Link to home
Start Free TrialLog in
Avatar of techdrive
techdriveFlag for United States of America

asked on

How to learn RFC's and how internet email work

Hi I have worked in the capacity of  Microsoft Exchange server and AD for sometime, but recently have received additional duties and one of them is reading email headers. For example making a determination of why an email was blocked, tagged etc.. on firewall appliance. Any guidance on where I can receive resources to learn RFC's and how internet email work. I don't see a lot of material but only unix resources like postfix and sendmail. I I have been kind of winging it and using google but would like some more formal information about this stuff.
ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Noci kindly covered the RFC related part of your question which actually has no relation to the additional duties you gave directly.

The main point of the SMTP rfc 822, 2822.. Deals with the requirement that each mailserver accepting a message must add their marker atop the message header.
Received: from name [ip]
                By receiving server, ip time stamp


The duties you have relate more to your setup, I.e. Based on what criteria your server assesses, SPF, DomainKeys, Exchange version anti-spam, virus.

Often, the mail flow logs should convey the reason the message was routed into the spam folder.


Whether your filtering add header  entries to convey the reason for .....

Mxtoolbox.com includes a blacklist ref. In the event your system uses/includes rules to reject messages from "known spam" sources based on one or several DNS black lists.
You said, "For example making a determination of why an email was blocked, tagged etc.. on firewall appliance."

This has little to do with any RFCs (potentially) + everything to do with your firewall appliance.

There is no RFC about how to block email, only how email delivers.

Also keep in mind the blocks you're seeing may be generated upstream by a Provider (Gmail/Hotmail/Yahoo/etc...) + simply pass through to your firewall appliance.

Best to analyze the exact reason for the block (no RFC for this either), by reading the SMTP response code + tracking back up the entire chain till you find where the response code was actually generated.

This type of debugging can leave you muttering in dark corners pulling at your hair.

If you get stumped, best engage someone who does type type of debugging all day long.