In Database Mail, I find this statement:
Database Mail is an enterprise solution for sending e-mail messages from the SQL Server Database Engine or Azure SQL Managed Instance. Your applications can send e-mail messages to users using Database Mail via an external SMTP server.
As I've been using Database Mail for over ten years, this is good to read.
However, apparently Database Mail uses the .NET SmtpClient class, which has not been kept up-to-date and even recommends "MailKit".
In Exchange Online / Deprecation of Basic Authentication, I find the following phrase:
SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022.
So the obvious question is whether SQL Database Mail with SmtpClient uses "SMTP AUTH" and therefore can still connect to Exchange without an SMTP relay.
Or if a relay is needed, would the built-in Windows Server SMTP relay be able to "upgrade" the credential exchange when connecting off-site?
We have Database Mail configured using an outlook.com account, so there are definitely cases where Database Mail can send to a Microsoft-controlled email server using SMTP.
Bottom line, do we need to know anything other than that SMTP AUTH is still available?
Related
I've been using Database Mail successfully for about ten years, but it seems that while mail protocols and security have moved forward, SQL Server Database Mail has not.
At a new company, I've spent a full work day already trying various credentials and parameters. The most recent release I have tested with is SQL Server 2019.
What I believe I need to know is how to configure SQL Server Database Mail to work with one of the following:
Office 365 or Exchange SMTP
Windows [Server] SMTP relay
In tests with GMAIL/SMTP, AT&T/SMTP and Earthlink/SMTP, all returned errors, and at least some of the error messages are clearly from the destination SMTP service and not the result of firewall or connectivity problems. For example:
The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 8 (2023-01-06T11:14:56). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.5.1 Authentication Required - ELNK003_308 - https://postmaster-earthlink.vadesecure.com/outbound_error_codes/#_308). )
Unfortunately, error 308 is not actually documented within the linked Earthlink page.
Looking into some available posts, I find that Database Mail is said to use the SmtpClient class, which in turn is pretty much obsolete, with recommendations to use MailKit. That's fine, but SQL Server Database Mail has apparently NOT been updated to use MailKit.
Returning to what I think are my choices are from above:
If I am to configure SMTP to Office 365 (we already have an account) or Exchange (if we have Exchange also), then what SMTP configuration parameters do I need to use with Database Mail and within Office 365?
=OR=
If I am to use Windows Server SMTP relay, then how do I configure the SMTP relay's OUTPUT mail to satisfy to the "modern" security requirements of Office 365, GMAIL, Earthlink or AT&T?
(I've used the Windows Server SMTP relay in years past, but only to offload the messages from SQL Server, not to satisfy security requirements)
Microsoft Report Server (SQL Server) allows connection to GMail through SMTP via user / password, but does not provide support for OAuth. Google has turned off "Less Secure App" access for non-Workspace clients, and at some point in the future will probably disable LSAs all together. While we are a Workspace client and have more time to figure this out, I'm looking for help / suggestions on how to continue using GMail to send our company reports once LSAs are no longer an option.
For instance, are there any downloadable mail server applications for Windows like hMailServer that support OAuth? Unfortunately hMailServer (which we currently use) does not have OAuth support.
On MSSQL 2012 and MSSQL 2016 I use database mail for sending informations from alerts, jobs, etc. I disabled public a private profile and only DBO can send emails from MSSQL. But I still fight with security audit, because their SW tell them that 'Database Mail XPs' is enabled.
Can I set 'Database Mail XPs' so that this functionality will enable only when the alert or similar functionality needs send email as DBO?
I get from security audit this message: The 'Database Mail XPs' setting determines whether or not Database Mail can be started on the server. Database Mail is a Microsoft SQL feature that provides the SQL Server Database Engine the ability to send e-mail messages. Email messages sent by the database may contain sensitive data. As a malicious user may exploit this capability to transfer data to systems outside the environment, this feature should be disabled/restricted as appropriate to the needs of the business. NOTE: By configuring the 'Database Mail XPs' option to "0" you can prevent the Database Mail utility from starting. If Database Mail is already running when setting the option to a value of "0", it will continue to run until being idle for the amount of time stipulated in the 'DatabaseMailExeMinimumLifeTime' option.
I have a report using SSRS 2008 R2, I want to subscribe to this report using the "email" option. I have configured the settings in the reporting services manager to use server as "smtp.gmail.com" and sender address as my gmail ID.
I also tried using the SMTP virtual server and relay it using smart host as "smtp.gmail.com". But I get the following error while sending email :
Failure sending mail: The transport failed to connect to the server.
