How to Enable and Interpret the Smtp.log File

This article discusses the entries found in the Smtp.log file, and is intended to be used as a reference when you have tried all other troubleshooting steps. Most SMTP transmission errors are related to either hardware configuration errors (modem, serial port, initialization string), TCP/IP connectivity problems, or problems with the client computer. In addition, this article provides basic background information on SMTP and the extensions to SMTP, ESMTP.

Please note that the information contained in this article is based on information obtained from documents made freely available by the Internet Engineering Task Force (IETF). These documents, called Requests-for- Comments (RFC), are living documents. As such, the information presented here is only as current as the RFCs used to research these articles.

When RFCs are updated or made obsolete, the original RFC number is preserved. Any RFC that has been updated or made obsolete is modified to contain the newer RFC number.

The RFCs used in the research for this article are: RFCs can be obtained, free of charge, on the Internet at ds.internic.net. This site accepts HTTP, anonymous FTP, and TELNET connections.

The remainder of this article is organized into two sections: "SMTP Basics" and "Interpreting the Smtp.log File."

SMTP Basics

This section includes a general introduction to SMTP design, connections, and session commands and syntax.

For information about how to enable the SMTP log in Outlook Express, please see the following article in the Microsoft Knowledge Base:

• SMTP Design

The Simple Mail Transfer Protocol (SMTP) is a text-based protocol using the US ASCII set of characters, a subset of the ASCII character set containing octet values 00h-7Fh (0d-127d) inclusive. It provides message transport services across end-to-end reliable networks. Its sole requirements for a network-layer transport mechanism are ordered, reliable packet delivery.

SMTP is used by email clients to send messages to an SMTP server, and by SMTP servers to transport messages between intermediate 'hops' before delivery to a POP3 mailbox. The POP3 protocol, not covered in this article, is used to retrieve messages from a mailbox. For more information on POP3 and its use with Microsoft products, please see the following article in the Microsoft Knowledge Base: Because messages regularly contain information that contains values not within this range, there have been facilities designed to handle non-US ASCII data. When a message has content not defined within US ASCII (such as audio samples or bitmaps), a multiple-object facility, such as MIME, is used to encode it prior to transmission.

Support for any form of encoding is contained within the mail client. If a mail client receives a message containing encoded information, and the client does not support content encoding, the user will generally see gibberish.

NOTE: There is an update to the existing SMTP specification known as the Extension to SMTP (ESMTP). Not all mail servers on the Internet are ESMTP- capable, however they are becoming increasingly more common.

SMTP transfers involve a sender-receiver model where each participant can send, receive, and interpret session status messages from the other. The sender can connect directly to the terminal destination of the message or an intermediary.

The SMTP session is initiated by the sender and can be terminated by either the sender or the receiver.

• SMTP Connections

An SMTP server, typically implemented as a daemon process on a computer running a UNIX-based operating system, listens for traffic on TCP port 25. Although this port assignment is standard, many client software packages have a user-configurable option to change the port number to compensate for non-standard server implementations.

NOTE: To change this value in Microsoft Internet Mail and News (IMN), use the following steps:

1. On the Mail menu, click Options.
2. Click the Server tab, and then click Advanced Settings.
3. Enter the appropriate value in the Outgoing Mail (SMTP) Server box.
4. Click OK.

To change the SMTP server name, use the following steps:

1. On the Mail menu, click Options.
2. Click the Server tab.
3. Enter the appropriate value in the Outgoing Mail (SMTP) box.
4. Click OK.

• SMTP Session Commands & Syntax

For the purpose of discussion, the peers in an SMTP session will be differentiated into SMTP-sender and SMTP-receiver. The sender is assumed to be either mail client software or another SMTP server. The receiver is always an SMTP server, except in the case where an SMTP server is delivering mail to a POP3 mailbox.

Certain semantics are always followed in SMTP connections. One is that any command issued from the SMTP-sender will always receive a response. Responses are both meta-linguistic and numeric and take two basic forms: OK(250) and an error or failure code followed by appropriate verbiage.

It is stated explicitly in RFC821 that all command-response sequences occur one at a time. Progress from one command to another is not possible until a response to a previous command has been received. For a complete list of error codes, see RFC821.

In addition, the scope of this article covers the commands most likely to be seen while examining the Smtp.log produced by IMN. For a complete listing and explanation of SMTP and ESMTP commands, see the respective RFCs.

The order of the commands presented below does not imply that there are no other possible sequences of commands. The following commands and explanations outline a simple connection.

