PHPMailer: Microsoft Exchange NTLM Authentication without workstation logged in (Test needed)

Referring to my previous post, it seems that SMTP authentication fails when authentication is not done within a workstation logged into the NT realm.

I’ve now attempted to change the PHPMailer source code though I will need an Exchange server to test it. To use it, replace the file PHPMailer/extras/ntlm_sasl_client.php with the modified one.

So now to authenticate the Microsoft Exchange SMTP sever, you will need to fill in domain name, username and password. For workstation you can now leave it as blank.

$AuthType = "NTLM";
$Username = "user";
$Password = "pass";
$Realm = "Domain name";
$Workstation = "";

Another note is to beware that this still only supports NTLM and NOT the older LM authentication scheme.

Some additional improvements that can be done in future:

  • Provide LM response and hash for backward compatibility
  • Domain name can be extracted from Type 2 Challenge message.

Go to download page for the file. Let me know if there’s any bugs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.