I am using IIS 7 and Windows Server 2008. Following is the snippet of my rsreportserver.config file:
<SMTPServer>smtp.gmail.com</SMTPServer>
<SMTPServerPort>587
</SMTPServerPort>
<SMTPAccountName>
</SMTPAccountName>
<SMTPConnectionTimeout>
</SMTPConnectionTimeout>
<SMTPServerPickupDirectory>
</SMTPServerPickupDirectory>
<SMTPUseSSL>True
</SMTPUseSSL>
<SendUsing>2</SendUsing>
<SMTPAuthenticate></SMTPAuthenticate>
<From>myid#gmail.com</From>
Any help will be highly appreciated.
Thanks
I was having a problems getting SSRS 2017 to connect. I tried a dozen different suggestions and ended up with the following. I didn't need to setup the SMTP relay or SMTP service on the windows server.
Open Reporting Services Configuration Manager. Go to E-mail Settings >>>
Sender Address: [user]#gmail.com (or your G-Suite domain)
Current Delivery Method: Use SMTP server
SMTP Server: smtp.gmail.com
Authentication= "Username and password (basic)"
Username: [user]#gmail.com (or your G-Suite domain)
Password
Confirm Password
Use Secure Connection: Checked
Now go to the rsreportserver.config file. Mine was located at
C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\rsreportserver.config
Find the <SMTPServerPort> and set to 587
Save rsreportserver.config
You'll also need to enable "Less secure app access" in the Security section of your Google Account settings otherwise will throw authentication errors.
Having struggled with this for the past few hours I thought it might be valuable to share another method for anyone else still unable to configure an SSRS instance to send subscription emails via gmail using their smtp relay service.
For this example, my company uses Gmail Servers to host our own domain and I assume that you have access to the Admin Console on Google Apps.
Step 1 - Configure Gmail
Log into Google Apps with an Administrator Account
Go into the admin console
Select Apps > Gmail > Advanced Settings
Find SMTP Relay Service
Add New
Allowed Senders - Set to "Only Addresses In My Domains"
Authentication - Set to "Only Accept Mail From Specified IP"
Add the Public IP Range of the Server SSRS is running on
Leave TLS Encryption Unchecked
Leave SMTP Authentication Unchecked
Save
You should then have settings that look like this:
Allowed senders: Only addresses in my domains
Only accept mail from the specified IP addresses: Yes
Allowed IP addresses: (Your Description)
Require SMTP Authentication: No
Require TLS encryption: No
Step 2 - Configure SSRS
Go to SSRS Configuration Manager > Email Settings
Enter Sender address as email#yourgmaildomain.co.uk
Use SMTP Server
SMTP Server = "smtp-relay.gmail.com"
Following these steps will allow you to send emails using SSRS subscriptions without needing to set up your own relay server. Hope this helps some other poor sole from spending hours trying to figure it out!
REF:
https://support.google.com/a/answer/2956491?vid=1-635782669150538047-3380580329
From what I have read, it sounds like you might have to setup a local SMTP relay server that you send the email through, b/c SSRS requires that "The Report Server service must have Send As permissions on the SMTP server" and does not appear to give any options for entering a password. I am assuming the SSRS subscription email setup only works using Windows authentication since it uses the SSRS Service, but the configuration documentation is vague. (http://technet.microsoft.com/en-us/library/ms345234(v=sql.105).aspx )
Here is a link that shows how to setup the SMTP relay server http://www.vsysad.com/2012/04/setup-and-configure-smtp-server-on-windows-server-2008-r2/
Here are the steps you'll need to do differently.
Item 19, choose Basic Authentication, enter your gmail account info, and make sure TLS encryption is checked.
Item 21, enter your server name as the Fully-qualiified domain name. Enter "smtp.google.com" as the "Smart host".
Then specify the SMTP server you just created above in your SSRS SMTP configuration.
You probably also need to enable POP3 on your gmail account if you have not already. https://support.google.com/mail/answer/13273?cbid=wl8yzeug2lob&src=cb&lev=topic
I am trying to set up an XMPP server, such that users of my service can communicate with XMPP users of other services. I have two requirements
1) Users of other services must still be able to use whatever client and chat service they are currently using, such as the gmail web client, to talk to my clients.
2) The communication must be encrypted when sent between client and server and server and server. (The later is more difficult)
I setup an XMPP server and federated with gmail, and found that the server to server communications was not encrypted. I next federated my XMPP server with jabber.org, and the connection from my server to jabber.org was encrypted, giving me confidence that my server configuration was correct. Is there any way to encrypt the communication between my XMPP server and Google's Are there any XMPP servers that support TLS with Google Presuming this is not currently supported by Google, are their plans to add TLS on server to server communications in the future? When is it expected?
In lieu of encrypted server to server communications, are there other possibilities (given the above requirements)? Would a Google app engine application have encrypted communication between the gmail server and my Google app engine app and also satisfy the first requirement?
For the communication server to server, you can use AES to encrypt all the communication, and for the password, you can send it with RSA. If you are using python you can use pycrypto, although to test it in the development server have to install that library.
About the client and server comunitacion I'm not sure if you can use the same encryption.