Jump to content
Software FX Community

Send-mail authentication


SAPIENScripter
 Share

Recommended Posts

I tried finding this information but can't so I'm wondering it it's just not available.  Can I configure Send-Mail to use authentication? Depending on the SMTP server, you may need to send authentication credentials or I may need to send credentials different than what I'm using to run PowerShell. If that can't be done now, I'd like to add it to the wish list.

Link to comment
Share on other sites

Good idea.  I checked the send-mail help, and I also checked the PSCX project and they don't mention SMTP auth either...

PSCX: http://www.codeplex.com/PowerShellCX

I did check nsoftware's netcmdlets and they support authentication...  If you're looking for something you need right now.

Nsoftware netcmdlets: http://www.nsoftware.com/powershell/default.aspx

Link to comment
Share on other sites

Personally, I don't need this feature.  However, I can easily imagine a situation where a small company outsources their mail, like Yahoo Small Business, and to send mail via the SMTP server requires authentication.  And it doesn't even have to be a small company for that matter, so adding authentication would be a useful enhancement.

Link to comment
Share on other sites

We are testing adding authentication through the -credentials approach. It works fine but I wonder if the fact that you cannot hardcode the password into a ps1 is a security feature or an annoyance. I have not checked the powershell documentation on credentials too deeply so I wanted to hear what you think

e.g.

send-mail -to foo@bar.com -subject "Subject test" -credentials MyUser

Then you would get the powershell standard credentials prompt.

JuanC

Link to comment
Share on other sites

I think the challenge is password security. You certainly never want to hard code a password into a script. The Get-Credential cmdlet appears to be only for Windows authentication. Which would probably work fine if you needed to authenticate using domain credentials.  However, it my scenario where you might have to authenticate to a Yahoo SMTP server that probably won't work.  You may not have many options other than letting the user enter username and password strings in clear-text, with the understanding that they are not secure.  It might be a revealing exercise to look at how a mail client like Thunderbird sends SMTP authentication credentials.

Link to comment
Share on other sites

In our current implementation, we are using -credentials and it works with an SMTP server that knows nothing about domains or windows authentication. We even tested an SMTP user named as a windows user but using a totally different password so we think the credentials approach should work with Yahoo SMTP. Also we should be adding SSL support in the next build.

Should we still allow the user to supply passwords in the script? We are trying to figure out where to draw the line between ease-of-use and allowing our users to be insecure.

Regards,

JuanC

Link to comment
Share on other sites

As much as I dislike the idea, I think you have to give the user the option to be insecure. There are shops where security sometimes takes a back seat to getting something done. The best you can do is provide an option and highlight the potential consequences. This really should only be an issue for a scheduled PowerShell task, which isn't such a widespread activity right now.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...