Share via

3.2.1.1 SMTP State Model

  • Article

SMTP NTLM authentication server state model

Figure 3: SMTP NTLM authentication server state model

The abstract data model for the NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension has the following states:

  1. start

    This is the state of the server before the SMTP_AUTH_NTLM_Initiation_Command (section 2.2.1.1) message has been received.

  2. received_authentication_request

    This is the state of the server after the SMTP_AUTH_NTLM_Initiation_Command message has been received.

  3. sent_response

    This is the state entered by the server after it has sent an SMTP_NTLM_Supported_Response (section 2.2.1.2) or SMTP_AUTH_NTLM_BLOB_Response (section 2.2.1.3) message.

    During this state the server waits for SMTP_AUTH_NTLM_BLOB_Command (section 2.2.1.7) from the client and transition the state to received_response after receiving the SMTP_AUTH_NTLM_BLOB_Command.

    The server comes back to this state after it has sent SMTP_AUTH_NTLM_BLOB_Response to the client.

  4. received_command

    This is the state entered by the server after it has received the SMTP_AUTH_NTLM_Initiation_Command with NTLM_NEGOTIATE_MESSAGE or SMTP_AUTH_NTLM_BLOB_Command.

    During this state the server passes the SMTP_AUTH_NTLM_Initiation_Command with NTLM_NEGOTIATE_MESSAGE or SMTP_AUTH_NTLM_BLOB_Command to the NTLM software. If the NTLM software returns SMTP_AUTH_NTLM_BLOB_Response message the server sends it back to the client.

    The server transitions the state to sent_response after it sends the SMTP_AUTH_NTLM_BLOB_Response.

    The server comes back to this state after receiving SMTP_AUTH_NTLM_BLOB_Command.

    The server MUST transition the state to completed_authentication when it sends SMTP_AUTH_NTLM_Succeeded_Response (section 2.2.1.6) or SMTP_AUTH_Fail_Response (section 2.2.1.4) or SMTP_AUTH_Other_Failure_Response (section 2.2.1.5) to the client.

  5. completed_authentication

    This is the state of the server upon successfully or unsuccessfully completing authentication. Section 3.1.5 defines the rules for how this state is reached. The completed_authentication represents the end state of the authentication protocol.

    This document does not address the behavior of SMTP in this state.