Solved

Interpreting an SMTP protocol log

Posted on 2008-10-09
5
739 Views
Last Modified: 2011-10-19
Email service is provided by an Exchange Server within a Windows SBS Server 2003 SP2 R2 environment.
I am in discussion with a phone billing software support person. The software periodically polls phone calls from a PABX and send the software provider an email attaching a report.
It appears to have worked okay for a few months. But has now stopped working.The scheduled emails are not reaching them, it is claimed.

The software provider insists (and rather rudely if I may add) that the fault lies entirely with our mail server. They offer no suggestions, except stubbornly maintain that;

- their logs show that our mail server had accepted the outbound messages (I have not seen these logs myself)
- they do not use an authenticated network user account to send; our mail server accepts anonymous logons (as proven by their log)

My question is two-fold.

1) I had always assumed that by default, Exchange Server will only accept for delivery, messages from an authenticated user. I have been able to check and verify that relay is not enabled (as by default).
How do I check/verify that anonymous logon sending is still rejected. Or as been turned on for some reasons.?

2) I have now turned on SMTP protocol logging, for the next few days.
In interpretating the log, what should I look for to verify that our mail server accepted and successfully (or otherwise) deliver messages to a given email domain.

I might add that apart from the above, the mail server appears to be working normally.

Your assistance in helping me resolve this issue would be most appreciated.
In the process, I would also be able to salvage some or my credibilty.
0
Comment
Question by:garychu
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
NutrientMS earned 500 total points
ID: 22683377
No,  Exchange will accept anonymous messages destined for YOUR domain.  If someone tried to connect to your Exchange server and use it to send an email to a DIFFERENT domain, that would require authentication.  This is called Open Relay (Where your server openly relays messages destined for other domains).

As for SMTP logs, try using the Exchange Message Tracking tool to find the email and see what it says.  Otherwise, in the logs, there is normally about 4 lines that will be written for each email message.  If it gets all the way up to delivered (put in the user's mailbox) then it was ok.  Check to see what messages it logs and we'll be able to tell you where it stopped.

Do you have mail filtering software loaded (Anti-virus / Anti-spam) ?
0
 

Author Comment

by:garychu
ID: 22683604
Thanks, NutrientMS.
I suppose this confirms my understanding that messages from an unauthenticated user destined for a different domain could not have been accepted/delivered by our Exchange Server. If these have been rejected, where would I have found them. I have not used Exchange Message Tracking tool before. Would this help?
I may have to revert back re the SMTP logs in a day or two.
Symantec Mail for Exchange Server is in use. Could not find anythign filtered out.
Mail Washer Server for Exchange is used for inbound spam control only.
0
 

Author Comment

by:garychu
ID: 22684371
It's me again.
I have now turned on Message Tracking and Logging.
Will wait a day or two before reverting.
Meanwhile, attached is an extract of some lines from the SMTP protocol log.
By way of reference, W-08 is the computer name (IP=192.168.1.61)
The problem destination is data@csintel.co.nz
Does it look to you that there appear to be repeated tries a delivery?
Anyway, I do not have enough experience to make out what those lines indicate.
Can you please help me determine if in fact the message(s) got delivered?
Thanks
SMTP-log.txt
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22685542
Hi,

I would look at that as though the emails are going through ok.  250 is a returned OK message, so after each command, the exchange server has returned OK.

On the DATA line, what looks like a unique message ID <SERVER-SBSfINESHZwq00000019@lspauk.co.nz> has the recipient server domain lspauk.co.nz, which normally has the domain / server name of the local server sending the message.

Is this an exchange server sending to an exchange server or a computer sending to an exchange server?

Cheers.
0
 

Author Comment

by:garychu
ID: 22696091
Hi NutrientMS.
Here I am back with some more logged information.
Attached file contains info I managed to log via Message Tracking and SMTP connector log. I have only included the lines relating to a particular message ID.
It's proving to be a puzzle for me.
1) Message tracking reported an event, "Advanced Queue Failed to Deliver Message"
However, SMTP log shows a return code of 250 for that message. How could this be, if it did not get pass the advanced queue stage?
2) I checked for any MSExchangeTransport event-log error that might provide a more detailed reason. (Example, a 4004 error), but could not find any.
3) I have made sure that ESM - Global settings > Internet Message Formats > Default > Properties > General remains at " * ".
4) GFIMail is not used. Symantec Mail Security for MS Exchange is running normally. Could not find any mail/file or attachment quarantined or removed.
5) No NDRs have been generated inspite of 1) see above.

The situation is a local networked computer sending a message to an external email address.
For your reference, in reading the attachment;
Server-SBS (192.168.1.2) - domain controller where Exchange Server is installed
LSOP - local domain
lspauk.co.nz - internet domain
W-08 - name of the workstation computer sending the message
reception@lspauk.co.nz - authenticated user account used to send message
data@csintel.co.nz - destination address, outside the local network
Local time here is GMT+13

Now, more than ever, I need your help. Thanks

Msg20081011.xls
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now