trapping an SMTP request

i am looking to have a handler called when any mail application submits a "send mail" via smtp.  is there a way to hook all smtp requests from a mail client within windows?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

jhanceConnect With a Mentor Commented:
Do you want to be able to do this without having to reconfigure the email software?

If so, then you have two options:

1) Hooking the WINSOCK functions that establish the connection.  Probably connect() at least.  This technique called API hooking is described in Richter's book, Programming Applications for Windows.  It's somewhat complex and a different technique is needed for Win9x vs. NT/2000.

2) Writing an NDIS Intermediate driver to intercept the network packets for the SMTP connection.  This is a very powerful technique but it has the added complexity of being done as a device driver.  Also different between Win9x and NT/2000.  You might look at the PCAUSA ( web site for information about this and a toolkit that can help with this.

If the EMAIL client can be reconfigured, then a technique similar to what Norton Anti-Virus and other virus scanners that check email do, namely, writing a local "server" that clients connect to and then passing that onto the real server after scanning the data.  You could redirect your SMTP traffic to a local "SMTP" server.  It would do whatever it is you want to do with the traffic and then pass it on to the real SMTP server.
There are many ways and they all have pro/cons.  Perhaps a bit more about what you are trying to accomplish would help...
mnguyen021997Author Commented:
so when a user trys and sends mail through either OE, eudora, netscape, etc i would like to trap that request and trigger an application to be launched (for all intents and purposes, it could be an MS Agent or something to greet them).
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

robpittConnect With a Mentor Commented:
A 3rd option for you... write a winsock layered service provider. See

See also the MailControl app at I'm pretty sure this uses a winsock LSP dll. Infact ask Yariv the author of the above for the source - he's quite approachable.

mnguyen021997Author Commented:
is there not a way to hook it from a registry entry?  i was under the assumption you could write your own protocol handler by redirecting some entries in the registry.

Interesting idea about the SPI.  It's one of those Winsock 2 features that has gone practically unnoticed.  I'm not sure what is more thinly documented, the NDIS driver interface or the WINSOCK 2 SPI....


There is a grain of truth to what you are saying but the implications are large.  True, a registry entry is all it takes to insert a driver into the Windows network protocol stack but, and this is a big BUT, what you do must be a fully compliant driver for the place where you insert it.  If not, you'll almost certainly get a BLUE SCREEN and a really messy situation.  I pointed you to the NDIS intermediate driver since it's far simpler that a full-blown NDIS network driver or a protocol driver.
mnguyen021997Author Commented:
i actually thought it was easier then that.  at least for "http" you could even devise your own protocol "mnguyenTP" that is used. but perhaps this is used only in the context of a browser.
I'm not sure at all what you are referring to unless it is the HTTP PROXY protocol.  That's really easy to "tap into" via the proxy settings in all browsers.  SMTP does NOT have a proxy protocol that is commonly used so you're back to my earlier suggestion about a local server.  This is essentially a proxy for the real SMTP.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.