Why does sending an email message from PowerShell with the Send-MailMessage command using the flag -Port 587 produce an error.

Command:

Send-Mailmessage -smtpServer mail.server.com -Port 587 -from "admin@domain.com" -to "user@domain.com" -subject "Test" -body "Test"

Error Message:

Send-Mailmessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first

The PowerShell documentation says adding -UseSSL should specify that a STARTTLS command be sent, but even adding this flag may not resolve your issues.

Command:

Send-Mailmessage -smtpServer mail.server.com -Port 587 -UseSsl -from "admin@domain.com" -to "user@domain.com" -subject "Test" -body "Test"

Eror message:

Send-Mailmessage : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

Some SMTP servers may have been hardened to only accept TLS 1.2 for negotiating STARTTLS. In many cases Windows is configured to send TLS 1.0 by default when -UseSSL is specified.

To force Send-MailMessage to use TLS 1.2 it is necessary to add a line to the script before executing the Send-MailMessage:

Either enter:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

or

[System.Net.ServicePointManager]::SecurityProtocol = 'TLS12'