Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Interpreting an SMTP protocol log

Posted on 2008-10-09
Medium Priority
Last Modified: 2011-10-19
Email service is provided by an Exchange Server within a Windows SBS Server 2003 SP2 R2 environment.
I am in discussion with a phone billing software support person. The software periodically polls phone calls from a PABX and send the software provider an email attaching a report.
It appears to have worked okay for a few months. But has now stopped working.The scheduled emails are not reaching them, it is claimed.

The software provider insists (and rather rudely if I may add) that the fault lies entirely with our mail server. They offer no suggestions, except stubbornly maintain that;

- their logs show that our mail server had accepted the outbound messages (I have not seen these logs myself)
- they do not use an authenticated network user account to send; our mail server accepts anonymous logons (as proven by their log)

My question is two-fold.

1) I had always assumed that by default, Exchange Server will only accept for delivery, messages from an authenticated user. I have been able to check and verify that relay is not enabled (as by default).
How do I check/verify that anonymous logon sending is still rejected. Or as been turned on for some reasons.?

2) I have now turned on SMTP protocol logging, for the next few days.
In interpretating the log, what should I look for to verify that our mail server accepted and successfully (or otherwise) deliver messages to a given email domain.

I might add that apart from the above, the mail server appears to be working normally.

Your assistance in helping me resolve this issue would be most appreciated.
In the process, I would also be able to salvage some or my credibilty.
Question by:garychu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Accepted Solution

NutrientMS earned 1500 total points
ID: 22683377
No,  Exchange will accept anonymous messages destined for YOUR domain.  If someone tried to connect to your Exchange server and use it to send an email to a DIFFERENT domain, that would require authentication.  This is called Open Relay (Where your server openly relays messages destined for other domains).

As for SMTP logs, try using the Exchange Message Tracking tool to find the email and see what it says.  Otherwise, in the logs, there is normally about 4 lines that will be written for each email message.  If it gets all the way up to delivered (put in the user's mailbox) then it was ok.  Check to see what messages it logs and we'll be able to tell you where it stopped.

Do you have mail filtering software loaded (Anti-virus / Anti-spam) ?

Author Comment

ID: 22683604
Thanks, NutrientMS.
I suppose this confirms my understanding that messages from an unauthenticated user destined for a different domain could not have been accepted/delivered by our Exchange Server. If these have been rejected, where would I have found them. I have not used Exchange Message Tracking tool before. Would this help?
I may have to revert back re the SMTP logs in a day or two.
Symantec Mail for Exchange Server is in use. Could not find anythign filtered out.
Mail Washer Server for Exchange is used for inbound spam control only.

Author Comment

ID: 22684371
It's me again.
I have now turned on Message Tracking and Logging.
Will wait a day or two before reverting.
Meanwhile, attached is an extract of some lines from the SMTP protocol log.
By way of reference, W-08 is the computer name (IP=
The problem destination is data@csintel.co.nz
Does it look to you that there appear to be repeated tries a delivery?
Anyway, I do not have enough experience to make out what those lines indicate.
Can you please help me determine if in fact the message(s) got delivered?

Expert Comment

ID: 22685542

I would look at that as though the emails are going through ok.  250 is a returned OK message, so after each command, the exchange server has returned OK.

On the DATA line, what looks like a unique message ID <SERVER-SBSfINESHZwq00000019@lspauk.co.nz> has the recipient server domain lspauk.co.nz, which normally has the domain / server name of the local server sending the message.

Is this an exchange server sending to an exchange server or a computer sending to an exchange server?


Author Comment

ID: 22696091
Hi NutrientMS.
Here I am back with some more logged information.
Attached file contains info I managed to log via Message Tracking and SMTP connector log. I have only included the lines relating to a particular message ID.
It's proving to be a puzzle for me.
1) Message tracking reported an event, "Advanced Queue Failed to Deliver Message"
However, SMTP log shows a return code of 250 for that message. How could this be, if it did not get pass the advanced queue stage?
2) I checked for any MSExchangeTransport event-log error that might provide a more detailed reason. (Example, a 4004 error), but could not find any.
3) I have made sure that ESM - Global settings > Internet Message Formats > Default > Properties > General remains at " * ".
4) GFIMail is not used. Symantec Mail Security for MS Exchange is running normally. Could not find any mail/file or attachment quarantined or removed.
5) No NDRs have been generated inspite of 1) see above.

The situation is a local networked computer sending a message to an external email address.
For your reference, in reading the attachment;
Server-SBS ( - domain controller where Exchange Server is installed
LSOP - local domain
lspauk.co.nz - internet domain
W-08 - name of the workstation computer sending the message
reception@lspauk.co.nz - authenticated user account used to send message
data@csintel.co.nz - destination address, outside the local network
Local time here is GMT+13

Now, more than ever, I need your help. Thanks


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question