Getting started with Office 365 PowerShell | Playing with the Get-mailbox on screen display output | Part 2#4
In the current article, we will review how to use the famous PowerShell “Get” command…
In the following two article series, we review the subject of – how to use a “Send E-mail PowerShell script,” that will use Office 365 mail server as his mail server. The most common use of using “Send E-mail PowerShell script” are
Generally speaking, there are two major options in which we address the Office 365 mail infrastructure
1. Anonymous SMTP session
2. Authenticated SMTP or TLS session.
Before starting with the exact instruction about how to create the required “Send E-mail PowerShell script” let’s briefly review the method in which client can address the Office 365 mail services.
When we want to address the Office 365 mail server (Exchange Online), we can use one of the following methods:
A method, in which we the PowerShell script addresses the Office 365 mail server using SMTP session (non-encrypted session).
The SMTP session is created using an Anonymous connection.
The meaning of ” Anonymous connection ” is that the side that addresses the Office 365 mail server (the PowerShell script), doesn’t provide any user credentials.
The main benefit of this method is that we are avoiding from the procedure of providing user credentials. The need for providing credential is “blinded” to other tasks such as the need for securing the credentials and so on.
The main disadvantages of using Anonymous connection are that the mail server cannot trust the sender because the sender appears anonymous.
Most of the time, the E-mail that will be sent by the PowerShell script will Identify as Spoof email because – the Office 365 recipient E-mail address that we use as the “sender address” is not authenticated.
Addition disadvantages are, that when using “anonymous session,” we cannot send E-mail to “external recipient” meaning, recipients whom their E-mail address is not hosted by the Exchange Online server which hosts our domain.
The solution for this problem can be implemented by creating Exchange Online incoming mail connector or define ten E-mail addresses of the sender in the whitelist of allowed senders.
A method, in which the PowerShell script addresses the Office 365 mail server, using TLS session (encrypted session) + providing user credentials (authenticated session).
Securing the communication channel – when using TLS protocol, the communication channel between the host who sends the E-mail and the Office 365 mail server is encrypted.
Authenticated session – the main advantage of this method is that when we provide the Office 365 recipient credentials, the Exchange Online relates to the “sender” as a trusted sender.
For this reason, we don’t need to add an additional configuration setting on the Exchange Online server side and also, we can send the E-mail to external recipients who are not hosted on the Exchange Online server.
In case that we want to use “Send E-mail PowerShell script” as a scheduled task, we will need to find a solution in which the PowerShell script can access the required credentials that store in a file.
Keeping user credentials such as a password in a not secured format is bad practice!
Although we can add the password to a non-protected text file (the PowerShell file), this option is not recommended.
The solution for this “security needs,” will be implemented by a method, in which we create an encrypted password file, and instruct the “Send mail PowerShell script” to access the encrypted file and fetch the required password from this file.
The procedure in which we need to encrypt the credentials, consider as more complicated versus the scenario in which we use SMTP session without credentials.
In this section, we review how to create a “Send E-mail PowerShell script,” that will address the Office 365 as a -mail server.
In this scenario, we will create a standard SMTP session, and we will not provide any user credentials (anonymous connection).
The tasks that we need to complete are as follows:
Before we run the “Send mail PowerShell script,” we will need to make sure that the following requirements implemented:
1. PowerShell console and Set-ExecutionPolicy
By default, the PowerShell console doesn’t allow to run a PowerShell script.
In case that we didn’t use in the past the existing PowerShell console for running PowerShell script, we will need to configure the PowerShell console to “allow” PowerShell script execution.
In case that you need instruction reading how to enable the PowerShell script execution, you can use the instruction in the following Section
2. Network Firewall and outbound communication
The communication channel to the Exchange Online server based on port 25.
We will need to verify that our network Firewall, include a rule that enables our desktop to implement SMTP session (port 25) with the Office 365 mail server.
