Interpreting an SMTP protocol log

Posted on 2008-10-09
Medium Priority
Last Modified: 2011-10-19
Email service is provided by an Exchange Server within a Windows SBS Server 2003 SP2 R2 environment.
I am in discussion with a phone billing software support person. The software periodically polls phone calls from a PABX and send the software provider an email attaching a report.
It appears to have worked okay for a few months. But has now stopped working.The scheduled emails are not reaching them, it is claimed.

The software provider insists (and rather rudely if I may add) that the fault lies entirely with our mail server. They offer no suggestions, except stubbornly maintain that;

- their logs show that our mail server had accepted the outbound messages (I have not seen these logs myself)
- they do not use an authenticated network user account to send; our mail server accepts anonymous logons (as proven by their log)

My question is two-fold.

1) I had always assumed that by default, Exchange Server will only accept for delivery, messages from an authenticated user. I have been able to check and verify that relay is not enabled (as by default).
How do I check/verify that anonymous logon sending is still rejected. Or as been turned on for some reasons.?

2) I have now turned on SMTP protocol logging, for the next few days.
In interpretating the log, what should I look for to verify that our mail server accepted and successfully (or otherwise) deliver messages to a given email domain.

I might add that apart from the above, the mail server appears to be working normally.

Your assistance in helping me resolve this issue would be most appreciated.
In the process, I would also be able to salvage some or my credibilty.
Question by:garychu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Accepted Solution

NutrientMS earned 1500 total points
ID: 22683377
No,  Exchange will accept anonymous messages destined for YOUR domain.  If someone tried to connect to your Exchange server and use it to send an email to a DIFFERENT domain, that would require authentication.  This is called Open Relay (Where your server openly relays messages destined for other domains).

As for SMTP logs, try using the Exchange Message Tracking tool to find the email and see what it says.  Otherwise, in the logs, there is normally about 4 lines that will be written for each email message.  If it gets all the way up to delivered (put in the user's mailbox) then it was ok.  Check to see what messages it logs and we'll be able to tell you where it stopped.

Do you have mail filtering software loaded (Anti-virus / Anti-spam) ?

Author Comment

ID: 22683604
Thanks, NutrientMS.
I suppose this confirms my understanding that messages from an unauthenticated user destined for a different domain could not have been accepted/delivered by our Exchange Server. If these have been rejected, where would I have found them. I have not used Exchange Message Tracking tool before. Would this help?
I may have to revert back re the SMTP logs in a day or two.
Symantec Mail for Exchange Server is in use. Could not find anythign filtered out.
Mail Washer Server for Exchange is used for inbound spam control only.

Author Comment

ID: 22684371
It's me again.
I have now turned on Message Tracking and Logging.
Will wait a day or two before reverting.
Meanwhile, attached is an extract of some lines from the SMTP protocol log.
By way of reference, W-08 is the computer name (IP=
The problem destination is data@csintel.co.nz
Does it look to you that there appear to be repeated tries a delivery?
Anyway, I do not have enough experience to make out what those lines indicate.
Can you please help me determine if in fact the message(s) got delivered?

Expert Comment

ID: 22685542

I would look at that as though the emails are going through ok.  250 is a returned OK message, so after each command, the exchange server has returned OK.

On the DATA line, what looks like a unique message ID <SERVER-SBSfINESHZwq00000019@lspauk.co.nz> has the recipient server domain lspauk.co.nz, which normally has the domain / server name of the local server sending the message.

Is this an exchange server sending to an exchange server or a computer sending to an exchange server?


Author Comment

ID: 22696091
Hi NutrientMS.
Here I am back with some more logged information.
Attached file contains info I managed to log via Message Tracking and SMTP connector log. I have only included the lines relating to a particular message ID.
It's proving to be a puzzle for me.
1) Message tracking reported an event, "Advanced Queue Failed to Deliver Message"
However, SMTP log shows a return code of 250 for that message. How could this be, if it did not get pass the advanced queue stage?
2) I checked for any MSExchangeTransport event-log error that might provide a more detailed reason. (Example, a 4004 error), but could not find any.
3) I have made sure that ESM - Global settings > Internet Message Formats > Default > Properties > General remains at " * ".
4) GFIMail is not used. Symantec Mail Security for MS Exchange is running normally. Could not find any mail/file or attachment quarantined or removed.
5) No NDRs have been generated inspite of 1) see above.

The situation is a local networked computer sending a message to an external email address.
For your reference, in reading the attachment;
Server-SBS ( - domain controller where Exchange Server is installed
LSOP - local domain
lspauk.co.nz - internet domain
W-08 - name of the workstation computer sending the message
reception@lspauk.co.nz - authenticated user account used to send message
data@csintel.co.nz - destination address, outside the local network
Local time here is GMT+13

Now, more than ever, I need your help. Thanks


Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses
Course of the Month9 days, 3 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question