The following abbreviations are used in this article:

SP : SPACE <ASCII 20h (32d)>

CRLF : CARRIAGE RETURN+LINEFEED <ASCII 0Dh+0Ah (13d+10d)>

The following notation is used when explaining reply codes:

nnn : numeric reply code
<...> : code meaning
() : text message may be present, wording varies
[...] : comments

• Connection Established

When an SMTP-sender wishes to send mail, it first opens a connection to TCP port 25 on the SMTP-receiver.

When the connection is established, the SMTP-receiver responds with the system-ready reply code: 220-<domain name>. When troubleshooting SMTP connections, if upon connection a system-ready response is not received, the server may be malfunctioning or down.

For more information on troubleshooting SMTP connections, please see the following article in the Microsoft Knowledge Base:

• HELLO Command

After 220-<domain> is received, the SMTP-sender starts the session by issuing one of two HELLO commands. The type of HELLO command determines if SMTP or ESMTP will be used:

Not only does the HELLO command start a session, it also verifies that both the sender and receiver are in the initial states. Being in the 'initial' state simply means that there are no transactions-in-progress, or that the receiver has not 'hung.' Expected responses to the HELLO command are: If the SMTP-receiver gets an error response to the EHLO command, it must either issue the HELO or QUIT commands.

NOTE: The 421 reply can be used in response to any command if the server knows that the SMTP service is not available or if the server is about to shut down.

• MAIL Command

After a 250 response is received from the HELLO command, the MAIL command is used to initiate a mail transaction. The command is issued as follows: The <reverse-path> value is passed as an argument, and can be either 'user@host.dom' or just 'user.' In the event 'user' is what is passed to the server, the server's domain name will be tacked onto the end. The <reverse-path> is the address to which any response will go.

For example, "MAIL FROM: jdoe@somewhere.com" would be a valid MAIL command. By the same token, "MAIL FROM: jdoe" would also work. If the MAIL command has been received correctly, is expected in reply. Expected alternate responses to the MAIL command are:

• RECIPIENT Command

The RECIPIENT command follows a 250 response from the MAIL command. It is used to specify either a single recipient, multiple recipients, or a mailing list. The command is issued as follows: The <forward-path> value is passed as an argument, and can be either 'user@host.dom' or just 'user.' In the event 'user' is what is passed to the server, the server's domain name will be tacked onto the end. The <forward-path> is the address to which the message will be delivered.

The forward-path value can contain two different types of addressing data: Most RCPT TO: entries will be observed with the destination address version of the forward-path value. For more information on the handling of source routes, please see RFC821.

For example, "RCPT TO: janed@elsewhere.com" would be a valid RECIPIENT command. By the same token, "RCPT TO: janed" would also work, provided that user's POP3 mailbox is on the same server that originated the message. If the RECIPIENT command has been received correctly, we expect:

• DATA Command

When all the recipient addresses for a message have been entered, and the SMTP-receiver has issued a 250 reply, the next command to follow is the DATA command. The command syntax is: The SMTP-receiver will respond with if the DATA command and the information sure to follow can be processed at that time. If the 354 reply is received, all of the information that comprises the message: headers, body text, encoding, etc. will be streamed to the SMTP-receiver. There are two times that we expect a response to the issuance of the DATA command: after it is issued, and when it completes. Completion of the DATA command is marked the SMTP-receiver's reception of the <CRLF>.<CRLF> sequence.

Expected alternate responses to issuance of the DATA command are:

Interpreting the Smtp.log File

SMTP logging is not enabled by default. To enable SMTP logging in Outlook Express, click Options on the Tools menu, click the Advanced tab, and then click the Mail Transport check box to select it. To enable SMTP logging in Internet Mail and News, you must add or change the following entries in the registry:

Log Example

The SMTP-sender issues the QUIT command. The 221 reply indicates that the SMTP-receiver has accepted the QUIT command and closed the connection, evidenced in Line 25.

This example is typical of most SMTP sessions. In the event that the SMTP- sender has more than one message queued in the Outbox, the session will recurse the RESET->MAIL->RECIPIENT->DATA sequence until all messages have been sent.

If the Smtp.log file you are examining contains any response other than the expected positive response for any of the commands issues (except EHLO in a non-ESMTP environment), refer to the section in this article dealing with that command.

This article is intended as a reference to be used when all other troubleshooting has failed. The majority of SMTP transmission errors are going to be related to either hardware configuration errors (modem, serial port, initialization string), TCP/IP connectivity problems, or client-side malfunction.

As a general rule, always rule out any other possible source of error before troubleshooting an odd log file entry.