4.1 SMTP Client Successfully Authenticating to an SMTP Server

This section illustrates the NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension with an example scenario in which an SMTP client successfully authenticates to an SMTP server using NTLM.

Figure 4: SMTP client successfully authenticating to SMTP server

1. The client sends an EHLO to the server. This command is specified in [RFC2821].

    EHLO test.com
   

2. The server responds with an EHLO-Response (including the EHLO-keyword AUTH) to indicate that the authentication is supported. Among the parameters to the AUTH EHLO-response keyword is the keyword "NTLM", indicating that NTLM authentication is available.

    250-exch-cli-66 Hello [127.0.0.1]
    250-AUTH GSSAPI NTLM
    250-TURN
    250-SIZE 2097152
    250-ETRN
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-8bitmime
    250-BINARYMIME
    250-CHUNKING
    250-VRFY
    250 OK
     
   

3. The client then sends the SMTP AUTH command, SMTP_AUTH_NTLM_Initiation_Command, initiating auth. In this example, the AUTH command being sent is without the optional [initial-response] data.

    AUTH NTLM
   

4. The server sends the SMTP_NTLM_Supported_Response message, indicating that it can perform NTLM authentication.

    334 ntlm supported
   

5. The client sends an SMTP_AUTH_NTLM_BLOB_Command message containing a base64-encoded NTLM NEGOTIATE_MESSAGE.

    TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==
   

6. The server sends an SMTP_AUTH_NTLM_BLOB_Response message containing a base64-encoded NTLM CHALLENGE_MESSAGE.

    334 TlRMTVNTUAACAAAAFgAWADgAAAA1goriZt7rI6Uq/ccAAAAAAAAAAGwAbABOAAA
    ABQLODgAAAA9FAFgAQwBIAC0AQwBMAEkALQA2ADYAAgAWAEUAWABDAEgALQBDAEwASQ
    AtADYANgABABYARQBYAEMASAAtAEMATABJAC0ANgA2AAQAFgBlAHgAYwBoAC0AYwBsA
    GkALQA2ADYAAwAWAGUAeABjAGgALQBjAGwAaQAtADYANgAAAAAA
     
   

7. The client sends an SMTP_AUTH_NTLM_BLOB_Command message containing a base64-encoded NTLM AUTHENTICATE_MESSAGE.

    TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABYAFgBIAAAACAAIAF4AAAAWABYAZgA
    AABAAEACsAAAANYKI4gUCzg4AAAAPZQB4AGMAaAAtAGMAbABpAC0ANgA2AHQAZQBzAH
    QARQBYAEMASAAtAEMATABJAC0ANgA2AAZKkK42dvN2AAAAAAAAAAAAAAAAAAAAABvqC
    ZdJZ0NxuuMaNT5PPn5aZ6imuk9cPZkPUjEYNIRezkCGmTwS5G0=
   

8. The server sends an SMTP_AUTH_NTLM_Succeeded_Response message.

    235 2.7.0 Authentication successful