There are four authentication submethods inside the NTLM:
- LM: server nonce only, highly vulnerable to MITM and rogue server attacks.
- NTLM: different algorithm, almost equally vulnerable as LM today.
- NTLM2: server and client nonce, but MITM can force downgrade to NTLM/LM.
- NTLMv2: server and client nonce, MITM can't force downgrade.
NTLM password scheme is required for NTLM, NTLM2 and NTLMv2.
NTLMv2 can not be negotiated. It must be explicitly enabled on the client side by setting registry key below to at least 3:
Dovecot's NTLM logic is:
- If we have only LM password scheme, try LM authentication;
- If client sends LM response only (some very old clients do it), try LM too;
- If NTLMv2 is guessed (using client response length), try NTLMv2;
- If NTLM2 was negotiated, try it;
- Otherwise try NTLM.