Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This section illustrates the NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension with an example scenario in which an SMTP client successfully authenticates to an SMTP server using NTLM.
Figure 4: SMTP client successfully authenticating to SMTP server
The client sends an EHLO to the server. This command is specified in [RFC2821].
EHLO test.com
The server responds with an EHLO-Response (including the EHLO-keyword AUTH) to indicate that the authentication is supported. Among the parameters to the AUTH EHLO-response keyword is the keyword "NTLM", indicating that NTLM authentication is available.
250-exch-cli-66 Hello [127.0.0.1] 250-AUTH GSSAPI NTLM 250-TURN 250-SIZE 2097152 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-VRFY 250 OK
The client then sends the SMTP AUTH command, SMTP_AUTH_NTLM_Initiation_Command, initiating auth. In this example, the AUTH command being sent is without the optional [initial-response] data.
AUTH NTLM
The server sends the SMTP_NTLM_Supported_Response message, indicating that it can perform NTLM authentication.
334 ntlm supported
The client sends an SMTP_AUTH_NTLM_BLOB_Command message containing a base64-encoded NTLM NEGOTIATE_MESSAGE.
TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==
The server sends an SMTP_AUTH_NTLM_BLOB_Response message containing a base64-encoded NTLM CHALLENGE_MESSAGE.
334 TlRMTVNTUAACAAAAFgAWADgAAAA1goriZt7rI6Uq/ccAAAAAAAAAAGwAbABOAAA ABQLODgAAAA9FAFgAQwBIAC0AQwBMAEkALQA2ADYAAgAWAEUAWABDAEgALQBDAEwASQ AtADYANgABABYARQBYAEMASAAtAEMATABJAC0ANgA2AAQAFgBlAHgAYwBoAC0AYwBsA GkALQA2ADYAAwAWAGUAeABjAGgALQBjAGwAaQAtADYANgAAAAAA
The client sends an SMTP_AUTH_NTLM_BLOB_Command message containing a base64-encoded NTLM AUTHENTICATE_MESSAGE.
TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABYAFgBIAAAACAAIAF4AAAAWABYAZgA AABAAEACsAAAANYKI4gUCzg4AAAAPZQB4AGMAaAAtAGMAbABpAC0ANgA2AHQAZQBzAH QARQBYAEMASAAtAEMATABJAC0ANgA2AAZKkK42dvN2AAAAAAAAAAAAAAAAAAAAABvqC ZdJZ0NxuuMaNT5PPn5aZ6imuk9cPZkPUjEYNIRezkCGmTwS5G0=
The server sends an SMTP_AUTH_NTLM_Succeeded_Response message.
235 2.7.0 Authentication successful