The SMTP CRAM-MD5 (base 64) authentication implemented in the Servoy mail plug-in is insufficient, because many of our customers (large universities and pharmaceutical companies) use Microsoft Exchange mail servers set to use only native mode authentication (NTLM) for security reasons. I was wondering what others are doing to send e-mail through an Exchange server using only NTLM authentication.
Thanks!
Hi kwpsd
The sendMail example saids
//it is possbile to set all kind of smtp properties
//var properties = new Array()
//properties[0] = ‘mail.smtp.host=myserver.com’
//properties specification can be found at:http://java.sun.com/products/javamail/javadocs/com/sun/mail/smtp/package-summary.html
//var msgs = plugins.mail.sendMail(‘to_someone@example.com,to_someone_else@example.net’, ‘John Cobb from_me@example.com’, ‘subject’, msgText,null,‘unnamed@example.com’,null, properties);
Looking up the above page (http://java.sun.com/products/javamail/j … mmary.html), there’re some tips for NTLM
mail.smtp.auth.ntlm.disable boolean If true, prevents use of the AUTH NTLM command. Default is false.
mail.smtp.auth.ntlm.domain String The NTLM authentication domain.
mail.smtp.auth.ntlm.flags int NTLM protocol-specific flags. See http://curl.haxx.se/rfc/ntlm.html#theNtlmFlags for details.
Maybe it works for you.
Best regards. Roberto Blasco.
the latest mail.jar (http://www.oracle.com/technetwork/java/ … index.html) released in january this year does support the latest ntlm authentication.
Maybe Servoy can implement this also in a new version of the mail plugin?
servoy 6 has that mail.jar already (and i guess you could if you want upgrade the one from servoy 5 yourself, but you need to sign then everything yourself)
and as far as i see ntlm support is just setting the right properties right?
So that will work out of the box.
Thanks to all for the feedback!
I breifly examined the documents provided in the links but did not see anything regarding the implementation of NTLM authentication, only that it is now provided in the latest release. We can wait for the Servoy 6 release that includes the new mail.jar.
and as far as i see ntlm support is just setting the right properties right?
I don’t know what the plan is for the Servoy mail plug-in regarding the authentication property settings. Currently, it is a logical expression pertaining to whether SMTP (base64) authentication is needed or not. The CDOSYS.DLL that ships with Windows allows the following for sending e-mail messages (sorry, this is VFP object code, but you will get the idea):
.ITEM("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 2 && 0-none, 1-SMTP (base64), 2-NTLM
that allows you specify the authentication type to force its use. However, I have also worked with SMTP clients (Chilkat for example) where you do not specify the authentication type, and the code is smart enough to determine the best authentication type to use based on the response to the EHLO SMTP command where it returns something like:
AUTH NTLM
I would prefer the smarter code version.