May 16 2023 04:01 AM - edited May 16 2023 04:06 AM
Hi all,
I'm trying to send emails using MgGraph and Modern Authentication and somehow this fails.
The sender receives an auto-respond from Exchange saying;
Diagnostic information for administrators:
Generating server: AS8PR08MB9314.eurprd08.prod.outlook.com
<from address>
Remote server returned '550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP. For more information please go to http||go.microsoft.com/fwlink/?LinkId=526653 AS(7230) [AS1PR08MB7586.eurprd08.prod.outlook.com 2023-05-14T09:19:00.773Z 08DB542B00E328F8]'
Original message headers:
Received: from AS8PR08MB9314.eurprd08.prod.outlook.com([fe80::4599:1fd:9e8d:8974]) by AS8PR08MB9314.eurprd08.prod.outlook.com ([fe80::4599:1fd:9e8d:8974%6]) with mapi id 15.20.6387.029; Sun, 14 May 2023 09:19:00 +0000
MIME-Version: 1.0
Content-Type: text/plain
Date: Sun, 14 May 2023 09:19:00 +0000
Message-ID: [email address removed for privacy reasons] Subject: OAuth Mail Sent from PowerShell via App
Let me explain what I'm doing;
I have a script that is using Graph API to send the email. This script is authenticating with a certificate (self-signed on my laptop and added to the App Registration earlier) on an AD Application that has Graph API Mail.Send permissions.
The Graph POST is successful, but Exchange immediately sends back the above NDR.
Install-Module MSAL.PS
Import-Module MSAL.PS
$appName = "MailSendingTestApp"
$appRegistration = @{
TenantId = "xxx.onmicrosoft.com"
ClientId = "<app-id>"
ClientCertificate = (Get-ChildItem Cert:\CurrentUser\My | Where-Object {$_.Subject -eq ('CN={0}' -f $appName)})
}
$msalToken = Get-MsalToken @appRegistration -ForceRefresh -AzureCloudInstance 1
$fromEmailAddress = "email address removed for privacy reasons"
$requestBody = @{
"message" = [PSCustomObject]@{
"subject" = "OAuth Mail Test"
"body" = [PSCustomObject]@{
"contentType" = "Text"
"content" = "Hello this is a test"
}
"toRecipients" = @(
[PSCustomObject]@{
"emailAddress" = [PSCustomObject]@{
"address" = "email address removed for privacy reasons"
}
}
)
}
"saveToSentItems" = "true"
}
$request = @{
"Headers" = @{Authorization = $msalToken.CreateAuthorizationHeader() }
"Method" = "Post"
"Uri" = "https || graph.microsoft.com/v1.0/users/$fromEmailAddress/sendMail "
"Body" = $requestBody | ConvertTo-Json -Depth 5
"ContentType" = "application/json"
}
Invoke-RestMethod @request
Googling led me to a post that links to a MS article that says; "This error can happen when you are trying out a Microsoft 365 trial tenant. If you receive this error before you can purchase licenses, contact support to request an exception for the low reputation IP address until you're able to purchase licenses."
My tenant is licensed with Microsoft 365 E5 Developer (part of the Visual Studio benefit that comes with our partner account).
What could be going wrong here? Do I need to contact Microsoft here or start pulling my wallet?
Hope someone can help.
Cheers!
May 16 2023 12:14 PM
Try to check SPF Record and add MgGraph to it, and also check connection filter policy if enabled
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! :) |
May 17 2023 07:43 AM
May 17 2023 02:17 PM
Hi @chanlerone
Here is an example on how to do it
https://blog.icewolf.ch/archive/2022/03/15/simple-example-of-sending-mail-via-microsoft-graph/
More Examples with Graph
More Examples with MgGraph
Regards
Andres
May 19 2023 03:03 AM