Tracing Messages for an Email Account in SmarterMail
At some point, every email administrator will need to trace messages that were sent to or from their email server. This is done for many reasons -- to check if a message was delivered to its intended recipient, to find an email that hit the server but was sent to an unexpected place, to track down junk mail to see which spam checks were done (which may lead to an adjustment in spam weight values), or any number of other scenarios. The nice thing about using SmarterMail is that it's incredibly easy to track an email through the system!
In this blog post we'll trace a message from a sending mail server through SmarterMail to see why it wasn't delivered to a user's inbox. We'll be able to see where the email came from, and where it actually ended up, as well as why it ended up there.
Understanding the Delivery Process
Before we begin, it's important to understand the email delivery process. Regardless of whether you're sending or receiving a message, delivery within SmarterMail is carried out in two Sessions: the SMTP Session and the Delivery Session.
- SMTP Session - This is usually the first session for all email that comes in to or leaves your email server. First, the communication to SmarterMail from the remote client or host is logged. Then the commands that were passed to the mail server are logged and the message is written to the spool for delivery. (Note that messages sent through the web interface or emails sent using Exchange ActiveSync or Exchange Web Services are written directly to the spool, so there isn't an SMTP session for these messages.)
- Delivery Session - Once the message is successfully written to the spool, a delivery session begins and the email is delivered to a remote server or local mailbox. Every step in this process is logged, as long as SmarterMail's logging is set properly. More info on that is below.
By understanding the process we know that we can find more details on an email from both the SMTP and Delivery logs. However, both of these logs are necessary to find details of a specific message's delivery: you first search the SMTP logs for the specific message, and then you use the Delivery logs to find traces of its delivery.
Using Header Info to Find the SMTP Session
Now, before reviewing any headers or logs, we'll need to ensure that your SmarterMail logs are set to record as much detail as possible. Therefore, your SMTP and Delivery logs should be set to Detailed. (You can find more information on the various email log levels, and how to set them, in our Help documentation.)
When tracking a message, the first thing to do is to determine its SMTP session. This can be done in a few ways, but the easiest is using the IP address of the sending server. You can find this in the message header:
From the first bolded line, we find the IP address of the sending mail server: "Received: from (Redacted [127.0.0.1])." (We'll use the localhost IP address for our example.)
Once you have the IP address, head over to the SMTP logs to search for the specific SMTP session. Searching by just the IP address may yield more than one result, so you'll also want to match up the time the message was received by the server, indicated by the header's second line in bold: "Tue, 5 Apr 2016 10:29:55 -0700."
This should be enough to narrow it down and find the SMTP session you need. In our example, the SMTP logs yielded the following for the IP address and date\time specified in the header:
What you're looking for in these logs is found in the bolded line above. This entry shows us when SmarterMail successfully writes the message to the spool for delivery, including the specific EML file name. Once you have that EML file name, you can then search in the Delivery logs and find the actual delivery session for that message. To continue with our example, we'll use"88501" which are the last 5 digits of the EML file name.
Searching Delivery Logs to Find the Delivery Session
Reviewing the Delivery logs is the last step in understanding the final outcome of a message. When we search in these logs for the EML file above, it yields the following result:
Reading the bolded lines, you'll see that the message was successfully delivered to the user's mailbox: "Starting local delivery to — @hostedsmartermail.com," then, based on a Content Filter, was moved into the 'Not Printed' folder: "Delivery for — @smartertools.com to — @hostedsmartermail.com has completed (Delivered to Not Printed) Filter: Move to Not Printed."
With this information in hand, you can now explain to your customer why the message was not sent to their inbox, as well help them adjust their content filter to send it there next time or let them know it worked as expected...
Conclusion
While reasons for tracing a message's delivery will always vary, keeping in mind these basic guidelines can help you along the way:
- Gather helpful information from the message header, such as the date/time of delivery, return path that includes the Mail-From address, IP address of the originating server and more.
- Find the SMTP session by searching the SMTP logs. Locating the specific SMTP session for the message by using details from its header will give you pertinent information for finding its delivery session or understanding what happened during transit. The SMTP logs will show you things like connections blocked due to Abuse Detection or SMTP Blocking, the EML file name to which a message was written, configuration errors and more.
- Find the delivery session by searching the Delivery logs. Using details from the SMTP logs, like the EML file name or IP address of the remote server, you can locate the specific delivery session, which will show outbound SMTP communications for remote delivery, results of spam checks for incoming/outgoing messages and any related filtering actions, DNS failures, such as no MX records found for a domain and many others.
While all of this may seem rather daunting, the nice thing is that SmarterMail makes it easy to find the info you need, when you need it. And the best part of it is: you can do all of this right from a web browser. There's no need to comb through text files or extract info from custom file types. Access to information is right at your fingertips, any time day or night.
So, what other information have you found helpful while reviewing logs for message delivery? Share your thoughts in the comments below!