> Try running mutt at debug level 2 and see what it prints. There should be a > message: > smtp_authenticate: Trying method XXX > for each method, and then hopefully something inside the SASL authentication > starting with: > smtp_auth_sasl: .... > > I don't know what the problem is, but perhaps it will give a clue.
I've gone through a few iterations and now have also a valid Kerberos ticket for the domain (NTLM is on the list). With that, the error has stabilised on [2020-11-05 13:35:12] ssl_verify_callback: checking cert chain entry /DC=com/DC=mycompany/DC=eu/CN=Mycompany CA (preverify: 0 skipmode: 0) [2020-11-05 13:35:12] ssl_verify_callback: digest check passed [2020-11-05 13:35:12] ssl_verify_callback: checking cert chain entry /DC=com/DC=mycompany/O=Mycompany/CN=mail.mycompany.com (preverify: 1 skipmode: 0) [2020-11-05 13:35:12] ssl_verify_callback: hostname check passed [2020-11-05 13:35:12] TLSv1.2 connection using TLSv1.2 (ECDHE-RSA-AES256-SHA384) [2020-11-05 13:35:13] 7> EHLO cypress.com [2020-11-05 13:35:13] 7< 250-mail.mycompany.com Hello [10.2.3.4] [2020-11-05 13:35:13] 7< 250-SIZE 41943040 [2020-11-05 13:35:13] 7< 250-PIPELINING [2020-11-05 13:35:13] 7< 250-DSN [2020-11-05 13:35:13] 7< 250-ENHANCEDSTATUSCODES [2020-11-05 13:35:13] 7< 250-AUTH GSSAPI NTLM LOGIN [2020-11-05 13:35:13] 7< 250-8BITMIME [2020-11-05 13:35:13] 7< 250-BINARYMIME [2020-11-05 13:35:13] 7< 250 CHUNKING [2020-11-05 13:35:13] smtp_authenticate: Trying method gssapi [2020-11-05 13:35:13] SASL local ip: 192.168.1.5;59262, remote ip:10.2.3.4;587 [2020-11-05 13:35:13] External SSF: 256 [2020-11-05 13:35:13] External authentication name: mycompany\\myuser [2020-11-05 13:35:13] mutt_sasl_cb_authname: getting user for mail.mycompany.com:587 [2020-11-05 13:35:13] SASL: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) [2020-11-05 13:35:13] smtp_auth_sasl: GSSAPI unavailable [2020-11-05 13:35:13] No authenticators available I've also tried set smtp_authenticators="ntlm:login" and they fail, differently. [2020-11-05 13:47:27] Authenticating (NTLM)... [2020-11-05 13:47:27] 7> AUTH NTLM TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA= [2020-11-05 13:47:27] 7< 334 TlRMTVNTUAACAAAAEAAQADgAAAAFAoECv/HeyZc7uakAAAAAAAAAAJ4AngBIAAAABgOAJQAAAA9JAE4ARgBJAE4ARQBPAE4AAgAQAEkATgBGAEkATgBFAE8ATgABABAATQBVAEMAUwBFADcAMAAxAAQAGABpAG4AZgBpAG4AZQBvAG4ALgBjAG8AbQADACoATQBVAEMAUwBFADcAMAAxAC4AaQBuAGYAaQBuAGUAbwBuAC4AYwBvAG0ABQAYAGkAbgBmAGkAbgBlAG8AbgAuAGMAbwBtAAcACABc5gIzerPWAQAAAAA= [2020-11-05 13:47:27] mutt_sasl_cb_authname: getting authname for mail.mycompany.com:587 [2020-11-05 13:47:27] mutt_sasl_cb_pass: getting password for mycompany\\myu...@mail.mycompany.com:587 [2020-11-05 13:47:27] 7> TlRMTVNTUAADAAAAAAAAAEAAAAAYABgAQAAAABAAEABYAAAAKgAqAGgAAAAAAAAAkgAAAAAAAACSAAAABQIAAJsXjL3ydgM9rwTubG5AxAv3ScSp4SQNUkkATgBGAEkATgBFAE8ATgBpAG4AZgBpAG4AZQBvAG4AXABcAGgAZQBjAGsAaQBuAGcAbABhAHIAcwA= [2020-11-05 13:47:32] 7< 535 5.7.3 Authentication unsuccessful [2020-11-05 13:47:32] ntlm authentication failed, trying next method [2020-11-05 13:47:33] smtp_authenticate: Trying method login [2020-11-05 13:47:33] SASL local ip: 192.168.1.5;59552, remote ip:10.2.3.4 [2020-11-05 13:47:33] External SSF: 256 [2020-11-05 13:47:33] External authentication name: mycompany\\myuser [2020-11-05 13:47:33] Authenticating (LOGIN)... [2020-11-05 13:47:33] 7> AUTH LOGIN [2020-11-05 13:47:33] 7< 334 VXNlcm5hbWU6 [2020-11-05 13:47:33] mutt_sasl_cb_authname: getting authname for mail.mycompany.com:587 [2020-11-05 13:47:33] mutt_sasl_cb_pass: getting password for mycompany\\myu...@mail.mycompany.com:587 [2020-11-05 13:47:33] 7> aW5maW5lb25cXGhlY2tpbmdsYXJz [2020-11-05 13:47:33] 7< 334 UGFzc3dvcmQ6 [2020-11-05 13:47:33] 7> YmFpMXBoaWVNew== [2020-11-05 13:47:53] 7< 535 5.7.3 Authentication unsuccessful [2020-11-05 13:47:53] SASL authentication failed