Skip to content

NTLM Auth Example

Winni Neessen edited this page Jul 4, 2026 · 1 revision

This example shows how to enable NTLM (NTLMv2) authentication in go-mail.

go-mail v0.8.0 introduced native NTLMv2 SMTP authentication support, so you no longer need a third-party package or a custom smtp.Auth implementation to talk to servers such as Microsoft Exchange.

Test on play.go.dev

package main

import (
	"log"
	"os"

	"github.com/wneessen/go-mail"
)

func main() {
	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()
	
	message := mail.NewMsg()
	if err := message.From("toni@tester.com"); err != nil {
		log.Fatalf("failed to set FROM address: %s", err)
	}
	if err := message.To("tina@tester.com"); err != nil {
		log.Fatalf("failed to set TO address: %s", err)
	}
	message.Subject("This is my first test mail with go-mail!")
	message.SetBodyString(mail.TypeTextPlain, "This will be the content of the mail.")

	// Deliver the mail via SMTP using NTLMv2 authentication
	client, err := mail.NewClient(os.Getenv("SMTP_HOST"),
		mail.WithSMTPAuth(mail.SMTPAuthNTLM), mail.WithTLSPortPolicy(mail.TLSMandatory),
		mail.WithUsername(os.Getenv("SMTP_USER")), mail.WithPassword(os.Getenv("SMTP_PASS")),
		mail.WithDomain(os.Getenv("SMTP_DOMAIN")),
		// Disable the SMTPUTF8 extension to work around buggy Exchange behavior
		mail.WithoutSMTPUTF8(),
	)
	if err != nil {
		log.Fatalf("failed to create new mail delivery client: %s", err)
	}
	if err := client.DialAndSendWithContext(ctx, message); err != nil {
		log.Fatalf("failed to deliver mail: %s", err)
	}
	log.Printf("Test mail successfully delivered.")
}

Most of the code is explained in the Simple-Mailer-Example. Check out that page for detailed explanations.

The main differences to the Simple Mailer Example are the client options we use to enable NTLM authentication:

  • We select the NTLM authentication mechanism by passing the mail.SMTPAuthNTLM authentication type to mail.WithSMTPAuth.
  • In addition to the usual mail.WithUsername and mail.WithPassword options, some NTLM-authenticating servers require an NT domain, which we set via mail.WithDomain. This is the NT domain name the client uses for the authentication; it can also be set or overridden after client creation with Client.SetDomain.
  • We also add mail.WithoutSMTPUTF8. Since NTLM auth is most commonly used against Microsoft Exchange, this is worth noting: this option forces the SMTP client to skip the SMTPUTF8 extension in the MAIL FROM command even if the server advertises it, which works around buggy Exchange behavior that can otherwise cause the delivery to fail.

Clone this wiki locally