4

I'm trying to access a SMTP server with AUTH type of NTLM.

I'm using nodemailer and nodemailer-smtp-transport as such:

var config = require('./config.json');
var nodemailer = require('nodemailer');
var smtpTransport = require('nodemailer-smtp-transport');

var transporter = nodemailer.createTransport(smtpTransport({
    host : config.mailer.host,
    port: config.mailer.port,
    auth: {
        user: config.mailer.username,
        pass: config.mailer.password
    },
    authMethod: 'PLAIN'
}));

But it doesn't work. The error I get is:

{ [Error: Invalid login: 504 5.7.4 Unrecognized authentication type]
  code: 'EAUTH',
  response: '504 5.7.4 Unrecognized authentication type',
  responseCode: 504 }

Which makes sense, because if I telnet into the SMTP server

ehlo server.domain.net
250-server.domin.net Hello [10.100.10.100]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST

And enter

AUTH PLAIN

I get

504 5.7.4 Unrecognized authentication type

But inside Node, if I change the authMethod to 'NTLM', I get an error that says

{ [Error: Unknown authentication method "NTLM"] code: 'EAUTH' }

I'm suspecting that nodemailer just doesn't support NTLM. If that's the case, how do I connect to a SMTP server that requires NTLM authentication type?

Thanks

Improve this question
1
  • 1
    github.com/nodemailer/nodemailer/issues/314 - it seems we're out of luck - the last comment at time of writing is from the maintainer saying: "I have nothing against NTLM per se. I just have no clue how to test it as It seems to be Microsoft specific and I know nothing about Windows based systems" Commented Apr 19, 2016 at 13:35

3 Answers 3

Reset to default
4

My company ran into the same problem a few days ago. The options we considered were:

  1. Ask the exchange server admins to enable PLAIN auth under STARTTLS (it is secure and appears to only involve ticking a couple of checkboxes)
  2. Set up a local relay (e.g. postfix) that relays to Exchange, and use the postfix relay from nodemailer
  3. Fork nodemailer and add NTLM support

Unfortunately we hit political issues on the easy options (1) and (2), so had to fork nodemailer.

I didn't send a pull request yet, but the fork is here. For the time being the easiest way to use it is via npm by referring directly to the github project in your package json, e.g.:

"dependences": {
  "nodemailer": "steveliles/nodemailer"
}

If you're interested, most of the change was actually in a sub-sub-project (smtp-connection), and the forks of nodemailer, nodemailer-smtp-pool, and nodemailer-smtp-transport are only necessary to get my smtp-connection fork to be picked up.

We didn't need to implement the NTLM protocol, as SamDecrock's httpntlm already did the hard work.

It has only been tested against Exchange 2007 over TLS (with STARTTLS) and no domain or workstation.

If you do need domain + workstation in the credentials, just add them to nodemailer's options.auth and they will be passed through, e.g.

var smtpConfig = {
    host: 'ntlm.boo.hoo',
    port: 25,
    auth: {
        domain: 'windows-domain',
        workstation: 'windows-workstation',
        user: '[email protected]',
        pass: 'pass'
    }
};

We were even more unlucky in that the exchange server we're connecting to doesn't have a valid SSL certificate, but luckily nodemailer can handle that by setting tls: {rejectUnauthorized: false} in the options.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Pull request 46 already merged - looks like NTLM support will be available in the main nodemailer project fairly soon - github.com/nodemailer/smtp-connection/pull/46
0

From version 6.x.x, you can use custom auth: https://github.com/nodemailer/nodemailer-ntlm-auth

Refs: https://nodemailer.com/smtp/#authentication

Improve this answer

Comments

0

If this is an internal/service type application and your server admin doesn't mind, you can ask them to create a host without authorization and just get rid of

auth: {
    user: '-----------',
    pass: '-----------'
}

Since I'm just creating a service type app just to send emails on a schedule, my server admin allowed this for me.

Worked for me but I'm sure this solution is not for everyone!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.