IMAP SASL SASL AUTH NTLM SASL AUTH PLAIN SASL DOWNGRADE # Server-side AUTH NTLM PLAIN REPLY "AUTHENTICATE NTLM" + REPLY %b64[NTLMSSP%00%01%00%00%00%06%82%08%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00]b64% + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + REPLY %b64[%00user%00secret]b64% A003 OK AUTHENTICATE completed From: me@somewhere To: fake@nowhere body -- yours sincerely # Client-side imap NTLM SSL !SSPI IMAP NTLM authentication with SASL downgrade 'imap://%HOSTIP:%IMAPPORT/%TESTNUMBER/;MAILINDEX=1' -u user:secret # Verify data after the test has been "shot" A001 CAPABILITY A002 AUTHENTICATE NTLM %b64[NTLMSSP%00%01%00%00%00%06%82%08%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00]b64% * A003 AUTHENTICATE PLAIN %b64[%00user%00secret]b64% A004 SELECT %TESTNUMBER A005 FETCH 1 BODY[] A006 LOGOUT