[SASAG] Decipher Exchange SMTP Logs

Brian Hatch bri at ifokr.org
Mon Jan 26 14:36:50 PST 2009

On 2009-01-26 13:02 -0800, Eric Kahklen chatted:

> We are having a problem where an attachment over 1 MB is being denied by
> the destination mail server.  They have told me they are not limiting
> incoming email size.  They are able to receive email with an attachment
> less than 1 MB from my users.  I've sent the same attachment from my
> personal email account that is not using Exchange and have not yet
> received a bound message yet, but have not heard from them if they got the
> message.  Is there a way to know what their mail server's message size
> limits are?

You can only know the first hop.  If they have mail go from your 
machine to their machine to one or more machines after their first,
you have no idea what they'll accept.  But that first one you can
usually infer size limits based on SMTP header.s

> My smtp logs show <, 250 SIZE 1048576 which should be 1 MB.

That looks like their SMTP header.  Try hitting their public
mail server on port 25.  You can figure out where the mail should
go via

  $ host -t mx example.com

then hit port 25 and issue an EHLO, e.g.

  $ telnet their.mx.machine.example.com 25
  220 their.mx.machine.example.com ESMTP InferiourMail
  EHLO my.domain.example.com   < You type this
  250-SIZE 10240000
  250 8BITMIME
  quit                         < You type this
  221 Bye
  Connection closed by foreign host.

This shows what they're advertizing as a hard inbound message
size in the 'SIZE' line.  If you can show them this says
the 1048576 (1M) that you seem to have already found, this
should help them.

Note that to send an email with a 1MB attachment means encoding
it in 7bit ascii, which bloats it up beyond 1MB.

Brian Hatch                  "I use pico on any Unix that
   Systems and                didn't ship with vi."
   Security Engineer         -- Francois Caen

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.sasag.org/pipermail/members/attachments/20090126/99e4b459/attachment.bin>

More information about the Members mailing list