Domain Forwarding loging SMTP / Delivery
Problem reported by John Gurhy - 6/8/2015 at 2:36 PM
We have domain forwarding setup on our Smarter Mail server and we can't see any logs entries (Delivery or SMTP) that relate to forwarded Domain email  which we need to check in-case it is being picked by one of our spam filters?
Am I missing something or would I need to raise a feature request?

4 Replies

Reply to Thread
Scarab Replied
You would want to make sure that your SMTP and Delivery Logs are set to "Detailed". You can do this under SETTINGS > LOG SETTINGS > LOG DETAIL LEVELS. For SMTP and Delivery you would set both of these to "Detailed" and click on the [SAVE] button to commit your changes. Then, your SMTP logs will show all incoming email connections, and the Delivery logs will show outgoing email connections.
John Gurhy Replied
Hi Scarab,
many thanks for the reply. I just checked the logs and both are set to "detailed"
Scarab Replied
So just to clarify you have Domain Forwarding set in SETTINGS > ROUTING > INCOMING GATEWAYS, correct?
If you do and your logs are set to "Detailed" then you should have the following activity in your logs for every email received and Domain Forwarded:
In the SMTP Log your incoming email being received by Smartermail should look as such:
00:16:31 [][25354879] rsp: 220 mail.scarabmedia.com Tue, 02 Jun 2015 07:16:31 +0000 UTC
00:16:31 [][25354879] connected at 6/2/2015 12:16:31 AM
00:16:32 [][25354879] cmd: EHLO list.air1.com
00:16:32 [][25354879] rsp: 250-mail.scarabmedia.com Hello []250-SIZE 31457280250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
00:16:32 [][25354879] cmd: MAIL FROM:<remove-bq731789@list.air1.com> SIZE=8808
00:16:37 [][25354879] rsp: 250 OK <remove-bq731789@list.air1.com> Sender ok
00:16:37 [][25354879] cmd: RCPT TO:<example@svla.com>
00:16:37 [][25354879] rsp: 250 OK <example@svla.com> Recipient ok
00:16:37 [][25354879] cmd: DATA
00:16:37 [][25354879] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
00:16:37 [][25354879] rsp: 250 OK
00:16:37 [][25354879] Data transfer succeeded, writing mail to -82828432137.eml
00:16:38 [][25354879] cmd: QUIT
00:16:38 [][25354879] rsp: 221 Service closing transmission channel
00:16:38 [][25354879] disconnected at 6/2/2015 12:16:38 AM
In the Delivery Log the delivery from Smartermail to your Domain Forwarding server should look as follows:
00:16:54 [32137] RSP: 220 SVLA-002.svla.local Microsoft ESMTP MAIL Service ready at Tue, 2 Jun 2015 00:16:53 -0700
00:16:54 [32137] CMD: EHLO mail.scarabmedia.com
00:16:54 [32137] RSP: 250-SVLA-002.svla.local Hello []
00:16:54 [32137] RSP: 250-SIZE
00:16:54 [32137] RSP: 250-PIPELINING
00:16:54 [32137] RSP: 250-DSN
00:16:54 [32137] RSP: 250-ENHANCEDSTATUSCODES
00:16:54 [32137] RSP: 250-X-ANONYMOUSTLS
00:16:54 [32137] RSP: 250-AUTH NTLM
00:16:54 [32137] RSP: 250-X-EXPS GSSAPI NTLM
00:16:54 [32137] RSP: 250-8BITMIME
00:16:54 [32137] RSP: 250-BINARYMIME
00:16:54 [32137] RSP: 250-CHUNKING
00:16:54 [32137] RSP: 250-XEXCH50
00:16:54 [32137] RSP: 250 XRDST
00:16:54 [32137] CMD: MAIL FROM:<remove-bq731789@list.air1.com> SIZE=9082
00:16:54 [32137] RSP: 250 2.1.0 Sender OK
00:16:54 [32137] CMD: RCPT TO:<example@svla.com>
00:16:54 [32137] RSP: 250 2.1.5 Recipient OK
00:16:54 [32137] CMD: DATA
00:16:54 [32137] RSP: 354 Start mail input; end with <CRLF>.<CRLF>
00:16:54 [32137] RSP: 250 2.6.0 <RKLW146PyFrydlb9rXg0059ad1d@list.air1.com> Queued mail for delivery
00:16:54 [32137] CMD: QUIT
00:16:55 [32137] RSP: 221 2.0.0 Service closing transmission channel
00:16:55 [32137] Delivery for remove-bq731789@list.air1.com to example@svla.com has completed (Delivered)
00:16:57 [32137] Delivery finished for remove-bq731789@list.air1.com at 12:16:57 AM    [id:x-82828432137]
If a sent email does not appear in your "Detailed" SMTP Logs then it was not received. The only thing in Smartermail that would prevent an Inbound connection from being made and logged would be if the IP of the sender's MX is on your SECURITY > BLACKLIST in which case you would have the following in your SMTP Log:
00:00:02 [][53500405] on blacklist; dropping session...
00:00:02 [][53500405] disconnected at 6/2/2015 12:00:02 AM
Otherwise, if the connection isn't blacklisted then the sender's MX just isn't connecting if there is nothing in the SMTP Log (and thus no activity in the Delivery Log as there would be nothing to be Domain Forwarded). Even if it were being blocked by SMTP Blocking, Antispam Enabled for SMTP Blocking, or even Greylisted, the HELO/EHLO for both sides of the connection would be shown in the SMTP Log, along with the cmd: MAIL FROM: and cmd: RCPT TO: lines, followed with a rsp: 554 Sending address not accepted due to spam filter or rsp: 451 Greylisted, please try again in XXX seconds.
Scarab Replied
If you are using the MANAGE > VIEW LOGS function to view your logs you may not get results if if your SMTP Logs are large (depending on Server Resources, AppPool Timeouts, and Traffic your queries don't always render in the web interface after the logs exceed @ 100MB, and just show "No results found"). Take a look at your Logs with a Text Editor, the SmarterMail Log Analyzer, or use Grep to get a better picture of what is going on.

Reply to Thread