SMTP NTLM authentication bug?

spodskubkahcs · May 13, 2022, 9:40am

Dear Lucee community,

I seem to have discovered a problem with SMTP NTLM authentication against Microsoft Exchange.

At first I had the credentials wrong when configuring the Mailserver in the Lucee Web Admin.
Trying to send a test mail resulted in the following mailserver response, which is fine in this case.

535 5.7.3 Authentication unsuccessful

However, when I fixed the credentials and tried to send a test mail again, this happened (334 responses shortened for brevity):

lucee.runtime.exp.NativeException: 334 TlRMTVNTUAACAAAA...
at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:960)
at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:876)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:780)
at javax.mail.Service.connect(Service.java:388)
at lucee.runtime.net.smtp.SMTPSender.run(SMTPSender.java:60)
Caused by: javax.mail.AuthenticationFailedException: 334 TlRMTVNTUAACAAAA...;
nested exception is:
java.lang.ArrayIndexOutOfBoundsException: arraycopy: last destination index 260 out of bounds for byte[256]
... 5 more
Caused by: java.lang.ArrayIndexOutOfBoundsException: arraycopy: last destination index 260 out of bounds for byte[256]
at java.base/java.lang.System.arraycopy(Native Method)
at com.sun.mail.auth.Ntlm.generateType3Msg(Ntlm.java:331)
at com.sun.mail.smtp.SMTPTransport$NtlmAuthenticator.doAuth(SMTPTransport.java:1107)
at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:942)
... 4 more

I understand that this problem may not be Lucee’s fault at all but of the used NTLM library.
In that case, can someone point me in the right direction?

Could it help to

update Lucee to 5.3.9.133 (I didn’t see NTLM mentioned in the release notes)?
switch to the JRE 8 Docker image?
contact the author of the NTLM library (who is that)?

I’m sorry that I haven’t tried any more of these options yet myself, but the mailserver in question is only available in production so I can’t easily reproduce the issue in my development environment.

I’m using the official Lucee Docker image lucee/lucee:5.3.8.206:
Docker Host OS: Ubuntu 20.04 LTS (GNU/Linux 5.4.0-109-generic x86_64)
Java Version: 11.0.12 (Oracle Corporation) 64bit
Tomcat Version: 9.0.53
Lucee Version: 5.3.8.206

PS: keep up the good work, Lucee is an amazing project!