Interpret SMTP Logs For Windows Server IIS
Some reasons a network admin want's to check their SMTP logs could be for:
-E-mails delayed/not sent
-Suspicious emails
-Abuse of SMTP relay emails
-Unexpected amounts of emails
-Sourcing of an email
Windows IIS Logging for SMTP server is verbose for you to understand what's going on with those emails. Here's how to enable these logs and interpret them.
- Open Start > Programs > Administrative Tools > Internet Information Service (IIS) Manager. Right click "Default SMTP Virtual Server" and choose "Properties". Check "Enable logging".
- Go to properties and select all options
- Logs will immediately begin populating. Check the logs by going to C:\WINDOWS\system32\LogFiles\SMTPSVC1.
SMTP CODES
| Status Code | Description |
| 211 | System status, or system help reply |
| 214 | Help message |
| 220 | Service ready |
| 221 | Service closing transmission channel |
| 250 | Requested mail action okay, completed |
| 251 | User not local; will forward to |
| 354 | Start mail input; end with "." |
| 421 | Service not available, closing transmission channel |
| 450 | Requested mail action not taken: mailbox unavailable |
| 451 | Requested action aborted: local error in processing |
| 452 | Requested action not taken: insufficient system storage |
| 500 | Syntax error, command unrecognized |
| 501 | Syntax error in parameters or arguments |
| 502 | Command not implemented |
| 503 | Bad sequence of commands |
| 504 | Command parameter not implemented |
| 550 | Requested action not taken: mailbox unavailable |
| 551 | User not local; please try |
| 552 | Requested mail action aborted: exceeded storage allocation |
| 553 | Requested action not taken: mailbox name not allowed |
| 554 | Transaction failed |
* Please use the comment form below. Comments are moderated.*
Comments