How to Enable and Interpret the Smtp.log File
This article was previously published under Q155455
This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses the entries found in the Smtp.log file, and isintended to be used as a reference when you have tried all othertroubleshooting steps. Most SMTP transmission errors are related to eitherhardware configuration errors (modem, serial port, initialization string),TCP/IP connectivity problems, or problems with the client computer. Inaddition, this article provides basic background information on SMTP andthe extensions to SMTP, ESMTP.
Please note that the information contained in this article is based oninformation obtained from documents made freely available by the InternetEngineering Task Force (IETF). These documents, called Requests-for-Comments (RFC), are living documents. As such, the information presentedhere is only as current as the RFCs used to research these articles.
When RFCs are updated or made obsolete, the original RFC number ispreserved. Any RFC that has been updated or made obsolete is modified tocontain the newer RFC number.
The RFCs used in the research for this article are:
RFC821 - Simple Mail Transfer Protocol (SMTP)RFCs can be obtained, free of charge, on the Internet at ds.internic.net.This site accepts HTTP, anonymous FTP, and TELNET connections.
RFC1869 - SMTP Service Extensions (ESMTP)
RFC1869 - SMTP Service Extensions (ESMTP)
The remainder of this article is organized into two sections: "SMTPBasics" and "Interpreting the Smtp.log File."
SMTP BasicsThis section includes a general introduction to SMTP design, connections,and session commands and syntax.
For information about how to enable the SMTP log in Outlook Express, pleasesee the following article in the Microsoft Knowledge Base:
176442 How to Create an Smtp.log File for Outlook Express
- SMTP Design
SMTP is used by email clients to send messages to an SMTP server, and bySMTP servers to transport messages between intermediate 'hops' beforedelivery to a POP3 mailbox. The POP3 protocol, not covered in thisarticle, is used to retrieve messages from a mailbox. For more informationon POP3 and its use with Microsoft products, please see the followingarticle in the Microsoft Knowledge Base:
155515 How to Enable and Interpret the Pop3.log FileBecause messages regularly contain information that contains values notwithin this range, there have been facilities designed to handle non-USASCII data. When a message has content not defined within US ASCII (suchas audio samples or bitmaps), a multiple-object facility, such as MIME, isused to encode it prior to transmission.
Support for any form of encoding is contained within the mail client. If amail client receives a message containing encoded information, and theclient does not support content encoding, the user will generally seegibberish.
NOTE: There is an update to the existing SMTP specification known as theExtension to SMTP (ESMTP). Not all mail servers on the Internet are ESMTP-capable, however they are becoming increasingly more common.
SMTP transfers involve a sender-receiver model where each participant cansend, receive, and interpret session status messages from the other. Thesender can connect directly to the terminal destination of the message oran intermediary.
The SMTP session is initiated by the sender and can be terminated byeither the sender or the receiver.
- SMTP Connections
NOTE: To change this value in Microsoft Internet Mail and News (IMN), usethe following steps:
- On the Mail menu, click Options.
- Click the Server tab, and then click Advanced Settings.
- Enter the appropriate value in the Outgoing Mail (SMTP) Server box.
- Click OK.
- On the Mail menu, click Options.
- Click the Server tab.
- Enter the appropriate value in the Outgoing Mail (SMTP) box.
- Click OK.
- SMTP Session Commands & Syntax
Certain semantics are always followed in SMTP connections. One is that anycommand issued from the SMTP-sender will always receive a response.Responses are both meta-linguistic and numeric and take two basic forms:OK(250) and an error or failure code followed by appropriate verbiage.
It is stated explicitly in RFC821 that all command-response sequencesoccur one at a time. Progress from one command to another is not possibleuntil a response to a previous command has been received. For a completelist of error codes, see RFC821.
In addition, the scope of this article covers the commands most likely tobe seen while examining the Smtp.log produced by IMN. For a completelisting and explanation of SMTP and ESMTP commands, see the respectiveRFCs.
The order of the commands presented below does not imply that there are noother possible sequences of commands. The following commands andexplanations outline a simple connection.
