ithawaii
asked on
how to read SMTP logs
Hi, i've been getting huge logs everyday. Here's part of the logs:
...
19:00:20 189.36.201.18 MAIL - 250
19:00:20 189.36.201.18 RCPT - 550
19:00:20 189.36.201.18 DATA - 503
19:00:20 92.1.36.248 DATA - 250
19:00:20 92.1.36.248 QUIT - 240
19:00:20 189.36.201.18 QUIT - 240
19:00:21 84.143.210.214 EHLO - 250
19:00:21 84.143.210.214 MAIL - 250
19:00:21 84.143.210.214 RCPT - 550
19:00:21 84.143.210.214 DATA - 503
19:00:21 84.143.210.214 QUIT - 240
19:00:24 85.105.72.184 EHLO - 250
19:00:24 201.221.149.111 HELO - 250
19:00:24 201.221.149.111 MAIL - 250
19:00:24 78.166.33.247 EHLO - 250
19:00:24 85.105.72.184 MAIL - 250
19:00:24 85.105.72.184 RCPT - 550
19:00:24 85.105.72.184 DATA - 503
19:00:24 201.221.149.111 RCPT - 550
19:00:24 201.221.149.111 QUIT - 240
19:00:24 85.105.72.184 QUIT - 240
19:00:24 78.166.33.247 MAIL - 250
19:00:24 78.166.33.247 RCPT - 550
19:00:24 78.166.33.247 DATA - 503
19:00:27 78.166.33.247 QUIT - 240
19:00:31 83.24.126.5 EHLO - 250
19:00:32 83.24.126.5 MAIL - 250
19:00:32 83.24.126.5 RCPT - 250
19:00:32 83.24.126.5 RCPT - 250
19:00:34 216.117.214.242 HELO - 250
19:00:34 83.24.126.5 DATA - 250
19:00:34 216.117.214.242 MAIL - 250
19:00:34 216.117.214.242 RCPT - 250
19:00:36 83.24.126.5 QUIT - 240
19:00:36 216.117.214.242 DATA - 250
19:00:36 189.34.69.94 EHLO - 250
19:00:36 189.34.69.94 MAIL - 250
19:00:37 200.121.134.100 HELO - 250
19:00:37 200.121.134.100 MAIL - 250
19:00:37 189.34.69.94 RCPT - 550
19:00:37 200.121.134.100 RCPT - 550
19:00:37 189.34.69.94 QUIT - 240
19:00:37 200.121.134.100 QUIT - 240
19:00:40 86.13.6.177 EHLO - 250
19:00:40 86.13.6.177 MAIL - 250
19:00:40 86.13.6.177 RCPT - 250
19:00:42 86.13.6.177 DATA - 250
19:00:42 86.13.6.177 QUIT - 240
...
does this look normal? also, please help me to understand EHLO, MAIL, RCPT, DATA, QUIT commands. what do those numbers (250, 240, 550..) mean?
Thanks,
...
19:00:20 189.36.201.18 MAIL - 250
19:00:20 189.36.201.18 RCPT - 550
19:00:20 189.36.201.18 DATA - 503
19:00:20 92.1.36.248 DATA - 250
19:00:20 92.1.36.248 QUIT - 240
19:00:20 189.36.201.18 QUIT - 240
19:00:21 84.143.210.214 EHLO - 250
19:00:21 84.143.210.214 MAIL - 250
19:00:21 84.143.210.214 RCPT - 550
19:00:21 84.143.210.214 DATA - 503
19:00:21 84.143.210.214 QUIT - 240
19:00:24 85.105.72.184 EHLO - 250
19:00:24 201.221.149.111 HELO - 250
19:00:24 201.221.149.111 MAIL - 250
19:00:24 78.166.33.247 EHLO - 250
19:00:24 85.105.72.184 MAIL - 250
19:00:24 85.105.72.184 RCPT - 550
19:00:24 85.105.72.184 DATA - 503
19:00:24 201.221.149.111 RCPT - 550
19:00:24 201.221.149.111 QUIT - 240
19:00:24 85.105.72.184 QUIT - 240
19:00:24 78.166.33.247 MAIL - 250
19:00:24 78.166.33.247 RCPT - 550
19:00:24 78.166.33.247 DATA - 503
19:00:27 78.166.33.247 QUIT - 240
19:00:31 83.24.126.5 EHLO - 250
19:00:32 83.24.126.5 MAIL - 250
19:00:32 83.24.126.5 RCPT - 250
19:00:32 83.24.126.5 RCPT - 250
19:00:34 216.117.214.242 HELO - 250
19:00:34 83.24.126.5 DATA - 250
19:00:34 216.117.214.242 MAIL - 250
19:00:34 216.117.214.242 RCPT - 250
19:00:36 83.24.126.5 QUIT - 240
19:00:36 216.117.214.242 DATA - 250
19:00:36 189.34.69.94 EHLO - 250
19:00:36 189.34.69.94 MAIL - 250
19:00:37 200.121.134.100 HELO - 250
19:00:37 200.121.134.100 MAIL - 250
19:00:37 189.34.69.94 RCPT - 550
19:00:37 200.121.134.100 RCPT - 550
19:00:37 189.34.69.94 QUIT - 240
19:00:37 200.121.134.100 QUIT - 240
19:00:40 86.13.6.177 EHLO - 250
19:00:40 86.13.6.177 MAIL - 250
19:00:40 86.13.6.177 RCPT - 250
19:00:42 86.13.6.177 DATA - 250
19:00:42 86.13.6.177 QUIT - 240
...
does this look normal? also, please help me to understand EHLO, MAIL, RCPT, DATA, QUIT commands. what do those numbers (250, 240, 550..) mean?
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hypercat (Deb)
LOL - that's great Kieran! You should rent yourself out as a technospeak interpreter ;-)
ASKER
excellent!!! thanks hypercat and kieran
I have been toying with the idea of SMTP theatre for a while - particularly when explaining SPF or RBLs, just trying to think of the appropriate media :)
How about stop motion with claymation, like wallace and grommit? I see the Black Spamcloud hanging over the house pelting it with nasties and Wallace will invent the SPF rainbow umbrella....OK - we're supposed to stop this now, not appropriate for the serious world of EE...
Damn, you just gave me _another_ idea for media!
thanks for closing ithawaii, hope we helped.
Kieran
thanks for closing ithawaii, hope we helped.
Kieran