18.104.22.168 EHLO Discovery Message
The NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension also supports the discovery of supported authentication procedures.
When the EHLO command is sent to the SMTP server, the SMTP server will list available authentication mechanisms using the syntax defined in [RFC2821] section 22.214.171.124. The NTLM mechanism is indicated by using the "NTLM" EHLO keyword value if NTLM authentication is enabled for the SMTP server. An example of such an advertisement of supported authentication procedures by the server can be found in [RFC2554] section 4. The line "S: 250 AUTH CRAM-MD5 DIGEST-MD5" in the conversation indicates that the server advertises the supported authentication procedures as CRAM-MD5, DIGEST-MD5.
The server responds with an EHLO-Response (including the EHLO-keyword AUTH) when the client sends the EHLO command with or without an argument.
[RFC2821] section 126.96.36.199 states that clients SHOULD send EHLO with an argument. The definition of SHOULD in [RFC2119] allows the client to exclude the EHLO argument in exceptional circumstances. The SMTP server MUST support such clients.