Send-MailMessage : The SMTP server requires a secure connection... The server response was: 5.5.1 Authentication Required.

Question

Alright so as the title says, I get this error when trying to send email via PowerShell:

Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.

I have looked at numerous questions related to the same issue. But I can't seem to make my script work:

    #Email alerts when a user gets locked out
##############################################################################
$pass = Get-Content .\securepass.txt | ConvertTo-SecureString -AsPlainText -Force
$name = "[email protected]"
$cred = New-Object System.Management.Automation.PSCredential($name,$pass)
##############################################################################
$From = "[email protected]"
$To = "[email protected]"
$Subject = "User Locked Out"
$Body = "A user has been locked out of his/her account."
$SMTPServer = "smtp.gmail.com"
$SMTPPort = "587"

Send-MailMessage -From $From -to $To -Subject $Subject `
-Body $Body -SmtpServer $SMTPServer -port $SMTPPort `
-Credential $cred -UseSsl
##############################################################################

I have logged into the Gmail account from the machine that will be running the script. I have also enabled Access for less secure apps from the Google account manager. I do get this to work just fine if I prompt for the credentials using the -Credential (Get-Credential) instead of calling for the $cred variable.

Is there something I am missing?

Thanks, Dan

Answer 1

I found my answer after looking at my passwords file content, thanks to Angsgar. The securepass.txt had the encrypted contents inside, not plaintext. What I did was replace it with the actual password that will then be encrypted when setting my $pass variable. All is good now!

Answer 2

If the file contains the encrypted password it's better to read it like this (without the parameters -AsPlainText and -Force):

$pass = Get-Content .\securepass.txt | ConvertTo-SecureString

Demonstration:

PS C:\> $sec = 'foobar' | ConvertTo-SecureString -AsPlainText -Force
PS C:\> $sec
System.Security.SecureString
PS C:\> $txt = $sec | ConvertFrom-SecureString
PS C:\> $txt
01000000d08c9ddf0115d1118c7a00c04fc297eb01000000615ce070639b9647a5e05d42b41d373
0000000000200000000001066000000010000200000001614c19281e7c0b076cceb38e284b0f18b
c0d813ea40ed055dde96fd9ccb6977000000000e8000000002000020000000a10c7019eb224c3c6
387ba03bcd94993a50e0c468248284bbce4d235b11f1b94100000002421a5d7102de13c46ccc1db
c4921287400000000412332ecb500828f4403f3e225089c629369744bad62609b528ed0a7318abf
512c9b6a8884c43b3adc8a13d5d21a9ed27e56702bcc7db094da9d9d4c02dfa74
PS C:\> $sec2 = $txt | ConvertTo-SecureString
PS C:\> $sec2
System.Security.SecureString
PS C:\> $cred = New-Object Management.Automation.PSCredential 'foo', $sec2
PS C:\> $cred.GetNetworkCredential().Password
foobar

Beware though that encryption of secure strings is tied to the user and host encrypting them, meaning you can't decrypt a secure string on another host or as another user.

Answer 3

Ansgar's answer is a good generic answer, but for Google, they have multiple SMTP servers that you can use. smtp.google.com requires authentication, but not all of them do.

From Google's doc, if your site is a G Suite site and you will always be sending from a specific IP address, you can specify the address in G Suite configuration and then use the G Suite SMTP relay at smtp-relay.gmail.com. This is only available to G Suite users, and requires either authentication or a static IP. At our site, we have an internal SMTP server that we use for these sorts of emails which relays to Google's G Suite SMTP relay server.

If you are sending email only to Google or G Suite addresses, you can specify aspmx.l.google.com as your SMTP address. This is known as the restricted Gmail SMTP server.