[SASAG] Decipher Exchange SMTP Logs
eric at kahklen.com
Mon Jan 26 14:46:49 PST 2009
Thanks for the great information.
I looked up their MX record and it looks like their load balancing with
two public servers. I used telnet to connect and issued the ehlo command
220 mx1.example.com ESMTP
250 SIZE 1048576
I forwarded this to their postmaster as suggested so hopefully some
actually reads that account :)
> On 2009-01-26 13:02 -0800, Eric Kahklen chatted:
>> We are having a problem where an attachment over 1 MB is being denied by
>> the destination mail server. They have told me they are not limiting
>> incoming email size. They are able to receive email with an attachment
>> less than 1 MB from my users. I've sent the same attachment from my
>> personal email account that is not using Exchange and have not yet
>> received a bound message yet, but have not heard from them if they got
>> message. Is there a way to know what their mail server's message size
>> limits are?
> You can only know the first hop. If they have mail go from your
> machine to their machine to one or more machines after their first,
> you have no idea what they'll accept. But that first one you can
> usually infer size limits based on SMTP header.s
>> My smtp logs show <, 250 SIZE 1048576 which should be 1 MB.
> That looks like their SMTP header. Try hitting their public
> mail server on port 25. You can figure out where the mail should
> go via
> $ host -t mx example.com
> then hit port 25 and issue an EHLO, e.g.
> $ telnet their.mx.machine.example.com 25
> 220 their.mx.machine.example.com ESMTP InferiourMail
> EHLO my.domain.example.com < You type this
> 250-SIZE 10240000
> 250 8BITMIME
> quit < You type this
> 221 Bye
> Connection closed by foreign host.
> This shows what they're advertizing as a hard inbound message
> size in the 'SIZE' line. If you can show them this says
> the 1048576 (1M) that you seem to have already found, this
> should help them.
> Note that to send an email with a 1MB attachment means encoding
> it in 7bit ascii, which bloats it up beyond 1MB.
> Brian Hatch "I use pico on any Unix that
> Systems and didn't ship with vi."
> Security Engineer -- Francois Caen
> Every message PGP signed
Mountlake Terrace, WA
More information about the Members