Developers vs. (?) ITpro’s. SMTP and a website

In a recent post I described how easy it was to turn your website into a spamming tool provided you know how to change some IIS settings. In a comment Dennis wrote “Some things are so simple, you’d expect everyone to know these things and use them wisely. Unfortunatly,.“  Yes both coding and setup on itself are easy but the two parts are usually handled by different people. The developer is writing the code and the ITpro guy does the configuration. And these people have different cultures. Most of us developers are used to working with database connection strings like “.. user=sa;pwd=” and we are unpleasantly surprised by some service being refused. These days with  more and more systems being “secure by default” it’s time we grow up and start displaying some real interest in configuration matters.


The big hurdle to take is communication. Developers and IT pro’s speak different languages. On the developers side the framework docs don’t help, there are loads of samples, there is the SmtpPermission class but not a word on server configuration. No bridge to the world of ITpro. All you get is the exception which talks about relaying. And when you look up relay in the docs you’ll end up in SOAPheaders documentation. That doesn’t help either.


The actual configuration work itself is becoming easier and easier. When it comes to sending mail I found this post by Scott Guthrie on the system.net part of the web.config file. An example


</connectionStrings>

<system.net>
    <mailSettings>
        <smtp from=”me@spammer.net“>
        <network host=”localhost”/>
        </smtp>
    </mailSettings>
</system.net>

<system.web>


These settings are used by all smtpclients in your app. Including things like the password-recovery control which send a user a lost password. My code example can now even be simpler



private static void SendMailWithIIS(string subject, string body, string to)


{


    MailMessage message = new MailMessage();


    message.To.Add(to);


    message.Subject = subject;


    message.Body = body;


    message.BodyEncoding = System.Text.Encoding.ASCII;


    message.IsBodyHtml = true;


    message.Priority = MailPriority.Normal;


 


    SmtpClient smtp = new SmtpClient();


    smtp.Send(message);


}


The app will be easier to maintain as well. The ITpro guy can jump straight to the system.net settings in the web.config. No need to ask which appsetting holds the name of the mailserver. One reason less to talk ? Which would be a pity. We developers have to learn to live and write software in a restricted world and have to learn how to setup a real world development machine. ITpro’s can learn a lot from developers as well, but that’s a different subject.

This entry was posted in ASP.NET, Chatter. Bookmark the permalink. Follow any comments here with the RSS feed for this post.
  • http://codebetter.com/blogs/peter.van.ooijen/ pvanooijen

    Someone who understands both worlds and is willing to discuss matters is worth a fortune. I guess you have the best of job offerings :)

  • http://little.xmtp.net/blog/ Jay R. Wren

    This is why I value my years of experience as a Systems Administrator. I know how these things work. I understand and respect the security and the need for security. I understand the role and sometimes difficult job of the systems administrator and I can write my software to make his or her job easy.