garychu
asked on
Interpreting an SMTP protocol log
Email service is provided by an Exchange Server within a Windows SBS Server 2003 SP2 R2 environment.
I am in discussion with a phone billing software support person. The software periodically polls phone calls from a PABX and send the software provider an email attaching a report.
It appears to have worked okay for a few months. But has now stopped working.The scheduled emails are not reaching them, it is claimed.
The software provider insists (and rather rudely if I may add) that the fault lies entirely with our mail server. They offer no suggestions, except stubbornly maintain that;
- their logs show that our mail server had accepted the outbound messages (I have not seen these logs myself)
- they do not use an authenticated network user account to send; our mail server accepts anonymous logons (as proven by their log)
My question is two-fold.
1) I had always assumed that by default, Exchange Server will only accept for delivery, messages from an authenticated user. I have been able to check and verify that relay is not enabled (as by default).
How do I check/verify that anonymous logon sending is still rejected. Or as been turned on for some reasons.?
2) I have now turned on SMTP protocol logging, for the next few days.
In interpretating the log, what should I look for to verify that our mail server accepted and successfully (or otherwise) deliver messages to a given email domain.
I might add that apart from the above, the mail server appears to be working normally.
Your assistance in helping me resolve this issue would be most appreciated.
In the process, I would also be able to salvage some or my credibilty.
I am in discussion with a phone billing software support person. The software periodically polls phone calls from a PABX and send the software provider an email attaching a report.
It appears to have worked okay for a few months. But has now stopped working.The scheduled emails are not reaching them, it is claimed.
The software provider insists (and rather rudely if I may add) that the fault lies entirely with our mail server. They offer no suggestions, except stubbornly maintain that;
- their logs show that our mail server had accepted the outbound messages (I have not seen these logs myself)
- they do not use an authenticated network user account to send; our mail server accepts anonymous logons (as proven by their log)
My question is two-fold.
1) I had always assumed that by default, Exchange Server will only accept for delivery, messages from an authenticated user. I have been able to check and verify that relay is not enabled (as by default).
How do I check/verify that anonymous logon sending is still rejected. Or as been turned on for some reasons.?
2) I have now turned on SMTP protocol logging, for the next few days.
In interpretating the log, what should I look for to verify that our mail server accepted and successfully (or otherwise) deliver messages to a given email domain.
I might add that apart from the above, the mail server appears to be working normally.
Your assistance in helping me resolve this issue would be most appreciated.
In the process, I would also be able to salvage some or my credibilty.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's me again.
I have now turned on Message Tracking and Logging.
Will wait a day or two before reverting.
Meanwhile, attached is an extract of some lines from the SMTP protocol log.
By way of reference, W-08 is the computer name (IP=192.168.1.61)
The problem destination is data@csintel.co.nz
Does it look to you that there appear to be repeated tries a delivery?
Anyway, I do not have enough experience to make out what those lines indicate.
Can you please help me determine if in fact the message(s) got delivered?
Thanks
SMTP-log.txt
I have now turned on Message Tracking and Logging.
Will wait a day or two before reverting.
Meanwhile, attached is an extract of some lines from the SMTP protocol log.
By way of reference, W-08 is the computer name (IP=192.168.1.61)
The problem destination is data@csintel.co.nz
Does it look to you that there appear to be repeated tries a delivery?
Anyway, I do not have enough experience to make out what those lines indicate.
Can you please help me determine if in fact the message(s) got delivered?
Thanks
SMTP-log.txt
Hi,
I would look at that as though the emails are going through ok. 250 is a returned OK message, so after each command, the exchange server has returned OK.
On the DATA line, what looks like a unique message ID <SERVER-SBSfINESHZwq000000 19@lspauk. co.nz> has the recipient server domain lspauk.co.nz, which normally has the domain / server name of the local server sending the message.
Is this an exchange server sending to an exchange server or a computer sending to an exchange server?
Cheers.
I would look at that as though the emails are going through ok. 250 is a returned OK message, so after each command, the exchange server has returned OK.
On the DATA line, what looks like a unique message ID <SERVER-SBSfINESHZwq000000
Is this an exchange server sending to an exchange server or a computer sending to an exchange server?
Cheers.
ASKER
Hi NutrientMS.
Here I am back with some more logged information.
Attached file contains info I managed to log via Message Tracking and SMTP connector log. I have only included the lines relating to a particular message ID.
It's proving to be a puzzle for me.
1) Message tracking reported an event, "Advanced Queue Failed to Deliver Message"
However, SMTP log shows a return code of 250 for that message. How could this be, if it did not get pass the advanced queue stage?
2) I checked for any MSExchangeTransport event-log error that might provide a more detailed reason. (Example, a 4004 error), but could not find any.
3) I have made sure that ESM - Global settings > Internet Message Formats > Default > Properties > General remains at " * ".
4) GFIMail is not used. Symantec Mail Security for MS Exchange is running normally. Could not find any mail/file or attachment quarantined or removed.
5) No NDRs have been generated inspite of 1) see above.
The situation is a local networked computer sending a message to an external email address.
For your reference, in reading the attachment;
Server-SBS (192.168.1.2) - domain controller where Exchange Server is installed
LSOP - local domain
lspauk.co.nz - internet domain
W-08 - name of the workstation computer sending the message
reception@lspauk.co.nz - authenticated user account used to send message
data@csintel.co.nz - destination address, outside the local network
Local time here is GMT+13
Now, more than ever, I need your help. Thanks
Msg20081011.xls
Here I am back with some more logged information.
Attached file contains info I managed to log via Message Tracking and SMTP connector log. I have only included the lines relating to a particular message ID.
It's proving to be a puzzle for me.
1) Message tracking reported an event, "Advanced Queue Failed to Deliver Message"
However, SMTP log shows a return code of 250 for that message. How could this be, if it did not get pass the advanced queue stage?
2) I checked for any MSExchangeTransport event-log error that might provide a more detailed reason. (Example, a 4004 error), but could not find any.
3) I have made sure that ESM - Global settings > Internet Message Formats > Default > Properties > General remains at " * ".
4) GFIMail is not used. Symantec Mail Security for MS Exchange is running normally. Could not find any mail/file or attachment quarantined or removed.
5) No NDRs have been generated inspite of 1) see above.
The situation is a local networked computer sending a message to an external email address.
For your reference, in reading the attachment;
Server-SBS (192.168.1.2) - domain controller where Exchange Server is installed
LSOP - local domain
lspauk.co.nz - internet domain
W-08 - name of the workstation computer sending the message
reception@lspauk.co.nz - authenticated user account used to send message
data@csintel.co.nz - destination address, outside the local network
Local time here is GMT+13
Now, more than ever, I need your help. Thanks
Msg20081011.xls
ASKER
I suppose this confirms my understanding that messages from an unauthenticated user destined for a different domain could not have been accepted/delivered by our Exchange Server. If these have been rejected, where would I have found them. I have not used Exchange Message Tracking tool before. Would this help?
I may have to revert back re the SMTP logs in a day or two.
Symantec Mail for Exchange Server is in use. Could not find anythign filtered out.
Mail Washer Server for Exchange is used for inbound spam control only.