onHacks

Yes, not really security related again. I think Mdutil is very useful and powerful, but there is too limited resources discussing use of it, so I want to talk a little bit more about my experience of using it. I am still working with IIS SMTP this time, because I have many test cases need to interact with SMTP server, and IIS SMTP is the “simplest” server that suit our requirement. Unfortunately, IIS virtual SMTP server is too simple that you cannot find a way to configure the advanced features in the given UI. (You can download IIS Resources Toolkit (eg. IIS6) to gain access to these configurations). This time, my task is to add some routing domains (around 30) to the virtual SMTP server. If you tried to add routing domains to virtual SMTP server through IIS Manager, you will know how painful it is if you need to add many routing domains at the same time. So we have Mdutil to modify the metabase keys, a list of routing domains that we need to add, and I am planning to write some code to generate scripts (more accurate, a list of Mdutil commands) to add these domains.

First of all, we need to know how the structure of domains stored in metabase before designing the scripts to add a routing domain. Let’s manually add a routing domain (eg. log0.onhacks.org) to the server through IIS Manager. After that, run the command to see what happened in the Domain path. Remeber the command?

mdutil enum -path:smtpsvc/<n>/Domain

Then you will see output similar to the following:

KeyType : [S] <String> “IIsSmtpDomain”
[smtpsvc/<n>/Domain/log0.onhacks.org]

Which means when adding a new routing domain, the SMTP server will create a child under Domain. Is this child contain no data? Obviously not! Because there are two types of routing domain that we can create in IIS SMTP server, Local (ie. Alias) and Remote. So, at least, there is a data stored in this child. By running the following command,

mdutil enum -path:smtpsvc/<n>/Domain/log0.onhacks.org

Since I added this domain with Alias type. You will get the result as following:

KeyType : [S] <String> “IIsSmtpDomain”
36946 : [IS] <DWORD> 0×10 = {16}

It matchs what we expect and no extra value need to be added in this branch. By the observation, we should have at least 3 mdutil commands to add a new branch under smtpsvc/<n>/Domain. We should first take a look on the operations provided by mdutil. Type in mdutil without arguments, you should see the help of mdutil. Following is the highlight of commands that may be useful for our task.

mdutil SET      path value …   – assign the new value
mdutil CREATE   path             – create given path

After a little experiment, I discover that CREATE operation is used to create a new branch, and by using SET, we can add a new variable in the node. So the steps to import a routing domain is as follow (eg. Import dotHac.onhacks.org).

Create a branch:

mdutil CREATE -path:smtpsvc/<n>/Domain/dotHac.onhacks.org

Add a variable KeyType to the branch:

mdutil SET -path:smtpsvc/<n>/Domain/dotHac.onhacks.org -prop:KeyType -utype:UT_SERVER -dtype:STRING -value:”IIsSmtpDomain”

Add a variable for the routing action (value: 16 = local domain, 2 = remote domain):

mdutil SET -path:smtpsvc/<n>/Domain/dotHac.onhacks.org -prop:36946 -utype:UT_SERVER -dtype:DWORD -value:16

When you open IIS manager, you will see the domain has been imported. Pretty cool, isn’t it? The next step is to generate a list of mdutil commands for batch import. My approach is to read list of the domains and its routing action into a program and the program will generate mdutil commands for each them. Here is an example in Python version.

Enjoy! Happy New Year!

ps. Is anyone know if we can use mdutil to access properties of DNS server? I would like to switch on/off the DNS referral feature in Windows DNS server.

Email, Windows IIS, Mdutil, Routing Domain, SMTP

Simple Mail Transport Protocol (SMTP) is the basic protocol for message delivery in the network. As you know, it is the simplest protocol, you can imagine it is so simple that without considering much on security. However, I am not going to discuss the bugs in the specification, but I do want to cover some non-security related stuffs which is related to Extended SMTP (ESMTP). After RFC of SMTP was published, people noticed that SMTP is not enough to fulfil their requirements for mail delivery. They started designing extensions for SMTP, most commonly use extensions are: Delivery Status Notification (DSN), Transport Layer Security (STARTTLS), Authenticated SMTP (SMTP-AUTH) and SIZE.

These few days, I am looking around to disable some extensions in IIS virtual SMTP server. In more accurate, it is an ESMTP server. If you have tried setting up an IIS virtual SMTP server by yourself, you should know that there is no GUI for you to disable these extensions. However, if you search on the Internet, there are at least two ways to enable/ disable these extensions. One of them is to use Windows Script (WScript) to take the SMTP server as an object and, by assigning the value to different properties to configure the extensions. On the other hand, you can use Mdutil.exe to edit the metabase key that let the SMTP advertise the extensions. In this entry, I am going to cover the detail of how to use Mdutil.exe to modify the key.

Mdutil.exe is a metabase key editor. By default, mdutil.exe is not installed in the Windows. You can search it in the install CD. In Windows 2000 CD, the name of it is Mdutil.ex_, you can move it to your computer and rename it. After that, you should first determine how many SMTP Virtual Server instances are configured. You can do this by using the following command:

Mdutil.exe enum -path:smtpsvc

You are suppose to see something similar to the following:

• [/smtpsvc/1]
• [/smtpsvc/2]
• [/smtpsvc/3]

Each entry represents an virtual SMTP server instance. You must look in the Microsoft Management Console (MMC) to find the virtual SMTP server instance that you want to modify. The virtual SMTP server instances are listed from top to bottom.
asdf
You can use the following command to obtain the original property value, while <n> is the number of the SMTP server instance that you want to modify.

Mdutil.exe get -path:smtpsvc/<n> -prop:36998

If you receive the error message: “Error: GetData – HRES(0×800cc801) MD_ERROR_DATA_NOT_FOUND”, the metabase property 36998 is not stored in the properties of this SMTP server instance.Otherwise, you will have the response of the value like this:

36998 : [IS] (DWORD) 0×7574c1={7697601}

Then we should take a look which extensions we can configure.

Then the rule is very simple: If you want to disable an advertisement, just subtract its corresponding value from the original property value; If you want to enable an advertisement, add its value to the original property value. For example, the original value is 0×7574c1 and I want to disable DSN (by default DSN is enabled, the original property value is the sum of some of the advertisements), you can set the property value to 0×7574c1 – 0×40 = 0×757481. To assign the new value to it, you can perform the following command.

Mdutil.exe set -path:smtpsvc/ -prop:36998 -utype:UT_SERVER -dtype:DWORD -attrib:INHERIT -value:0×757481

By replacing the -value attribute, you can set the property at 36998 to different value. Then you can connect to your SMTP server and see the new list of extensions by typing EHLO.

It is just a very breif introduction to Mdutil.exe, I think it has a great power to modify other metabase key of applications in Windows.

Hope you enjoy!

Reference:

• How to turn off 8BITMIME in Windows 2000 and in Windows Server 2003 SMTP service
• Microsoft Exchange Server 2003 Advanced Administration

Email, Windows ESMTP, IIS, Mdutil