trapping an SMTP request

Posted on 2001-07-05
Last Modified: 2013-12-03
i am looking to have a handler called when any mail application submits a "send mail" via smtp.  is there a way to hook all smtp requests from a mail client within windows?
Question by:mnguyen021997
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 32

Expert Comment

ID: 6256652
There are many ways and they all have pro/cons.  Perhaps a bit more about what you are trying to accomplish would help...

Author Comment

ID: 6258458
so when a user trys and sends mail through either OE, eudora, netscape, etc i would like to trap that request and trigger an application to be launched (for all intents and purposes, it could be an MS Agent or something to greet them).
LVL 32

Accepted Solution

jhance earned 100 total points
ID: 6259165
Do you want to be able to do this without having to reconfigure the email software?

If so, then you have two options:

1) Hooking the WINSOCK functions that establish the connection.  Probably connect() at least.  This technique called API hooking is described in Richter's book, Programming Applications for Windows.  It's somewhat complex and a different technique is needed for Win9x vs. NT/2000.

2) Writing an NDIS Intermediate driver to intercept the network packets for the SMTP connection.  This is a very powerful technique but it has the added complexity of being done as a device driver.  Also different between Win9x and NT/2000.  You might look at the PCAUSA ( web site for information about this and a toolkit that can help with this.

If the EMAIL client can be reconfigured, then a technique similar to what Norton Anti-Virus and other virus scanners that check email do, namely, writing a local "server" that clients connect to and then passing that onto the real server after scanning the data.  You could redirect your SMTP traffic to a local "SMTP" server.  It would do whatever it is you want to do with the traffic and then pass it on to the real SMTP server.
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.


Assisted Solution

robpitt earned 100 total points
ID: 6259252
A 3rd option for you... write a winsock layered service provider. See

See also the MailControl app at I'm pretty sure this uses a winsock LSP dll. Infact ask Yariv the author of the above for the source - he's quite approachable.


Author Comment

ID: 6259520
is there not a way to hook it from a registry entry?  i was under the assumption you could write your own protocol handler by redirecting some entries in the registry.
LVL 32

Expert Comment

ID: 6259574

Interesting idea about the SPI.  It's one of those Winsock 2 features that has gone practically unnoticed.  I'm not sure what is more thinly documented, the NDIS driver interface or the WINSOCK 2 SPI....


There is a grain of truth to what you are saying but the implications are large.  True, a registry entry is all it takes to insert a driver into the Windows network protocol stack but, and this is a big BUT, what you do must be a fully compliant driver for the place where you insert it.  If not, you'll almost certainly get a BLUE SCREEN and a really messy situation.  I pointed you to the NDIS intermediate driver since it's far simpler that a full-blown NDIS network driver or a protocol driver.

Author Comment

ID: 6259975
i actually thought it was easier then that.  at least for "http" you could even devise your own protocol "mnguyenTP" that is used. but perhaps this is used only in the context of a browser.
LVL 32

Expert Comment

ID: 6260212
I'm not sure at all what you are referring to unless it is the HTTP PROXY protocol.  That's really easy to "tap into" via the proxy settings in all browsers.  SMTP does NOT have a proxy protocol that is commonly used so you're back to my earlier suggestion about a local server.  This is essentially a proxy for the real SMTP.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have ever found yourself doing a repetitive action with the mouse and keyboard, and if you have even a little programming experience, there is a good chance that you can use a text editor to whip together a sort of macro to automate the proce…
In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question