Accessing SMTP server with AUTH NTLM from Node.js

Question

I'm trying to access a SMTP server with AUTH type of NTLM.

I'm using nodemailer and nodemailer-smtp-transport as such:

var config = require('./config.json');
var nodemailer = require('nodemailer');
var smtpTransport = require('nodemailer-smtp-transport');

var transporter = nodemailer.createTransport(smtpTransport({
    host : config.mailer.host,
    port: config.mailer.port,
    auth: {
        user: config.mailer.username,
        pass: config.mailer.password
    },
    authMethod: 'PLAIN'
}));

But it doesn't work. The error I get is:

{ [Error: Invalid login: 504 5.7.4 Unrecognized authentication type]
  code: 'EAUTH',
  response: '504 5.7.4 Unrecognized authentication type',
  responseCode: 504 }

Which makes sense, because if I telnet into the SMTP server

ehlo server.domain.net
250-server.domin.net Hello [10.100.10.100]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST

And enter

AUTH PLAIN

I get

504 5.7.4 Unrecognized authentication type

But inside Node, if I change the authMethod to 'NTLM', I get an error that says

{ [Error: Unknown authentication method "NTLM"] code: 'EAUTH' }

I'm suspecting that nodemailer just doesn't support NTLM. If that's the case, how do I connect to a SMTP server that requires NTLM authentication type?

Thanks

Answer 1

My company ran into the same problem a few days ago. The options we considered were:

1. Ask the exchange server admins to enable PLAIN auth under STARTTLS (it is secure and appears to only involve ticking a couple of checkboxes)
2. Set up a local relay (e.g. postfix) that relays to Exchange, and use the postfix relay from nodemailer
3. Fork nodemailer and add NTLM support

Unfortunately we hit political issues on the easy options (1) and (2), so had to fork nodemailer.

I didn't send a pull request yet, but the fork is here. For the time being the easiest way to use it is via npm by referring directly to the github project in your package json, e.g.:

"dependences": {
  "nodemailer": "steveliles/nodemailer"
}

If you're interested, most of the change was actually in a sub-sub-project (smtp-connection), and the forks of nodemailer, nodemailer-smtp-pool, and nodemailer-smtp-transport are only necessary to get my smtp-connection fork to be picked up.

We didn't need to implement the NTLM protocol, as SamDecrock's httpntlm already did the hard work.

It has only been tested against Exchange 2007 over TLS (with STARTTLS) and no domain or workstation.

If you do need domain + workstation in the credentials, just add them to nodemailer's options.auth and they will be passed through, e.g.

var smtpConfig = {
    host: 'ntlm.boo.hoo',
    port: 25,
    auth: {
        domain: 'windows-domain',
        workstation: 'windows-workstation',
        user: 'user@somedomain.com',
        pass: 'pass'
    }
};

We were even more unlucky in that the exchange server we're connecting to doesn't have a valid SSL certificate, but luckily nodemailer can handle that by setting tls: {rejectUnauthorized: false} in the options.

Answer 2

From version 6.x.x, you can use custom auth: https://github.com/nodemailer/nodemailer-ntlm-auth

Refs: https://nodemailer.com/smtp/#authentication

Answer 3

If this is an internal/service type application and your server admin doesn't mind, you can ask them to create a host without authorization and just get rid of

auth: {
    user: '-----------',
    pass: '-----------'
}

Since I'm just creating a service type app just to send emails on a schedule, my server admin allowed this for me.

Worked for me but I'm sure this solution is not for everyone!