Solved

trapping an SMTP request

Posted on 2001-07-05
11
303 Views
Last Modified: 2013-12-03
i am looking to have a handler called when any mail application submits a "send mail" via smtp.  is there a way to hook all smtp requests from a mail client within windows?
0
Comment
Question by:mnguyen021997
  • 4
  • 3
11 Comments
 
LVL 32

Expert Comment

by:jhance
Comment Utility
There are many ways and they all have pro/cons.  Perhaps a bit more about what you are trying to accomplish would help...
0
 
LVL 2

Author Comment

by:mnguyen021997
Comment Utility
so when a user trys and sends mail through either OE, eudora, netscape, etc i would like to trap that request and trigger an application to be launched (for all intents and purposes, it could be an MS Agent or something to greet them).
0
 
LVL 32

Accepted Solution

by:
jhance earned 100 total points
Comment Utility
Do you want to be able to do this without having to reconfigure the email software?

If so, then you have two options:

1) Hooking the WINSOCK functions that establish the connection.  Probably connect() at least.  This technique called API hooking is described in Richter's book, Programming Applications for Windows.  It's somewhat complex and a different technique is needed for Win9x vs. NT/2000.

2) Writing an NDIS Intermediate driver to intercept the network packets for the SMTP connection.  This is a very powerful technique but it has the added complexity of being done as a device driver.  Also different between Win9x and NT/2000.  You might look at the PCAUSA (www.pcausa.com) web site for information about this and a toolkit that can help with this.

If the EMAIL client can be reconfigured, then a technique similar to what Norton Anti-Virus and other virus scanners that check email do, namely, writing a local "server" that clients connect to and then passing that onto the real server after scanning the data.  You could redirect your SMTP traffic to a local "SMTP" server.  It would do whatever it is you want to do with the traffic and then pass it on to the real SMTP server.
0
 
LVL 5

Assisted Solution

by:robpitt
robpitt earned 100 total points
Comment Utility
A 3rd option for you... write a winsock layered service provider. See http://www.microsoft.com/msj/0599/layeredservice/layeredservice.htm


See also the MailControl app at http://www.internals.com I'm pretty sure this uses a winsock LSP dll. Infact ask Yariv the author of the above for the source - he's quite approachable.

Rob
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 2

Author Comment

by:mnguyen021997
Comment Utility
is there not a way to hook it from a registry entry?  i was under the assumption you could write your own protocol handler by redirecting some entries in the registry.
0
 
LVL 32

Expert Comment

by:jhance
Comment Utility
robpitt,

Interesting idea about the SPI.  It's one of those Winsock 2 features that has gone practically unnoticed.  I'm not sure what is more thinly documented, the NDIS driver interface or the WINSOCK 2 SPI....

mnguyen,

There is a grain of truth to what you are saying but the implications are large.  True, a registry entry is all it takes to insert a driver into the Windows network protocol stack but, and this is a big BUT, what you do must be a fully compliant driver for the place where you insert it.  If not, you'll almost certainly get a BLUE SCREEN and a really messy situation.  I pointed you to the NDIS intermediate driver since it's far simpler that a full-blown NDIS network driver or a protocol driver.
0
 
LVL 2

Author Comment

by:mnguyen021997
Comment Utility
i actually thought it was easier then that.  at least for "http" you could even devise your own protocol "mnguyenTP" that is used. but perhaps this is used only in the context of a browser.
0
 
LVL 32

Expert Comment

by:jhance
Comment Utility
I'm not sure at all what you are referring to unless it is the HTTP PROXY protocol.  That's really easy to "tap into" via the proxy settings in all browsers.  SMTP does NOT have a proxy protocol that is commonly used so you're back to my earlier suggestion about a local server.  This is essentially a proxy for the real SMTP.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
A theme is a collection of property settings that allow you to define the look of pages and controls, and then apply the look consistently across pages in an application. Themes can be made up of a set of elements: skins, style sheets, images, and o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now