我尝试使用Python成功对Exchange SMTP网关进行身份验证。
我正在使用https://github.com/jborean93/ntlm-auth和Python 3.5.2中的ntlm_auth模块。
这是我正在使用的代码。我已阅读NTLM规范,服务器不接受经过身份验证的消息。 5.7.3是一般错误,有没有更好的方法来处理这种情况?
from smtplib import SMTP
from ntlm_auth.ntlm import Ntlm
import socket
from smtplib import SMTPException, SMTPAuthenticationError
workstation = socket.gethostname().upper()
def ntlm_authenticate(smtp, domain, username, password):
code, response = smtp.docmd("AUTH", "NTLM")
ntlm_context = Ntlm(ntlm_compatibility=2)
if code != 334:
raise SMTPException("Server did not respond as expected to NTLM negotiate message")
code, response = smtp.docmd(ntlm_context.create_negotiate_message(domain, workstation).decode())
if code != 334:
raise SMTPException("Server did not respond as expected to NTLM challenge message")
ntlm_context.parse_challenge_message(response)
code, response = smtp.docmd(ntlm_context.create_authenticate_message(username, password,
domain, workstation).decode())
if code != 235:
raise SMTPAuthenticationError(code, response)
EXCHANGE_PASSWORD = 'ThisIsReallyMyPassword!'
fromaddr = 'anthony.shaw@ourcompany.com'
toaddrs = 'my.colleague@ourcompany.com'
msg= 'hello world!'
print("Message length is", len(msg))
conn = SMTP('webmail.ourcompany.com')
conn.set_debuglevel(1)
conn.starttls()
conn.ehlo()
ntlm_authenticate(conn, 'DOMAINXXX', 'anthony.shaw', EXCHANGE_PASSWORD)
conn.sendmail(fromaddr, toaddrs, msg)
conn.quit()
以下是会话的跟踪,其中包含各种加密字以确保安全性
Message length is 12
send: 'ehlo Anthonys-MacBook-Pro-2.local\r\n'
reply: b'250-sdfsdf.sdfd.cloud Hello [121.123.184.192]\r\n'
reply: b'250-SIZE 37748736\r\n'
reply: b'250-PIPELINING\r\n'
reply: b'250-DSN\r\n'
reply: b'250-ENHANCEDSTATUSCODES\r\n'
reply: b'250-STARTTLS\r\n'
reply: b'250-X-ANONYMOUSTLS\r\n'
reply: b'250-AUTH NTLM\r\n'
reply: b'250-X-EXPS GSSAPI NTLM\r\n'
reply: b'250-8BITMIME\r\n'
reply: b'250-BINARYMIME\r\n'
reply: b'250-CHUNKING\r\n'
reply: b'250 XRDST\r\n'
reply: retcode (250); Msg: b'asd.sds.cloud Hello [121.123.184.192]\nSIZE 37748736\nPIPELINING\nDSN\nENHANCEDSTATUSCODES\nSTARTTLS\nX-ANONYMOUSTLS\nAUTH NTLM\nX-EXPS GSSAPI NTLM\n8BITMIME\nBINARYMIME\nCHUNKING\nXRDST'
send: 'STARTTLS\r\n'
reply: b'220 2.0.0 SMTP server ready\r\n'
reply: retcode (220); Msg: b'2.0.0 SMTP server ready'
send: 'ehlo Anthonys-MacBook-Pro-2.local\r\n'
reply: b'250-sdfdfs.dddd.cloud Hello [121.123.184.192]\r\n'
reply: b'250-SIZE 37748736\r\n'
