Solved

Looking for what a typical smtp connection should look like in the logs

Posted on 2008-10-23
9
441 Views
Last Modified: 2013-11-30
I am trying to run down some email issues and I'm going through the SMTP Logs. I have so many variations in the logs that I can't remember what a typical successful connection looks like.

Could somebody post for me an example of a successful inbound and outbound connection that is specific to Exchange. The Outbound especially.

Many Thanks
0
Comment
Question by:AJNS
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22789312
Here's the MS KB article on SMTP Logs.
http://support.microsoft.com/kb/155455

I just turned logging on and I'll post my log in a couple hours.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22790257
Here's part of my smtp log file.  Let me know if you want me to turn on any details.
ex081023.txt
0
 

Author Comment

by:AJNS
ID: 22794963
That's great, thanks.

Any chance I could get an outbound connection?
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22798548
I'll start a log now and post it in a couple hours.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:AJNS
ID: 22870940
Checking back in to see if you can post the log.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22871140
Sorry, I completely spaced it.

The log that I ran isn't the outgoing connection log.  Can you tell me which specific log your running so I can post the same one back to you.

Sorry again for the delay.
0
 

Author Comment

by:AJNS
ID: 22871695
No problem.

I'm just running the regular logging with all the options on. It shows up on the smtpsvc1 log like this

2008-10-21 15:08:28 206.47.199.*** OutboundConnectionCommand SMTPSVC1
2008-10-21 15:08:28 206.47.199.*** OutboundConnectionResponse SMTPSVC1
2008-10-21 15:08:28 206.47.199.*** OutboundConnectionCommand SMTPSVC1

Only mine has more errors than actual valid log entries.
0
 
LVL 15

Accepted Solution

by:
tenaj-207 earned 250 total points
ID: 22872090
Here's a couple;

2008-10-29 15:39:37 65.54.245.40 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO - mycompany.com 0 0 4 0 188 SMTP - - - -
2008-10-29 15:39:37 65.54.245.40 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250-bay0-mc10-f22.bay0.hotmail.com+(3.7.0.89)+Hello+[63.135.208.12] 0 0 67 0 266 SMTP - - - -
2008-10-29 15:39:37 65.54.245.40 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL - FROM:<TLC@mycompany.com>+SIZE=13204 0 0 4 0 266 SMTP - - - -
2008-10-29 15:39:37 65.54.245.40 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+TLC@mycompany.com....Sender+OK 0 0 47 0 359 SMTP - - - -
2008-10-29 15:39:37 65.54.245.40 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT - TO:<dircks@hotmail.com> 0 0 4 0 359 SMTP - - - -
2008-10-29 15:39:37 65.54.245.40 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+dircks@hotmail.com+ 0 0 26 0 453 SMTP - - - -
2008-10-29 15:39:37 65.54.245.40 OutboundConnectionCommand SMTPSVC1 SERVER - 25 BDAT - 13204+LAST 0 0 4 0 453 SMTP - - - -
2008-10-29 15:39:39 65.54.245.40 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250++<2677906A1EC6944A8184D033E8B8487F112EB9@SERVER.TLC.local>+Queued+mail+for+delivery 0 0 87 0 1469 SMTP - - - -
2008-10-29 15:39:39 65.54.245.40 OutboundConnectionCommand SMTPSVC1 SERVER - 25 QUIT - - 0 0 4 0 1484 SMTP - - - -
2008-10-29 15:39:39 65.54.245.40 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 221+bay0-mc10-f22.bay0.hotmail.com+Service+closing+transmission+channel 0 0 71 0 1578 SMTP - - - -

2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 220+mx.google.com+ESMTP+f42si2836542rvb.6 0 0 41 0 140 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO - mycompany.com 0 0 4 0 140 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250-mx.google.com+at+your+service,+[63.135.208.12] 0 0 50 0 187 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL - FROM:<Todd@mycompany.com>+SIZE=1419 0 0 4 0 203 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+2.1.0+OK+f42si2836542rvb.6 0 0 30 0 265 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT - TO:<wendy@lenz-financial.com> 0 0 4 0 265 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+2.1.5+OK+f42si2836542rvb.6 0 0 30 0 531 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionCommand SMTPSVC1 SERVER - 25 DATA - - 0 0 4 0 531 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 354++Go+ahead+f42si2836542rvb.6 0 0 31 0 609 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+2.0.0+OK+1225231074+f42si2836542rvb.6 0 0 41 0 875 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionCommand SMTPSVC1 SERVER - 25 QUIT - - 0 0 4 0 890 SMTP - - - -
2008-10-28 21:57:54 209.85.199.114 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 221+2.0.0+closing+connection+f42si2836542rvb.6 0 0 46 0 937 SMTP - - - -

2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 220+comail.netbsa.org+ESMTP 0 0 27 0 563 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO - mycompany.com 0 0 4 0 563 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250-comail.netbsa.org 0 0 21 0 672 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL - FROM:<TLC@mycompany.com>+SIZE=6116 0 0 4 0 734 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+sender+<TLC@mycompany.com>+ok 0 0 46 0 828 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT - TO:<sarah@cpbsa.org> 0 0 4 0 828 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+recipient+<sarah@cpbsa.org>+ok 0 0 35 0 938 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionCommand SMTPSVC1 SERVER - 25 DATA - - 0 0 4 0 938 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 354+go+ahead 0 0 12 0 1047 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+ok:++Message+218725457+accepted 0 0 35 0 1344 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionCommand SMTPSVC1 SERVER - 25 QUIT - - 0 0 4 0 1359 SMTP - - - -
2008-10-27 17:41:57 209.246.150.166 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 221+comail.netsa.org 0 0 21 0 1453 SMTP - - - -
0
 

Author Closing Comment

by:AJNS
ID: 31509299
Thanks very much
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now