EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SMTP Authentication

Posted: 02/24/2014 11:11:25
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 174

Hello everyone,

I'm trying to write a SMTP client using the TElSMTPClient component. I would like the component to negotiate the most secure authentication mechanism with the server (only falling back to plaintext if nothing in common can be found).

With most "standard" SMTP servers (postfix, etc.), this works well because they support either CRAM MD5 or DIGEST MD5. Unfortunately, this ain't doing as well with exchange 2013: it only supports NTLM and GSSAPI.

So, in SBB, I first tried it with GSSAPI: no luck. It seems that, while the constant is defined in SBSAL.pas, it isn't actually implemented. Ok, fair enough: NTLM will do.

Except that it doesn't: in no case was I able to successfully use NTLM authentication on SMTP with exchange with success: I always get "535 5.7.3 Authentication unsuccessful" back from the server (actually, I get an exception telling me that the command {NTML challenge response string} failed which isn't very useful).

And since exchange doesn't support plain text login from the internal interface by default (even through SSL), this means that, unless this is solved somehow, I cannot support Exchange 2013 (well, almost: I can send mail to a local account but not relay).

Another issue I'm having is that, if the server rejects at a later stage (for instance, because no authentication has been performed and I'm trying to send a mail to a non-local account), the SMTP client actually triggers a second exception itself by calling "RSET" when the server has already closed the connection. This causes another exception to be raised and it masks the initial error: while I can trace it in the code, it will never reach anything useful and I'm left with nothing to tell to the user except a generic "Connection lost (error code is 10058)".

I'm using SBB 10 with Delphi 6. I have tried the SMTPClient demo as provided and it fails because exchange does not allow simple login (it triggers the second problem: I do not receive a proper error code because it is masked by the RSET command error).

smtp.SASLMechanism['NTLM'] := true;
to the demo causes the NTLM SASL code to run but it always fail as described.

Posted: 02/24/2014 11:18:37
by Eugene Mayevski (Team)

Moved to helpdesk for investigation.

Sincerely yours
Eugene Mayevski
Posted: 07/11/2015 16:13:42
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 152

Hi, we have also an MS Exchange 2013 server. Is it already sovled?
WHy Authentification must I use? Please give a code excample for the smtp demo.

I got it: you must use:
     smtp.SASLMechanism['DIGEST-MD5'] := false;
     smtp.SASLMechanism['NTLM'] := false;



Topic viewed 2691 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!