Powershell – Sending unauthenticated mail through MS Exchange with powershell (Windows Server 2008 R2)

exchange-2010powershellwindows-server-2008-r2

I'm trying use Task Scheduler to run a powershell script and emails the output of a few commands. I'm using "Send-MailMessage" to do this. When I run the scheduled task with a domain admin account, I receive the emails just fine, but when I use a service account, the emails do not come through.

The service account I am using has both "Logon as a Service" and "Log on as Batch Job". It also has local admin rights on the server I am running this from.

Something to note: I have used telnet to send email through the SMTP server I am using and was able to send an unauthenticated email, so the problem is not an authentication problem with the SMTP server.

What credentials am I missing on this service account? Is there anything else I could be missing?

Thanks for the help!

Best Answer

When you submit an email through telnet and choose not to authenticate, the server assumes that you are anonymous (aka the well-known NT AUTHORITY\Anonymous logon or S-1-5-7).

When Send-MailMessage submits an email, it will ALWAYS try to authenticate the session. If a set of credentials is not specified, it will assume that the current users network credentials is to be used, and authenticates as the service account running the PowerShell script.

The service account is neither anonymous, an Exchange User nor an Exchange Organization Administrator and will not be permitted to submit the email.

The work around this, you'll need a PSCredential object:

$anonUsername = "anonymous"
$anonPassword = ConvertTo-SecureString -String "anonymous" -AsPlainText -Force
$anonCredentials = New-Object System.Management.Automation.PSCredential($anonUsername,$anonPassword)

Send-MailMessage -to "Big Boss <ceo@example.com>" -from "Me <advis12@example.com>" -subject "It's working! EOM" -credential $anonCredentials

Now your script is sending mails anonymously as well :-)

Another (and more secure) option is to give the service account in question the required permissions on a receive connector:

$RC = Get-ReceiveConnector "ConnectorNameGoesHere" 
$RC | Add-ADPermission -User "DOMAIN\ServiceAcc01" -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

If you need to transfer files that will potentially be removed by content filtering or the likes you can also allow it to bypass anti-spam mechanisms:

$RC | Add-ADPermission -User "DOMAIN\ServiceAcc01" -ExtendedRights ms-Exch-Bypass-Anti-Spam

If you want it to send emails to recipients outside your own Exchange Organization you'll need to allow that as well:

$RC | Add-ADPermission -User "DOMAIN\ServiceAcc01" -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient

Related Solutions

ASP.NET sending email through exchange problem

You need to give more details about your application. Are you trying to send authenticated email or anonymous email? Are all your websites that were running on Windows 2003 no longer working with the exchange mail server or is it just one specific site?

You might want to check out http://www.systemwebmail.com/default.aspx as they may have a programmable solution for you. I don't recommend running any kind of website on an exchange server regardless of how heavy or light the usage may be.

Some simple things to check: firewall ports, any updates/patches applied to the exchange server and/or web server that may affect ports, check logs on both the web/exchange server, etc. etc. It would probably be easier to step-through your web application in visual studio using breakpoints to see what exactly is going on in the application, but I would try first to diagnose whether this is an application problem vs. non-application problem.

Is this a custom ASP.NET application or a vendor solution? I think you need to read this page (http://www.systemwebmail.com/faq/4.1.aspx#4.1) and try to determine some of the factors contributing to this issue.

PowerShell script not completing what it should do when scheduled with Windows Task Scheduler

You need to Set-ExecutionPolicy so that the account running the scheduled task is allowed to execute PowerShell scripts:

Set-ExecutionPolicy -Scope LocalMachine Unrestricted

As per the help file for Set-ExecutionPolicy, a scope of LocalMachine sets the policy for all users of that computer. As opposed to if you just Set-ExecutionPolicy Unrestricted from your own user account, it only sets that policy for your own user account. Furthermore, there are also separate policies for 32-bit and 64-bit versions of PowerShell.

And if Set-ExecutionPolicy -Scope LocalMachine Unrestricted is too much of a security compromise to you, you could set it just for that one user by logging in as that user and doing it, or executing a process under that user's security context and setting the policy for that user.

Oh, and well, this probably doesn't need to be said, but we can't know if the user you've assigned to this scheduled task has the permissions necessary to delete stuff from those UNC paths.

Best Answer

Related Solutions

ASP.NET sending email through exchange problem

PowerShell script not completing what it should do when scheduled with Windows Task Scheduler

Related Topic