The following abbreviations are used in this article:
SP : SPACE <ASCII 20h (32d)>
CRLF : CARRIAGE RETURN+LINEFEED <ASCII 0Dh+0Ah (13d+10d)>
The following notation is used when explaining reply codes:
nnn : numeric reply code
<...> : code meaning
() : text message may be present, wording varies
[...] : comments
- Connection Established
When the connection is established, the SMTP-receiver responds with thesystem-ready reply code: 220-<domain name>. When troubleshooting SMTPconnections, if upon connection a system-ready response is not received,the server may be malfunctioning or down.
For more information on troubleshooting SMTP connections, please see thefollowing article in the Microsoft Knowledge Base:
154578 Troubleshooting Problems Connecting to Mail Servers.
- HELLO Command
For SMTP : HELO SP <sender name> CRLF
For ESMTP : EHLO SP <sender name> CRLF
For ESMTP : EHLO SP <sender name> CRLF
Not only does the HELLO command start a session, it also verifies thatboth the sender and receiver are in the initial states. Being in the'initial' state simply means that there are no transactions-in-progress,or that the receiver has not 'hung.' Expected responses to the HELLOcommand are:
For HELO : 250-<requested mail action okay, completed> (receiver name) For EHLO : 250-<requested mail action okay, completed> (receiver name) 250-(extended services supported...) 250-(...end-of-list)
502-<command not implemented> 504-<command parameter not implemented> [ESMTP not supported] For Both : 421-<service not available, closing channel> (domain) 500-<syntax error, command unrecognized> 501-<syntax error in arguments> (suggested use) [not likely]If the SMTP-receiver gets an error response to the EHLO command, it musteither issue the HELO or QUIT commands.
NOTE: The 421 reply can be used in response to any command if the serverknows that the SMTP service is not available or if the server is about toshut down.
- MAIL Command
MAIL FROM: <reverse-path> CRLFThe <reverse-path> value is passed as an argument, and can be firstname.lastname@example.org' or just 'user.' In the event 'user' is what is passed tothe server, the server's domain name will be tacked onto the end. The<reverse-path> is the address to which any response will go.
For example, "MAIL FROM: email@example.com" would be a valid MAILcommand. By the same token, "MAIL FROM: jdoe" would also work. If the MAILcommand has been received correctly,
250-<requested mail action okay, completed> ()is expected in reply. Expected alternate responses to the MAIL commandare:
Error : 421-<SMTP service not available; server shutdown imminent> 500-<syntax error, command unrecognized> 501-<syntax error in arguments> () Failure : 451-<req. action aborted: local error in processing> 452-<req. action not taken: insufficient system storage> 552-<req. mail action aborted: exceeded storage allocation>
- RECIPIENT Command
RCPT TO: <forward-path> CRLFThe <forward-path> value is passed as an argument, and can be firstname.lastname@example.org' or just 'user.' In the event 'user' is what is passed tothe server, the server's domain name will be tacked onto the end. The<forward-path> is the address to which the message will be delivered.
The forward-path value can contain two different types of addressing data:
Destination address : USER@HOST2.DOM or USER Source route : @HOST1.DOM:USER@HOST2.DOMMost RCPT TO: entries will be observed with the destination addressversion of the forward-path value. For more information on the handling ofsource routes, please see RFC821.