3. Dynamic versus static IP Address
In case that you run the “Send E-mail PowerShell script” from a desktop that uses “dynamic Public IP address” such as Home network, the Office 365 mail server (Exchange Online) will not accept the communication requests.
You will need to use a host who located on a network that uses a static IP address for representing internal hosts.
To be able to demonstrate the way that we use “Send E-mail PowerShell script” for sending
E-mail via the Office 365 mail server (Exchange Online), we will use the following scenario:
The Office 365 recipients whom we will use his credential is –email@example.com
Source sender and destination recipient
In our scenario, we will use the following recipients:
Office 365 mail infrastructure
In the Office 365 environment, if we want to use a non-authenticated session with Office 365 mail server, we will need to locate the host name of the Exchange Online that represents our public register domain in Office 365.
Note – we will review how to get the information about the Exchange Online host name in the next section.
To be able to get the hostname of the Office 365 mail server that represents our public domain name, we will use the Office 365 management portal.
In our scenario, we will select to view the setting of the domain name – o365info.com by double-click on the selected domain name.
In the following screenshot, we can see the DNS setting of the o365info.com domain.
We will copy the information about the hostname who appears in the MX record.
In our scenario, the host name of the Exchange Online that represents our domain is – o365info2.mail.protection.outlook.com
To be able to send E-mail using PowerShell, we will use the PowerShell command-
The “Send mail PowerShell script” is created using the following PowerShell syntax:
Send-MailMessage –From <sender> –To <recipient> –Subject “<Subject>" –Body “<Subject>" -SmtpServer <SMTP server> -Port <port number>
In our scenario, we will use the PowerShell command syntax using the following parameters:
Send-MailMessage –From firstname.lastname@example.org –To email@example.com –Subject “Test Email” –Body “Test SMTP Relay Service” -SmtpServer o365info2.mail.protection.outlook.com -Port 25
To create the PowerShell script, we can use any text editor.
In our example, we use the notepad.
We will copy the following information to the text file:
The PowerShell command syntax includes the following parts:
Saving the PowerShell script file
The next step is – saving the text file as a PowerShell script.
We use notepad for creating the PowerShell script.
In our scenario, we will name the PowerShell script – Sendmail-smtp.ps1
In our scenario, we save the “Send E-mail PowerShell script” in the script folder, that we have created in drive C:
Running PowerShell script | First time configurations
By default, the PowerShell console will prevent us from running the PowerShell script.
To be able to run the PowerShell script, we will need to set the default PowerShell exaction policy.
To be able to update the existing PowerShell exaction policy, we need to run the PowerShell console as Administrator.
A pop out window appears, asking from us to approve the “run as administrator” task
Run the following PowerShell command
Task 2#2 – Running the “Send mail PowerShell script”
We will run the “Send mail PowerShell” from the PowerShell console, by using the following commands:
Type the following command: cd c:\script
To execute the PowerShell script, we can write the full name of the
script – Sendmail-smtp.ps1 or use the PowerShell autocomplete feature.
For example, to call a PowerShell script we need to write the following characters – .\ , type the first letter of the PowerShell script (“s“) and hit the Tab key.
After “hitting” the TAB key, The PowerShell consoles, we complete the rest of the PowerShell script name by himself.
To verify if the E-mail message successfully sent, we will login to the admin mailbox using OWA mail client.
In the following screenshot, we can see that the E-mail successfully sent to the destination recipient, but it’s important to emphasize that the E-mail sent to
the junk mail folder.
This is an expected result because as mentioned, the PowerShell script uses the identity of Office 365 recipient (firstname.lastname@example.org). Because the PowerShell script didn’t provide any user credentials, Exchange Online considers the E-mail message as a ” suspicious E-mail” and for this, reason stamps the E-mail as Junk!
If you want to avoid this scenario, it’s recommended to create an Exchange Online Connector which will identify the “source sender” by his public IP address.
You can read more about this configuration is the article-Send mail to Exchange Online using standard SMTP session | Part 2#4