Menu
▾
▴
[fetchmail-devel] Re: Fetchmail, NTLM and Exchange
|
From: Matthias A. <mat...@gm...> - 2005-09-17 21:05:41
|
On Sat, 17 Sep 2005, Yves Boisjoly wrote: > Unfortunately, my employer decided to move to... Guess what... Exchange! Eek. > I was using Linux and Pine with fetchmail for my mail since two years. I > recently got a Cisco VPN client for Linux and the last thing I have to fix in > this migration is my mail. > > I tried and tried to telnet on port 110, used fetchmail with the NTLM > authentication, without any success. > > I read a lot about the NTLM authentication and I do realised that it doesn't > seem to be so easy to bypass the authentication level. > > I also read that fetchmail can use the NTLM authentication over IMAP with > Exchange, but the Exchange server I have to use only listen on POP3 (110). fetchmail has code in place to do NTLM auth with POP3, too, although the manual page doesn't say so. Can you show the "fetchmail --nosyslog -Nvv" snippet that shows the NTLM negotiation attempt? > I even tried with the Evolution client, apparently the better one to > communicate with Exchange, but again, without good result. > > I also tried to sniff my connection communication with the server, into > Windows (shame on me!)... Everything is encrypted but I saw the "NTLM" string > at some point... Might just have been an advertisement. Can you telnet to Exchange port 110, type CAPA and see what you get (this is redundant if the fetchmail command above showed this information already). > So here are my two questions: > > Is there any development in fetchmail for Exchange? Not on my part, as I don't have Exchange accounts to test against. If you could arrange for a test account for the fetchmail project, that might help - we need a mail address where we can send our test mail and the POP3 account to pull the mail from. > If not, considering that I am pretty good with Perl, do you thing it > could be feasible to incorporate a Perl call into fetchmail, that would take > over the NTLM authentication, and give back the control to fetchmail after > the authentication transaction? Such code is already there - the "plugin" option can do what you want. Your plugin would have to connect (TCP-wise) to the POP3 server, do the NTLM stuff and then either abort or transparently transport all commands (bidirectionally, so you'll probably have to delve into select() magic, it's possible in Perl but looks ugly) until it has had EOF from both sides. > I could be interested to develop this part in Perl, but I don't want to go > into C++, if it's what fetchmail is developed with... fetchmail is done in C currently, and the best way would probably be to fix NTLM auth. -- Matthias Andree |