For example, "RCPT TO: email@example.com" would be a valid RECIPIENTcommand. By the same token, "RCPT TO: janed" would also work, providedthat user's POP3 mailbox is on the same server that originated themessage. If the RECIPIENT command has been received correctly, we expect:
250-<requested mail action okay, completed> ()in reply. Expected alternate responses to the RECIPIENT command are: Error : 421-<SMTP service not available; server shutdown imminent> 500-<syntax error, command unrecognized> 501-<syntax error in arguments> () 503-<bad sequence of commands> Failure : 450-<req. mail action not taken: mailbox unavailable> 451-<req. action aborted: local error in processing> 452-<req. action not taken: insufficient system storage> 550-<req. action not taken: mailbox unavailable> 551-<user not local; please try <forward-path>> 552-<req. mail action aborted: exceeded storage allocation> 553-<req. action not taken: mailbox name not allowed>
- DATA Command
DATA CRLFThe SMTP-receiver will respond with
354-<start mail input; end with <CRLF>.<CRLF>> ()if the DATA command and the information sure to follow can be processed atthat time. If the 354 reply is received, all of the information thatcomprises the message: headers, body text, encoding, etc. will be streamedto the SMTP-receiver. There are two times that we expect a response to theissuance of the DATA command: after it is issued, and when it completes.Completion of the DATA command is marked the SMTP-receiver's reception ofthe <CRLF>.<CRLF> sequence.
Expected alternate responses to issuance of the DATA command are:
Success : 354-<start mail input; end with <CRLF>.<CRLF>> () Error : 421-<SMTP service not available; server shutdown imminent> 500-<syntax error, command unrecognized> 501-<syntax error in arguments> () 503-<bad sequence of commands> Failure : 451-<req. action aborted: local error in processing> 554-<transaction failed>Expected alternate responses to completion of the DATA command are: Success : 250-<requested mail action okay, completed> () Failure : 451-<req. action aborted: local error in processing> 452-<req. action not taken: insufficient system storage> 552-<req. mail action aborted: exceeded storage allocation> 554-<transaction failed> - RESET CommandWhen the RESET command is issued, all of the SMTP-receiver's buffers arecleared. Typically, this command is issued upon connection, after theHELLO command, to cancel a current MAIL command, or after a DATA commandis completed. Usage of the RESET command follows: RSET CRLFThe SMTP-receiver must respond with 250-<requested mail action okay, completed> ()Any other response would indicate that the command was entered improperly(not likely when a program does it) or that there is a problem with theSMTP-receiver. The possible responses are listed below. Error : 421-<SMTP service not available; server shutdown imminent> 500-<syntax error, command unrecognized> 501-<syntax error in arguments> () 504-<command parameter not implemented> - NO OPERATION CommandThe NO OPERATION command has no effect whatsoever on the connection. Itdoes not affect any of the SMTP-receiver's buffers, or any MAILtransaction currently in progress. It can be used by the SMTP-sender tokeep the connection open in lieu of an SMTP-receiver timeout. Usagefollows: NOOP CRLFThe SMTP-receiver should send a 250 reply to the NO OPERATION command. Theonly other possible responses are a 500 reply, indicating incorrectcommand syntax, or the 421 reply, indicating that the SMTP service will beshutting down shortly. - QUIT CommandThe QUIT command is used by the SMTP-sender to request that the connectionbetween the itself and the SMTP-receiver be closed. This command can beissued at any time. Command usage follows: QUIT CRLFUpon reception of a QUIT command, the SMTP-receiver issues the followingresponse to the SMTP-sender: 221-<<domain> service closing transmission channel>The only other possible response is a 500 reply which indicates that thesyntax used was incorrect. This is not likely to occur.
Interpreting the Smtp.log FileSMTP logging is not enabled by default. To enable SMTP logging in OutlookExpress, click Options on the Tools menu, click the Advanced tab, and thenclick the Mail Transport check box to select it. To enable SMTP logging inInternet Mail and News, you must add or change the following entries inthe registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Mail and News\Mail Value Name : "Log SMTP (0/1)" (without quotes) Value Type : dword Value Data : 00000001 Value Name : "Log File (SMTP)" (without quotes) Value Type : string Value Data : <path to log file>In order to fit all the pertinent data for each entry on one line, the'SMTP:' tag and the time stamp at the beginning of each line have beenremoved.
