4.1 SMTP Client Successfully Authenticating to an SMTP Server

This section illustrates the NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension with an example scenario in which an SMTP client successfully authenticates to an SMTP server using NTLM.

SMTP client successfully authenticating to SMTP server

Figure 4: SMTP client successfully authenticating to SMTP server

  1. The client sends an EHLO to the server. This command is specified in [RFC2821].

     EHLO test.com
    
  2. The server responds with an EHLO-Response (including the EHLO-keyword AUTH) to indicate that the authentication is supported. Among the parameters to the AUTH EHLO-response keyword is the keyword "NTLM", indicating that NTLM authentication is available.

     250-exch-cli-66 Hello [127.0.0.1]
     250-AUTH GSSAPI NTLM
     250-TURN
     250-SIZE 2097152
     250-ETRN
     250-PIPELINING
     250-DSN
     250-ENHANCEDSTATUSCODES
     250-8bitmime
     250-BINARYMIME
     250-CHUNKING
     250-VRFY
     250 OK
      
    
  3. The client then sends the SMTP AUTH command, SMTP_AUTH_NTLM_Initiation_Command, initiating auth. In this example, the AUTH command being sent is without the optional [initial-response] data.

     AUTH NTLM
    
  4. The server sends the SMTP_NTLM_Supported_Response message, indicating that it can perform NTLM authentication.

     334 ntlm supported
    
  5. The client sends an SMTP_AUTH_NTLM_BLOB_Command message containing a base64-encoded NTLM NEGOTIATE_MESSAGE.

     TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==
    
  6. The server sends an SMTP_AUTH_NTLM_BLOB_Response message containing a base64-encoded NTLM CHALLENGE_MESSAGE.

     334 TlRMTVNTUAACAAAAFgAWADgAAAA1goriZt7rI6Uq/ccAAAAAAAAAAGwAbABOAAA
     ABQLODgAAAA9FAFgAQwBIAC0AQwBMAEkALQA2ADYAAgAWAEUAWABDAEgALQBDAEwASQ
     AtADYANgABABYARQBYAEMASAAtAEMATABJAC0ANgA2AAQAFgBlAHgAYwBoAC0AYwBsA
     GkALQA2ADYAAwAWAGUAeABjAGgALQBjAGwAaQAtADYANgAAAAAA
      
    
  7. The client sends an SMTP_AUTH_NTLM_BLOB_Command message containing a base64-encoded NTLM AUTHENTICATE_MESSAGE.

     TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABYAFgBIAAAACAAIAF4AAAAWABYAZgA
     AABAAEACsAAAANYKI4gUCzg4AAAAPZQB4AGMAaAAtAGMAbABpAC0ANgA2AHQAZQBzAH
     QARQBYAEMASAAtAEMATABJAC0ANgA2AAZKkK42dvN2AAAAAAAAAAAAAAAAAAAAABvqC
     ZdJZ0NxuuMaNT5PPn5aZ6imuk9cPZkPUjEYNIRezkCGmTwS5G0=
    
  8. The server sends an SMTP_AUTH_NTLM_Succeeded_Response message.

     235 2.7.0 Authentication successful
    
Show: