShell 更新 IIS Site Bind SSL Cert
$PublishedURL = "www.contoso.com"
$IISSiteName = "www.contoso.com"
$PFXPath = "C:\Cert\Cert\"
$Password = "password"
$PFXFullPath = "$PFXPath$PublishedURL.pfx"
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($PFXFullPath, $Password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::EphemeralKeySet)
Import-Module IISAdministration
2025-11-20
在 Exchange Online 如果寄給某個外部網域的信件無法送達,不要退信給原寄件者
在 Exchange Online 如果寄給某個外部網域的信件無法送達,不要退信給原寄件者
方法是透過 Remote Domain 設定停用 NDR(Non-Delivery Report)
首先要建立 Remote Domain (在 EAC Mail flow -> Accepted domains)
New-RemoteDomain -Name "DomainNameOne" -DomainName "Domain.Name.One"
New-RemoteDomain -Name "DomainNameTwo" -DomainName "Domain.Name.Two"
停用 NDR必須用 PowerShell 指令,EAC 不支援 (這裡的 -Identity 是上面的 -Name)
Set-RemoteDomain -Identity "DomainNameOne" -NDREnabled $false
Set-RemoteDomain -Identity "DomainNameTwo" -NDREnabled $false
2025-10-24
Fix: SMTP Service MMC has detected an error in a snap-in
When right-click on [SMTP Virtual Server #1] in IIS 6.0 Manager and SMTP Server, you may get this error:
"MMC has detected an error in a snap-in. It is recommended that you shut down and restart MMC."
Here's the fix:
- Stop SMTPSVC service [Display Name: Simple Mail Transfer Protocol (SMTP)]
- Stop IISADMIN service [Display name: IIS Admin Service]
- Edit "C:\Windows\System32\inetsrv\MetaBase.xml"
- Find: <IIsSmtpServer Location ="/LM/SmtpSvc/1"
- Add (Settings are alphabetical): RelayIpList=""
- Save file
- Start IISAdmin Service
- Start SMTPSVC service
以下提供 PowerShell 程式,直接執行完成上述步驟
2025-10-23
Replace Ceritificate on IIS SMTP Virtual Server
$PFXPath = "C:\Cert\"$PFXPW = ''$PublishedURL = "smtp.contoso.com"Import-Module WebAdministration$MicrosoftIISv2WMI = Get-CimInstance -Namespace root/MicrosoftIISv2 -Class __Namespace -ErrorAction SilentlyContinueif ($MicrosoftIISv2WMI -eq $Null) {Install-WindowsFeature Web-Mgmt-Compat, Web-WMI;};$SMTPServer = Get-CimInstance -Namespace root/MicrosoftIISv2 -Class IIsSmtpServerSetting -Filter ("FullyQualifiedDomainName='".$PublishedURL."'")if ($SMTPServer.AccessSSL -ne $True) {write-host 'TLS not enabled';exit;};
2025-10-16
IIS SMTP 使用 WildCard 憑證無法啟用 TLS 的問題
WildCard 憑證如果用 MMC 匯入 Local Computer 的 Personal 後
SMTP Domain 的 Access -> Security communication 中 Require TLS encrypt 還是反灰不能勾選
此時開啟 IIS Manager (管理網站的那個 Internet Information Services (IIS) Manager)
在伺服器層級點 Server Certificates,再點 Import,記得匯入 Store 選 Personal
按 OK 後重啟 IIS & SMTP Service 即可
*. 可以把 Allow this certificate to be exported 取消勾選
IIS SMTP MMC 啟動錯誤
Stop-Service SMTPSVC
Stop-Service IISAdmin
notepad C:\Windows\System32\inetsrv\MetaBase.xml
找到 <IIsSmtpServer Location ="/LM/SmtpSvc/1" 這一段
加入參數: RelayIpList=""
Start-Service IISAdmin
Start-Service SMTPSVC
Set-Service SMTPSVC -StartupType Automatic