Forum Discussion

remberme's avatar
remberme
Copper Contributor
Jul 08, 2021

Client authentification failure while sending email from office365 account via powershell

Hi I'm trying to send email from office365 account in powershell, but got client not authenticated failure:

 

 

Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail.

 

I have tried powershell native "Send-MailMessage" and MailKit and got same errors. Really need your help to figure out the problem. Thanks!

 

  • The regular way to do this when using modern authentication with MFA would be to allow ‘app passwords’. There are other ways, which I would not recommend, because they potentially lower the security posture.

     

    https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

     

    If that doesn't work or is not allowed in your tenant, other methods may include:

    * Disabling MFA (not recommended)

    * If MFA is enabled using Azure AD Conditional Access, exclude this user for specifically SMTP from the Azure AD Conditional Access policy

    * If you're using Security Defaults within your Microsoft 365 tenant, legacy authentication is blocked by default and can't be bypassed unless you disable Security Defaults

    * You can use the Graph API for sending out e-mail programatically (Send mail - Microsoft Graph v1.0 | Microsoft Docs)

  • pvanberlo's avatar
    pvanberlo
    Steel Contributor
    Can you provide the exact PowerShell command you’re using including the parameters you’re setting? Of course edit any potential sensitive info.
    • remberme's avatar
      remberme
      Copper Contributor

      pvanberlo, I'm trying commands below. Now I can use it or MailKit to send email after turning off the Authenticator approval. How can I achieve it when authenticator is turning on?

      $cred = Get-Credential
      $mail = @{
      SmtpServer = 'smtp.office365.com'
      Port='587'
      UseSSL=$true
      From='user@domain'
      To='targetuser@emailserver'
      Subject='subject'
      Body='body'
      }
      Send-MailMessage @mail # or Use MailKit, see https://adamtheautomator.com/powershell-email/

       

      • pvanberlo's avatar
        pvanberlo
        Steel Contributor

        The regular way to do this when using modern authentication with MFA would be to allow ‘app passwords’. There are other ways, which I would not recommend, because they potentially lower the security posture.

         

        https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

         

        If that doesn't work or is not allowed in your tenant, other methods may include:

        * Disabling MFA (not recommended)

        * If MFA is enabled using Azure AD Conditional Access, exclude this user for specifically SMTP from the Azure AD Conditional Access policy

        * If you're using Security Defaults within your Microsoft 365 tenant, legacy authentication is blocked by default and can't be bypassed unless you disable Security Defaults

        * You can use the Graph API for sending out e-mail programatically (Send mail - Microsoft Graph v1.0 | Microsoft Docs)

  • yuzoyox's avatar
    yuzoyox
    Iron Contributor

    remberme 

     

    I tested using outlook of my personal email. Try to fill with 365 SMTP:

    $cred = Get-Credential
    $SMTPServer = "smtp-mail.outlook.com"
    $Port = "587"
    $From = "user@domain"
    $To = "targetuser@emailserver”
    $Subject = "subject"
    $Body = "Body"
    Send-MailMessage -From $From -to $To -Subject $Subject -Body $Body -BodyAsHtml -SmtpServer $SMTPServer -Port $Port -UseSsl -Credential $cred 

     

     

  • Laila_Taik's avatar
    Laila_Taik
    Copper Contributor
    I have the same problem, I'm trying to respond to my Outlook emails but it return back to me. Please help

Resources