D
Dica
i need to parse smtp logs to check the delivery status. from previous
experience with smtp logs, i was under the impression that the log file
followed a very specific format:
EHLO
MAIL
RCPT
BDAT
QUIT
in this case, however, i've got a log indicating commands being issued like
this:
EHLO
EHLO
MAIL
MAIL
RCPT
RCPT
BDAT
BDAT
QUIT
QUIT
i have a separate list from a database of people i attempted to send emails
to and need to try to look at each line in the smtp logs until i find a
matching email address, then continue to read until i find a line that
includes the string "+Queued+mail+for+delivery" or any of the other strings
indicating the delivery status. however, given the odd sequence in which the
mail commands are being issued, i don't seem to have any way of knowing if
the delivery status notification line i'm reading really reflects delivery
status info about the email address in question or if it's referring to one
of the other delivery requests issued with another one of the EHLO commands.
i've tried looking to see if there's something unique about the delivery
status line to see if it's in some way associated with the RCPT line, but
don't see any patterns:
2005-10-05 11:12:30 10.1.208.103 OutboundConnectionCommand SMTPSVC1 ACME -
25 RCPT - TO:<[email protected]> 0 0 4 0 50 - -
2005-10-05 11:12:30 10.1.208.103 OutboundConnectionResponse SMTPSVC1 ACME -
25 - -
250+2.6.0++<[email protected]>+Queued+mail+for+deliver
y 0 0 94 0 160 - -
am i missing something? how are these statements associated?
experience with smtp logs, i was under the impression that the log file
followed a very specific format:
EHLO
RCPT
BDAT
QUIT
in this case, however, i've got a log indicating commands being issued like
this:
EHLO
EHLO
RCPT
RCPT
BDAT
BDAT
QUIT
QUIT
i have a separate list from a database of people i attempted to send emails
to and need to try to look at each line in the smtp logs until i find a
matching email address, then continue to read until i find a line that
includes the string "+Queued+mail+for+delivery" or any of the other strings
indicating the delivery status. however, given the odd sequence in which the
mail commands are being issued, i don't seem to have any way of knowing if
the delivery status notification line i'm reading really reflects delivery
status info about the email address in question or if it's referring to one
of the other delivery requests issued with another one of the EHLO commands.
i've tried looking to see if there's something unique about the delivery
status line to see if it's in some way associated with the RCPT line, but
don't see any patterns:
2005-10-05 11:12:30 10.1.208.103 OutboundConnectionCommand SMTPSVC1 ACME -
25 RCPT - TO:<[email protected]> 0 0 4 0 50 - -
2005-10-05 11:12:30 10.1.208.103 OutboundConnectionResponse SMTPSVC1 ACME -
25 - -
250+2.6.0++<[email protected]>+Queued+mail+for+deliver
y 0 0 94 0 160 - -
am i missing something? how are these statements associated?