none
Sending an email using PowerShell from a scheduled task RRS feed

  • Question

  • Hi,

    I have a scheduled task setup in the windows task schedlar that runs a powershell script. This script should send out an email on completion. I'm using the Send-MailMessage CmdLet

    Send-MailMessage -SmtpServer "xxx" -From "MyServiceAccount@example.com" -To "me@example.com"  -Subject "Hello!" -Body "That's it"

    This results in an error:
    Send-MailMessage : Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender

    The task is set up to run as the service account behind MyServiceAccount@example.com. And is marked as "Run with highest privileges". The strange part is that it works if I use an Invoke-Command to localhost, like:

    Invoke-Command -ComputerName localhost -ErrorAction Continue -ScriptBlock { 
       Send-MailMessage -SmtpServer "xxx" -From "MyServiceAccount@example.com" -To "me@example.com"  -Subject "Hello!" -Body "That's it"
    }

    Please note that there is no Credential on the Invoke-Command. As I understand it it the two Send-MailMessage should be running under the same account. If I check $env:USERNAME just before, it is also the same for both. I have a simple script with both variants:

    Invoke-Command -ComputerName localhost -ErrorAction Continue -ScriptBlock { 
        Send-MailMessage -SmtpServer "xxx" -From "MyServiceAccount@example.com" -To "me@example.com"  -Subject "Hello 1!" -Body "That's it"
    }
    Send-MailMessage -SmtpServer "xxx" -From "MyServiceAccount@example.com" -To "me@example.com"  -Subject "Hello 2!" -Body "That's it"

    I receive the email "Hello 1!" but the other command gives the error above. I can of cause go ahead an use the version with Invoke-Command. But as I don't understand it, it feels a bit obscure, and I don't like working with obscure... If anyone out there can explain this to me that would be much appreciated!

    Thanks


    • Edited by Emble Wednesday, June 8, 2016 6:19 PM
    Wednesday, June 8, 2016 6:17 PM

Answers

  • Ok, one of my colleagues found the problem. @Dave, you where actually close, and I don't know why your suggestion didn't work. Our Exchange server was supposed to only allow users sending from specifically allowed mailboxes, but a configuration error allowed anonymous users to send as everyone. I assumed that Invoke-Command without credentials would run in the same context as where it was called, but that is not the cased. If it is not explicitly allowed to take the current credentials, it apparently runs as anonymous. That was why it was working with Invoke-Command: a configuration error for anonymous users on the exchange server.
    • Marked as answer by Emble Thursday, June 9, 2016 12:18 PM
    Thursday, June 9, 2016 12:18 PM

All replies

  • The service account does not have a mailbox.  Only users with mailboxes can send mail.

    \_(ツ)_/

    Wednesday, June 8, 2016 6:24 PM
  • I believe you will need to add something like this at the beginning of you script

    $pass = ConvertTo-SecureString "anytext" -asplaintext -force
    $creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "NT AUTHORITY\ANONYMOUS LOGON", $pass

    and then on your Send-MailMessage command add -Credential $creds


    Dave Barker


    • Edited by DaveBarker19 Wednesday, June 8, 2016 7:52 PM Typo
    Wednesday, June 8, 2016 7:52 PM
  • @jrv, But if it didn't have a mailbox, both versions would fail. As I write, I am able to send an email if I wrap it in an Invoke-Command.
    • Edited by Emble Thursday, June 9, 2016 7:23 AM
    Thursday, June 9, 2016 7:18 AM
  • @Dave, that is not working either. The anonymous logon doesn't have permission to send emails on behalf of others (in our setup at least). I don't understand why it should work either - could you please explain the reasoning behind it?
    Thursday, June 9, 2016 7:29 AM
  • By default on Exchange, if you are sending from a domain joined machine and the from: and to: address are internal then it will send the mail. There is no mailbox required however if the from: and/or to: address is not and internal exchange mailbox then you would need to add the IP address of the machine as a allowed relay.

    Dave


    Dave Barker

    Thursday, June 9, 2016 9:54 AM
  • @Dave, Ok. In my case both addresses are internal, but Exchange is configured to only allow you to send from your own mailbox even in this case.
    Thursday, June 9, 2016 10:04 AM
  • Ok, one of my colleagues found the problem. @Dave, you where actually close, and I don't know why your suggestion didn't work. Our Exchange server was supposed to only allow users sending from specifically allowed mailboxes, but a configuration error allowed anonymous users to send as everyone. I assumed that Invoke-Command without credentials would run in the same context as where it was called, but that is not the cased. If it is not explicitly allowed to take the current credentials, it apparently runs as anonymous. That was why it was working with Invoke-Command: a configuration error for anonymous users on the exchange server.
    • Marked as answer by Emble Thursday, June 9, 2016 12:18 PM
    Thursday, June 9, 2016 12:18 PM
  • The method that I gave would only work in a default Exchange Configuration.

    Dave


    Dave Barker

    Thursday, June 9, 2016 3:05 PM