This is a fault-free connection in which one message is sent to an SMTPserver with ESMTP extensions enabled. 01) Microsoft(r) Plus! for Windows(r) 95 4.70.1155 02) SMTP Log started at Thu Aug 01 17:22:27Lines 1 and 2 are plugged in every time Internet Mail and News islaunched. 03) [db] Connecting to 'smtp.host.com'. 04) [db] srv_addr = nnn.nnn.nnn.nnnLines 3 and 4 indicate the friendly name and the IP address of the SMTPserver specified in the Internet Mail and News configuration. 05) [rx] 220 smtp.host.com ESMTP server ready Thu, 1 Aug 1996 15:24:22 - 0700 06) [tx] EHLO smtp-client 07) [rx] 250-smtp.host.com 08) [rx] 250-HELP 09) [rx] 250-EXPN 10) [rx] 250-XREMOTEQUEUE 11) [rx] 250 PIPELINING 12) [tx] RSET 13) [rx] 250 Ok resetting stateLine 5 indicates that the communications channel between the SMTP senderand receiver has been successfully opened. This prompts the EHLO commandto start an ESMTP session. Note that the EHLO command is followed by thecomputer name of the client, not the user-id that is sending mail.Lines 7-11 form the SMTP-receiver's response to the EHLO command. Thistells us that the server implements: a) the standard SMTP HELP and EXPN commands b) one nonstandard SMTP extension XREMOTEQUEUE c) one standard SMTP extension PIPELININGThe SMTP-sender issues the RSET command on Line 12 as a precautionarymeasure to flush the SMTP-receiver's forward- and return-path, mail data,and transaction buffers. 14) [tx] MAIL FROM:<firstname.lastname@example.org> 15) [rx] 250 Sender <email@example.com> OkLine 14 shows the MAIL command issued with the required <reverse-path>argument. In Line 15, the SMTP-receiver send the 250 reply, re-stating theSMTP-sender's reverse-path. Only the 250 reply is absolutely required, notall SMTP servers will supply this information, or in the same format. 16) [tx] RCPT TO:<firstname.lastname@example.org> 17) [rx] 250 Recipient <email@example.com> OkIn Line 16, the SMTP-sender issues the RECIPIENT command with the<forward-path> argument. The SMTP-receiver returns the 250 replyreiterating the destination address. 18) [tx] DATA 19) [rx] 354 Ok Send data ending with <CRLF>.<CRLF> 20) [tx] 21) . 22) [rx] 250 Message received: 19960801222422078.AAA43@smtp-clientThe SMTP-sender issues the DATA command in Line 18, gets the go-ahead fromthe SMTP-receiver, and begins transmitting the content of the message.Because messages that contain encoded objects can be several thousandbytes in size, the log file does not display the transmitted data. Onlythe <CRLF>.<CRLF> sequence (line 21) is shown.In Line 22, the SMTP-receiver acknowledges the message, stamps it with anSMTP-id, and transmits it. 23) [tx] QUIT 24) [rx] 221 smtp.host.com ESMTP server closing connection 25) [db] Connection to 'smtp.host.com' closed.The SMTP-sender issues the QUIT command. The 221 reply indicates that theSMTP-receiver has accepted the QUIT command and closed the connection,evidenced in Line 25.
This example is typical of most SMTP sessions. In the event that the SMTP-sender has more than one message queued in the Outbox, the session willrecurse the RESET->MAIL->RECIPIENT->DATA sequence until all messages havebeen sent.
If the Smtp.log file you are examining contains any response other thanthe expected positive response for any of the commands issues (except EHLOin a non-ESMTP environment), refer to the section in this article dealingwith that command.
This article is intended as a reference to be used when all othertroubleshooting has failed. The majority of SMTP transmission errors aregoing to be related to either hardware configuration errors (modem, serialport, initialization string), TCP/IP connectivity problems, or client-sidemalfunction.
As a general rule, always rule out any other possible source of errorbefore troubleshooting an odd log file entry.
Article ID: 155455 - Last Review: 12/04/2015 15:18:49 - Revision: 4.1
Microsoft Outlook Express 4.01, Microsoft Outlook Express 4.0, Microsoft Outlook Express 4.01, Microsoft Outlook Express 4.0, Microsoft Internet Mail and News 1.0, Microsoft Windows 98 Standard Edition
- kbnosurvey kbarchive KB155455