Send-mail authentication

[SAPIENScripter]

I tried finding this information but can't so I'm wondering it it's just not available.  Can I configure Send-Mail to use authentication? Depending on the SMTP server, you may need to send authentication credentials or I may need to send credentials different than what I'm using to run PowerShell. If that can't be done now, I'd like to add it to the wish list.

[marco.shaw]

Good idea.  I checked the send-mail help, and I also checked the PSCX project and they don't mention SMTP auth either...

PSCX: http://www.codeplex.com/PowerShellCX

I did check nsoftware's netcmdlets and they support authentication...  If you're looking for something you need right now.

Nsoftware netcmdlets: http://www.nsoftware.com/powershell/default.aspx

[SAPIENScripter]

Personally, I don't need this feature.  However, I can easily imagine a situation where a small company outsources their mail, like Yahoo Small Business, and to send mail via the SMTP server requires authentication.  And it doesn't even have to be a small company for that matter, so adding authentication would be a useful enhancement.

[JuanC]

We are testing adding authentication through the -credentials approach. It works fine but I wonder if the fact that you cannot hardcode the password into a ps1 is a security feature or an annoyance. I have not checked the powershell documentation on credentials too deeply so I wanted to hear what you think

e.g.

send-mail -to foo@bar.com -subject "Subject test" -credentials MyUser

Then you would get the powershell standard credentials prompt.

JuanC

[SAPIENScripter]

I think the challenge is password security. You certainly never want to hard code a password into a script. The Get-Credential cmdlet appears to be only for Windows authentication. Which would probably work fine if you needed to authenticate using domain credentials.  However, it my scenario where you might have to authenticate to a Yahoo SMTP server that probably won't work.  You may not have many options other than letting the user enter username and password strings in clear-text, with the understanding that they are not secure.  It might be a revealing exercise to look at how a mail client like Thunderbird sends SMTP authentication credentials.

[JuanC]

In our current implementation, we are using -credentials and it works with an SMTP server that knows nothing about domains or windows authentication. We even tested an SMTP user named as a windows user but using a totally different password so we think the credentials approach should work with Yahoo SMTP. Also we should be adding SSL support in the next build.

Should we still allow the user to supply passwords in the script? We are trying to figure out where to draw the line between ease-of-use and allowing our users to be insecure.

Regards,

JuanC

[SAPIENScripter]

As much as I dislike the idea, I think you have to give the user the option to be insecure. There are shops where security sometimes takes a back seat to getting something done. The best you can do is provide an option and highlight the potential consequences. This really should only be an issue for a scheduled PowerShell task, which isn't such a widespread activity right now.