PHPMailer: Microsoft Exchange NTLM Authentication without workstation logged in (Test needed)

Referring to my previous post, it seems that SMTP authentication fails when authentication is not done within a workstation logged into the NT realm.

I’ve now attempted to change the PHPMailer source code though I will need an Exchange server to test it. To use it, replace the file PHPMailer/extras/ntlm_sasl_client.php with the modified one.

So now to authenticate the Microsoft Exchange SMTP sever, you will need to fill in domain name, username and password. For workstation you can now leave it as blank.

$AuthType = "NTLM";
$Username = "user";
$Password = "pass";
$Realm = "Domain name";
$Workstation = "";

Another note is to beware that this still only supports NTLM and NOT the older LM authentication scheme.

Some additional improvements that can be done in future:

  • Provide LM response and hash for backward compatibility
  • Domain name can be extracted from Type 2 Challenge message.

Go to download page for the file. Let me know if there’s any bugs.

PHPMailer: Supporting Microsoft Exchange NTLM Authentication

A while ago while using PHPMailer, I noticed there is a lack of Microsoft Exchange support for sending e-mail on STMP using NTLM authentication. Perhaps the close endedness of the proprietary protocol makes it hard for developer support.

One particular file I’m very interested in is the ntlm_sasl_client.php which is pretty outdated and only supports NTLM authentication WITH domain and workstation parameters filled. Meaning, the machine must be logged on to the local domain first. We also do not know the server’s realm. This is a bit problematic for web servers not directly connected to an NT domain. For this reason a different NTLM authentication scheme has to be used.

Either way I did noticed Gnome Evolution does support Microsoft Exchange and it’s open source so I should be able to salvage some protocol information from there. It follows SAMBA NTLM authentication procedure without the need to log into an NT domain. There are also a very thorough documentation on the NTLM authentication protocol. I shall start a project on this soon.