Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

SMTP log - multiple connections to same remote host

1 view

Skip to first unread message

Sean-usenet

unread,

Feb 21, 2007, 12:33:43 PM2/21/07

Hi Everyone

When the SMTP services is asked to send multiple emails to the same
domain, it establishes multiple SMTP connections to the remote smtp
server so it can deliver the email quicker. That is great, but how
can I determine which lines in the log file belong to which connection
to the remote server? Every line will have the same remote IP and
remote hostname, so I can't seem to figure out which lines are related
to which connection.

The problem is when say we're sending an email to an email list that
we host, and we have like 50,000 AOL.com subscribers. Our server
opens up many concurrent connections to AOL's smtp server to increase
peformance. So, then on one line in the log, i have a RCPT
TO:user...@aol.com. Then I have another line for the response from
AOL's SMTP server to indicate if it is a valid recipient (usually
250+OK). But in this case, since we've done dozens of RCPT TO
commands in the last second or two all through seperate connections,
when the replies come back it is impossible to relate the replies to
which RCPT TO it is replying too. That makes it impossible for me to
focus on one connection's SMTP conversation.

I've written my own SMTP servers in the past, and when I coded the
logging modules I've always added in the source-port used for the
connection so i could differentiate between connections between the
same two hosts. For example:

1/1/2007 01:45:05 192.168.0.10:1050 10.0.0.5:25 RCPT TO:
<b...@afsdf.com>
1/1/2007 01:45:05 192.168.0.10:2222 10.0.0.5:25 RCPT TO:
<ja...@afsdf.com>
1/1/2007 01:45:06 192.168.0.10:2222 10.0.0.5:25 250+OK
1/1/2007 01:45:06 192.168.0.10:1050 10.0.0.5:25 550+Unknown+User
1/1/2007 01:45:07 192.168.0.10:2222 10.0.0.5:25 DATA
1/1/2007 01:45:07 192.168.0.10:1050 10.0.0.5:25 QUIT
1/1/2007 01:45:08 192.168.0.10:2222 10.0.0.5:25 354+go+ahead
1/1/2007 01:45:00 192.168.0.10:2222 10.0.0.5:25 250+ok+message
+accepted

Since the source ports are there I can determine which commands/
replies are part of which connection. In Microsoft's SMTP log, the
source port is NOT included, so I'd have no idea if the message
succesfully delivered was for b...@afsdf.com or ja...@afsdf.com.

Is there a way I can get the Exchange/IIS SMTP service to include
source-ports in the logs so I can determine what commands/replies are
part of what connection? If not, is there another way i can
determine what commands/replies relate to a single SMTP conversation/
connection??

Thanks for any help anyone can provide! This has been bugging me for
years!

--
Sean
MCSA, MCSE, MCDBA, CCNA

0 new messages