How to read a basic SMTP transaction
Posted by - NA -, Last modified by Valentin   on 20 June 2014 10:25 AM

Basic SMTP transaction


The below SMTP log file represents the communication that happens between the client connection (such as outlook, or web mail) and the Server (Icewarp Mail Server). Each line of the log will show the sending statement from the client and then the response from the server.

On the left hand side of the log file, you will see the IP of the client that initiates the communication.

Next to that you will see the transaction ID. (In the example below this is [1308] )

From the information in this log, you can see the origin, the sender, the recipient, whether the e-mail was accepted to be delivered (routed to the recipient server), and the message ID.

After the server has accepted the e-mail from the client, it will then attempt to send the e-mail to the recipient server. The following log will show that communication.

The basic format is the same as the original log, but Icewarp now acts as the client connecting to the recipient server. A new transaction ID is generated, and the IP on the left is now the IP of the Server (the IP on the left is always the IP of the machine that generates the initial connection.

As you can see, the initial portion of the communication for session [173C] is a DNS lookup for the recipient domain. Once the DNS resolves, it will then connect to the recipient server and initiate a communication with it.

As in all log files, the communication begins with the connected statement. Then, the recipient domain identifies it’s self in its initial response to the connection.

The sending domain then identifies it’s self with a EHLO statement.

It then announces to the recipient domain, who the e-mail is from, as well as the size of the e-mail. (always in KBs).

It is at this point that the recipient server verifies the sender (whether by rDNS, or simply if there is an MX record attached to the domain). Once that is done, the sending server will announce who the e-mail is for, and the recipient domain will check to make sure that user actually exists. If it does, it will tell the sending server to send the e-mail.

Once the data is sent, the recipient e-mail acknowledges the transaction, and then closes the communication.

(1120 vote(s))
Not helpful

Comments (0)