[Dovecot] NTLM authentication from Outlook

Lars Skovgaard lars at skovgaarddesign.dk
Mon Nov 13 22:50:51 UTC 2006

Hi all

I've enabled ntlm authentication in dovecot, and use dovecot sasl in  
postfix as well.

Authentication with ntlm works well from Mac OS X Mail.app, as well  
as from Outlook Express, but fails with Outlook. Strangely enough,  
ntml authentication works in Outlook when using smtp (via postfix),  
but neither from imap or pop3 (both dovecot). As dovecot sasl handles  
all authentication against a mysql userdb, this strikes me as very  

I've instructed my clients with Outlook to fetch mail using a ssl- 
encrypted connection, and to send using ntlm-authentication. This  
works, but I would like to have ntlm available as an option to all my  
clients, without forcing them to change mail-clients.

I've turned on auth_verbose, auth_debug and auth_debug_passwords, and  
compared the passwordstring with the one calculated using dovecotpw,  
and they match. The only odd thing is that the username is returned  
from Outlook as an all-caps string, so user at domain.tld becomes  
USER at DOMAIN.TLD. I don't know if it matters, but I don't think so, as  
changing the user-login to an all-caps version doesn't solve the  

Any hints will be most welcome.


More information about the dovecot mailing list