session info

Problem reported by Sabatino - Today at 6:58 AM

Submitted

Sorry.

Does anyone have any idea what a session like this is?

Always open the connection until

rsp: 250 OK <user@domain.tld> Recipient ok

and then send the quit

[2026.02.18] 14:46:14.392 [xxx.yyy.53.132][64171561] Connection initiated

[2026.02.18] 14:46:14.392 [xxx.yyy.53.132][64171561] rsp: 220 smtp.mailserver.tld

[2026.02.18] 14:46:14.394 [xxx.yyy.53.132][64171561] connected at 2/18/2026 2:46:14 PM

[2026.02.18] 14:46:14.394 [xxx.yyy.53.132][64171561] Country code: HU

[2026.02.18] 14:46:14.413 [xxx.yyy.53.132][64171561] cmd: HELO s388.hubucoapp.com

[2026.02.18] 14:46:14.413 [xxx.yyy.53.132][64171561] rsp: 250 smtp.mailserver.tld Hello [xxx.yyy.53.132]

[2026.02.18] 14:46:14.433 [xxx.yyy.53.132][64171561] cmd: MAIL FROM:<info@hubucoapp.com>

[2026.02.18] 14:46:14.433 [xxx.yyy.53.132][64171561] senderEmail(1): info@hubucoapp.com

[2026.02.18] 14:46:14.823 [xxx.yyy.53.132][64171561] rsp: 250 OK <info@hubucoapp.com> Sender ok

[2026.02.18] 14:46:14.823 [xxx.yyy.53.132][64171561] Sender accepted. Weight: 10. Failed checks: UCEProtect Level 2 (10)

[2026.02.18] 14:46:14.843 [xxx.yyy.53.132][64171561] cmd: RCPT TO:<user@domain.tld>

[2026.02.18] 14:46:14.844 [xxx.yyy.53.132][64171561] rsp: 250 OK <user@domain.tld> Recipient ok

[2026.02.18] 14:46:14.864 [xxx.yyy.53.132][64171561] cmd: QUIT

[2026.02.18] 14:46:14.864 [xxx.yyy.53.132][64171561] rsp: 221 OK

[2026.02.18] 14:46:14.864 [xxx.yyy.53.132][64171561] disconnected at 2/18/2026 2:46:14 PM

Sabatino Traini
Chief Information Officer

Genial s.r.l.
Martinsicuro - Italy

3 Replies

Reply to Thread

Andrew Barker Replied

Today at 7:10 AM

Employee Post

This form of session is typically used to confirm whether a specific account exists. Depending on your specific setup, it could be an incoming gateway trying to determine if it should accept a message for that recipient. At the other end of the scale, it could be a third party trying to harvest email addresses.

Andrew Barker Lead Software Developer SmarterTools Inc. www.smartertools.com

Sabatino Replied

Today at 7:24 AM

Here's another one I don't understand

smtp

[2026.02.17] 18:42:55.836 [xxx.yyy.67.226][50751313] Connection initiated

[2026.02.17] 18:42:55.837 [xxx.yyy.67.226][50751313] rsp: 220 smtp.mailserver.tld

[2026.02.17] 18:42:55.838 [xxx.yyy.67.226][50751313] connected at 2/17/2026 6:42:55 PM

[2026.02.17] 18:42:55.838 [xxx.yyy.67.226][50751313] Country code: IT

[2026.02.17] 18:42:55.869 [xxx.yyy.67.226][50751313] cmd: EHLO smtpclient.apple

[2026.02.17] 18:42:55.870 [xxx.yyy.67.226][50751313] rsp: 250-smtp.mailserver.tld Hello [xxx.yyy.67.226]250-SIZE 699050666250-AUTH PLAIN LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250-SMTPUTF8250-DSN250 OK

[2026.02.17] 18:42:55.899 [xxx.yyy.67.226][50751313] cmd: STARTTLS

[2026.02.17] 18:42:55.899 [xxx.yyy.67.226][50751313] rsp: 220 Start TLS negotiation

[2026.02.17] 18:42:56.040 [xxx.yyy.67.226][50751313] cmd: EHLO smtpclient.apple

[2026.02.17] 18:42:56.040 [xxx.yyy.67.226][50751313] rsp: 250-smtp.mailserver.tld Hello [xxx.yyy.67.226]250-SIZE 699050666250-AUTH PLAIN LOGIN CRAM-MD5250-8BITMIME250-SMTPUTF8250-DSN250 OK

[2026.02.17] 18:42:56.091 [xxx.yyy.67.226][50751313] cmd: AUTH PLAIN fddsfgfsdfgsggfsdgs

[2026.02.17] 18:42:56.091 [xxx.yyy.67.226][50751313] Authenticating as user1@domain1.tld

[2026.02.17] 18:42:56.093 [xxx.yyy.67.226][50751313] rsp: 235 Authentication successful

[2026.02.17] 18:42:56.093 [xxx.yyy.67.226][50751313] Authenticated as user1@domain1.tld

[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] cmd: MAIL FROM:<user1@domain1.tld>

[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] senderEmail(1): user1@domain1.tld

[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] rsp: 250 OK <user1@domain1.tld> Sender ok

[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] Sender accepted. Weight: 0.

[2026.02.17] 18:42:56.145 [xxx.yyy.67.226][50751313] cmd: RCPT TO:<user2@domain2.tld>

[2026.02.17] 18:42:56.146 [xxx.yyy.67.226][50751313] rsp: 250 OK <user2@domain2.tld> Recipient ok

[2026.02.17] 18:42:56.172 [xxx.yyy.67.226][50751313] cmd: DATA

[2026.02.17] 18:42:56.172 [xxx.yyy.67.226][50751313] Performing PTR host name lookup for xxx.yyy.67.226

[2026.02.17] 18:42:56.189 [xxx.yyy.67.226][50751313] PTR host name for xxx.yyy.67.226 resolved as host-xxx-yyyy-67-226.business.telecomitalia.it

[2026.02.17] 18:42:56.191 [xxx.yyy.67.226][50751313] rsp: 354 Start mail input; end with <CRLF>.<CRLF>

[2026.02.17] 18:42:56.220 [xxx.yyy.67.226][50751313] senderEmail(2): user1@domain1.tld parsed using FROM: Antonio<user1@domain1.tld>

[2026.02.17] 18:44:59.123 [xxx.yyy.67.226][50751313] rsp: 421 Command timeout, closing transmission channel

[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] Successfully wrote to the HDR file. (D:/SmarterMail/Spool/SubSpool6/59076544.hdr)

[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] data transfer failed. EndAsyncProcessing:NotInDataMode

[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] rsp: EndAsyncProcessing:NotInDataMode

[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] disconnected at 2/17/2026 6:44:59 PM

delivery

[2026.02.17] 18:42:58.141 [59076544] Delivery started for user1@domain1.tld at 6:42:58 PM

[2026.02.17] 18:45:01.656 [59076544] Delivery failed for user1@domain1.tld at 6:45:01 PM [id:59076544]

Both user1@domain1.tld

and

user2@domain2.tld

are existing local users.

The delivery fails without specifying any reason.

Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy

Sabatino Replied

Today at 7:31 AM

Sorry...

I'll answer myself

I didn't see the

data transfer failed

:-(

Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text