Top Bar
Half Price Computer Books

Search and Save
Visit Half Price Computer Books
Fusion 13 Home Fusion 13 Computing Fusion 13 Alcohol Recovery Link to Fusion 13 W

Search Fusion13.com Computing
PicoSearch
Find what you were looking for?
Drop us a note.      


How To Log SMTP Sessions in
Microsoft ® Exchange Server 2000

During times of dilemma, it can prove to be very useful to know how to log all Simple Mail Transfer Protocol traffic to and from your Exchange 2000 Server. Logging SMTP in the fashion described below will not only give you an idea of where email is being sent, or received from; it will also inform you of where a breakdown occurred during the SMTP session with your server. Such data is invaluable in a crisis.



Start The Logging

  1. Start the Exchange System Manager by clicking Start > Programs > Microsoft Exchange > System Manager.
  2. Expand to the Default SMTP Virtual Server
    Expand:
       Administrative Groups
         <Site Name>
            Servers
              <ServerName Name>
                Protocols
                  SMTP
    Exchange System Manager SMTP Virtual Server

  3. Highlight the Default SMTP Virtual Server. Right Click, and Click “Properties”
  4. Check the “Enable Logging” checkbox.
SMTP Virtual Server Properties

This logging system may appear familiar to you (if you’ve worked with Microsoft ® Internet Information Services) as Microsoft has adopted (in Exchange) the common logging method that IIS uses. Just as in IIS, the log files will be kept (by default) in the “C:\WINNT\System32\Logfiles” directory. However, SMTP logs are stored in a separate directory from IIS logs; usually “SmtpSvc1” for the Default SMTP Virtual Server. This log file (named “ex<date>.log” can be opened with any ASCII text viewer, such as Notepad.

Below is an example of what the SMTP log file (in its default configuration) will show.

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2003-05-09 18:11:47
#Fields: time c-ip cs-method cs-uri-stem sc-status
18:40:13 192.168.0.176 HELO - 250
18:40:20 192.168.0.176 MAIL - 250
18:40:29 192.168.0.176 RCPT - 250
18:40:48 192.168.0.176 DATA - 250
18:41:27 192.168.0.176 QUIT – 0

Here, a client from the 192.168.0.x internal network sends an outbound email at about 18:40 GMT.
This shows a standard SMTP session, with the client issuing a “HELO” statement (initiating the conversation), a “MAIL” statement (claiming who the email is from), a “RCPT” command (informing on who to send the email to), “DATA” (which will contain fields such as the Subject and Body of the email), and the “QUIT” command (ending the SMTP conversation).


Not Enough Information?

Exchange ® can log SMTP sessions in the default configuration (above), or in an Extended Logging configuration, providing a (possibly) great deal more data.

  1. Click the “Properties” button to the right of the “Enable Logging” checkbox in the “Default SMTP Virtual Server Properties” dialog.
  2. In the “General Properties” tab, you may specify how often, and in what time to create a new log file.
  3. In the “Extended Properties” properties tab, you may specify additional information (such as Date, User Name, Method, Bytes Sent, Bytes Received, etc.) to be logged.
Extended SMTP Logging Properties


Below is an example of what the SMTP log file (in its extended configuration) would show.

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2003-05-09 19:28:43
#Fields: date time c-ip cs-username cs-method sc-bytes cs-bytes
2003-05-09 19:28:43 64.4.22.21 hotmail.com EHLO 319 16
2003-05-09 19:28:43 64.4.22.21 hotmail.com MAIL 50 37
2003-05-09 19:28:43 64.4.22.21 hotmail.com RCPT 34 31
2003-05-09 19:28:43 64.4.22.21 hotmail.com DATA 79 1551
2003-05-09 19:28:43 64.4.22.21 hotmail.com QUIT 68 4

This log file shows a bit more information. Once again, an email was sent at about 19:28 GMT time. This time we can see the date the email was sent (may not be necessary, depending on how often you create a new log file), the client IP (64.4.22.21, or Hotmail), the username (which in this case is simply “hotmail.com”, the standard SMTP conversation (as described above), and the sent and received data in bytes.


Suggested Resources
Sybex's ® MCSE: Exchange 2000 Design Study Guide Buy Sybex's ® MCSE: Exchange 2000 Design Study Guide
Title MCSE: Exchange 2000 Design Study Guide
Publisher Sybex
Description Study guide for Exchange Server exam (#70-225). Includes practical information on designing and deploying Exchange.
ISBN 0782128971
Price Discount 50%
Microsoft Exchange 2000 Programming Collaborative Web Applications Microsoft Exchange 2000 Programming Collaborative Web Applications
Title Microsoft Exchange 2000 Programming Collaborative Web Applications
Publisher Prentice Hall
Description Streamline administration, customize messaging, extend functionality, and more. Samples, headers, libraries, and SDK components.
ISBN 0130618276
Price Discount 50%


Linux Information

Half Price Computer Books


Did you find this document to be helpful? Have any questions? Send us a note: computing@Fusion13.com
Broken links? Typographical errors? Send to: webmaster@Fusion13.com

Fusion 13 has taken painstaking effort to ensure the validity of its data;
however, the information contained in this document is provided without warranty.
The data presented is offered simply as a suggestion.
Fusion 13 can in no way be held responsible for how these suggestions are implemented in any environment.

Vote for Fusion13.com

 Computer Technical Tutorials & More

Valid CSS!

Vote for us at MyTechSupport's Top Tech Sites!            

Linux Information

Home

Computing

Alcohol Recovery

Etch-A-Sketch Art
Powered by Slackware Linux Powered by Apache Web Server DNS Powered by ZoneEdit
Legal



© 2003 Fusion 13