reply: b'250-PIPELINING\r\n'
reply: b'250-DSN\r\n'
reply: b'250-ENHANCEDSTATUSCODES\r\n'
reply: b'250-AUTH NTLM LOGIN\r\n'
reply: b'250-X-EXPS GSSAPI NTLM\r\n'
reply: b'250-8BITMIME\r\n'
reply: b'250-BINARYMIME\r\n'
reply: b'250-CHUNKING\r\n'
reply: b'250 XRDST\r\n'
reply: retcode (250); Msg: dd.bbb.cloud Hello [121.123.184.192]\nSIZE 37748736\nPIPELINING\nDSN\nENHANCEDSTATUSCODES\nAUTH NTLM LOGIN\nX-EXPS GSSAPI NTLM\n8BITMIME\nBINARYMIME\nCHUNKING\nXRDST'
send: 'AUTH NTLM\r\n'
reply: b'334 NTLM supported\r\n'
reply: retcode (334); Msg: b'NTLM supported'
send: 'TlRMTVNTUAABAAsdfsdfsdfsdfBQAoAAAAHAAcAC0AAAAGAbEdAAAAD0lUQUFTQU5USE9OWVMtTUFDQk9PSy1QUk8tMi5MT0NBTA==\r\n'
reply: b'334 TlRMTVNTUAACAAAABwAHADgAAAA2gonilvWzl6ZwMogAAAAAAAAAALYAtgA/AAAABgLwIwAAAA9DU0ZNRERTAgAOAGMAcwBmAG0AZABkAHMAAQsdfdsdfsfRABEAFMARAAwADEARQAwADIABAAaAGMAcwBmAG0AZABkAHMALgBjAGsdfdsAAwA2AEEAVQAwADEARABEAFMARAAwADEARQAwADIALgBjAHMAZgBtAGQAZABzAC4AYwBsAG8AdQBkAAUAGgBjAHMAZgBtAGQAZABzAC4AYwBsAG8AdQBkAAcACAD5GqJRU3DSAQAAAAA=\r\n'
reply: retcode (334); Msg: b'TlRMTVNTUAACAAAABwAHADgAAAA2gonilvWzl6ZwMogAAAAAAAAAALYAtgA/AAAABgLwIwAAAA9DU0ZNRERTAgAOAGMAcwBmAG0AZABkAHMAAQAaAEEAVQAwADEARABEAFMARAAwADEARQAwADIABAAaAGMAcwBmAG0AZABkAHMALgBjAGwAbwB1AGQAAwA2AEEAVQAwADEARABEAFMARAAwADEARQAwADIALgBjAHMAZgBtAGQAZABzAC4AYwBsAG8AdQBkAAUAGgBjAHMAZgBtAGQAZABzAC4AYwBsAG8AdQBkAAcACAD5GqJRU3DSAQAAAAA='
send: 'TlRMTVNTUAADAAAAGAAYAHUAAAfdfdfdfQAAAAUABQBIAAAADAAMAE0AAAAcABwAWQAAABAAEAClAAAANoKJ4gYBsR0AAAAPSVRBQVNhbnRob255LnNoYXdBTlRIT05ZUy1NQUNCT09LLVBSTy0yLkxPQ0FM8yeaKY0RjtEAAAAAAAAAAAAAAAAAAAAAD6wAaUOQF3QLY4klpKRYBYlkbYjyBNMJRLW0ZRQqzhDumAsyVC1uXg==\r\n'
reply: b'535 5.7.3 Authentication unsuccessful\r\n'
reply: retcode (535); Msg: b'5.7.3 Authentication unsuccessful'
Traceback (most recent call last):
File "email_users.py", line 38, in <module>
ntlm_authenticate(conn, 'DOMAINXXX', 'anthony.shaw', EXCHANGE_PASSWORD)
File "email_users.py", line 24, in ntlm_authenticate
raise SMTPAuthenticationError(code, response)
smtplib.SMTPAuthenticationError: (535, b'5.7.3 Authentication unsuccessful')
答案 0 :(得分:0)
在这个问题中,我注意到&#34;它适用于PowerShell&#34;。我在Windows PC上运行WireShark并再次运行PowerShell命令。
在Wireshark会话中,我看到了同样的错误&#34; 535 5.7.3身份验证失败&#34;。 PowerShell命令(Send-MailMessage)忽略该错误并继续发送消息(MAIL FROM,RCPT TO)并传递消息。
这里的问题是5.7.3可能意味着无法建立经过身份验证的中继会话,因为此用户无权在外部进行中继。但是,您可以通过忽略错误并继续发送消息来运行匿名中继会话。