Saving attachments to a network location ?

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
testuser.demouser
New user
New user
Posts: 2
Joined: 2020-03-24 23:17

Saving attachments to a network location ?

Post by testuser.demouser » 2020-03-27 00:36

I have an application in C# which downloads the attachments and saves it to a local folder. However, I would like to save these attachments to another location on the network. When I call attachment.SaveAs(path_to_network_location) it does not work. I tried running the hMailServer service with a specific user who has permission to access the specified network location but it did not work either. Can anyone please tell me how can I achieve this ?
Any suggestions / help would be highly appreciated. Thank you.

mikedibella
Normal user
Normal user
Posts: 236
Joined: 2016-12-08 02:21

Re: Saving attachments to a network location ?

Post by mikedibella » 2020-03-27 03:02

How about using a local temporary file path and name for the parameter to the SaveAs COM method, then copy/move it using .net or win library functions?

User avatar
mattg
Moderator
Moderator
Posts: 21117
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Saving attachments to a network location ?

Post by mattg » 2020-03-27 14:04

testuser.demouser wrote:
2020-03-27 00:36
...how can I achieve this?
This is likely caused by the fact that the user than runs the hMailserver SERVICE doesn't have credentials to the network storage
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Saving attachments to a network location ?

Post by Dravion » 2020-03-27 15:40

Network Security Credentials in Windows Active Directory Domains are shared by Kerberos Security Tokens.
You have local Machine permissions (required to run a Windows Service on a specific Computer) and you have Domain Administrator
Account permissions, maintained by Active Directory to grant permissions Network wide.

1) Create a Local Computer User account on your hMailserver Computer which is Member of the local Computers Administrators group
2) Grant permissions via Local Security Policy Editor to "act as service".
3) Change hMailServers Service User to your new created User
4) You hMailServer Computer must memeber of your Active Directory domain
5) Add your local User to the Active Directory Administrator group as well

mikedibella
Normal user
Normal user
Posts: 236
Joined: 2016-12-08 02:21

Re: Saving attachments to a network location ?

Post by mikedibella » 2020-03-27 17:44

When a machine is domain joined, the LocalSystem account (NT AUTHORITY\SYSTEM) has the same permission on the network as the computer account (paragraph 3: https://docs.microsoft.com/en-us/window ... em-account)

So, to write a file from the LocalSystem context on a domain member, the Share that is the target for the SaveAs must have the Computer account added to the ACL with Change permission, and the Computer account must be added to the target directory Security tab ACL with Modify permission.

However, I stick with my original recommendation. Run you COM client in your desired security context and just copy the file from the local drop.

User avatar
RvdH
Senior user
Senior user
Posts: 1139
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Saving attachments to a network location ?

Post by RvdH » 2020-03-27 19:01

mikedibella wrote:
2020-03-27 17:44
However, I stick with my original recommendation. Run you COM client in your desired security context and just copy the file from the local drop.
+1
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Saving attachments to a network location ?

Post by Dravion » 2020-03-27 20:11

mikedibella wrote:
2020-03-27 17:44
When a machine is domain joined, the LocalSystem account (NT AUTHORITY\SYSTEM) has the same permission on the network as the computer account (paragraph 3: https://docs.microsoft.com/en-us/window ... em-account)

So, to write a file from the LocalSystem context on a domain member, the Share that is the target for the SaveAs must have the Computer account added to the ACL with Change permission, and the Computer account must be added to the target directory Security tab ACL with Modify permission.

However, I stick with my original recommendation. Run you COM client in your desired security context and just copy the file from the local drop.
Completely wrong

Quote:
In particular, a service running as LocalSystem on a domain controller (DC) has unrestricted access to Active Directory Domain Services
The local Service account user has only unrestricted permissions on a Active Directory Domain Controller IF THE SERVICE in question is installed
itself on the Active Directory Domain Controller.

mikedibella
Normal user
Normal user
Posts: 236
Joined: 2016-12-08 02:21

Re: Saving attachments to a network location ?

