POP3 SASL SASL AUTH NTLM SASL AUTH PLAIN SASL DOWNGRADE RFC1734 RFC5034 # Server-side AUTH NTLM PLAIN REPLY "AUTH NTLM" + REPLY %b64[NTLMSSP%00%01%00%00%00%06%82%08%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00]b64% + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + REPLY %b64[%00user%00secret]b64% +OK Login successful From: me@somewhere To: fake@nowhere body -- yours sincerely # Client-side pop3 NTLM SSL !SSPI POP3 NTLM authentication with SASL downgrade pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret # Verify data after the test has been "shot" CAPA AUTH NTLM %b64[NTLMSSP%00%01%00%00%00%06%82%08%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00]b64% * AUTH PLAIN %b64[%00user%00secret]b64% RETR %TESTNUMBER QUIT