Post by mikedibella » 2020-03-27 20:21

Dravion wrote:
2020-03-27 20:11
Completely wrong
You are misreading the article. The section you cite has to do with the specific use case of running services on a Domain Controller.

I think most would agree that running services such as hMailServer on a Domain Controller should only be done as a last resort.

The relevant part of the article is this:
When a service runs under the LocalSystem account on a computer that is a domain member [emphasis mine], the service has whatever network access is granted to the computer account, or to any groups of which the computer account is a member.

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Saving attachments to a network location ?

Post by Dravion » 2020-03-27 21:05

mikedibella wrote:
2020-03-27 20:21
When a service runs under the LocalSystem account on a computer that is a domain member [emphasis mine], the service has whatever network access is granted to the computer account, or to any groups of which the computer account is a member.
And thats why i provided my solution to address exactly this issue.

Get your facts straight.

mikedibella
Normal user
Normal user
Posts: 236
Joined: 2016-12-08 02:21

Re: Saving attachments to a network location ?

Post by mikedibella » 2020-03-27 21:12

Dravion wrote:
2020-03-27 15:40
1) Create a Local Computer User account on your hMailserver Computer which is Member of the local Computers Administrators group
Sorry, but a Local Computer Account will have no network access at all, regardless of the group membership.

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Saving attachments to a network location ?

Post by Dravion » 2020-03-27 21:39

mikedibella wrote:
2020-03-27 21:12
Dravion wrote:
2020-03-27 15:40
1) Create a Local Computer User account on your hMailserver Computer which is Member of the local Computers Administrators group
Sorry, but a Local Computer Account will have no network access at all, regardless of the group membership.
But a Network Active Directory User can be Member of a Local Computer User Group like Administrators and SAM
rights can be granted via SECPOL to ACT AS SERVICE.

mikedibella
Normal user
Normal user
Posts: 236
Joined: 2016-12-08 02:21

Re: Saving attachments to a network location ?

Post by mikedibella » 2020-03-27 22:10

Dravion wrote:
2020-03-27 21:39
But a Network Active Directory User can be Member of a Local Computer User Group like Administrators and SAM
rights can be granted via SECPOL to ACT AS SERVICE.
This is true but it is not going to solve the OP problem. You process would work if the account was a Domain (AD) Account and not a Local (SAM) Account, but I happen to think that copying the file is the most straight-foward, and easiest to troubleshoot, approach.

User avatar
mattg
Moderator
Moderator
Posts: 21117
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Saving attachments to a network location ?

Post by mattg » 2020-03-28 06:46

We don't know if the OP has an Active Directory or just a workgroup or perhaps even disjointed devices on the same LAN (ie a home network with a NAS)
RvdH wrote:
2020-03-27 19:01
mikedibella wrote:
2020-03-27 17:44
However, I stick with my original recommendation. Run you COM client in your desired security context and just copy the file from the local drop.
+1
+1
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Saving attachments to a network location ?

Post by Dravion » 2020-03-28 07:57

He was talkin about a self developed C# Application which needs to SaveFile to a specific path. Windows itself supports only Filesystem paths or a UNC Networkpath
for a remote file Operation.

However:
A Remote file operation is only allowed if a C# Application can authenticate itself against the ruling Authority, whichis nowdays typically a Active Directory. If its not ADS, you need to maintain all the required permissions and settings
accross alll diffefent Computers if itd a Workgroup or not, this even goes for Linux, Solaris, FreeBDD and MacOS Samba Shares.

User avatar
RvdH
Senior user
Senior user
Posts: 1139
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Saving attachments to a network location ?

Post by RvdH » 2020-03-28 09:16

If he is using a self developed C# Application, i wouldn't rely on hmailserver's COM...but would use something like MailKit to those download attachments via IMAP
MailKit is very neat and powerfull, I created that zipscanner with it and more recently a service that does cleanup bounces (NDR's) send from al large mailing list to deactivate no longer existing emailadresses
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply