SMTP Protocol level

The table below contains a summary of a complete SMTP message transfer session between the sending MTA, tx-moon.com, and the receiving MTA, rx-earth.com.  In this  conversation the sending MTA is written in bold blue characters while the receiving MTA is in normal green characters, and comments are in italics.

 

Sender or Receiver

Comments

 

Sender tx-moon.com connects to port 25 at Receiver rx-earth.com and session is established

220 rx-earth.com ESMTP Sendmail 8.12.7/8.12.6; Mon, 10 Mar 2003

rx-earth.com announces that it is listening

HELO tx.moon.com

Sender identifies itself

250 Pleased to meet you

Receiver returns greeting

MAIL FROM: <sender@tx-moon.com>

Sender identifies the message sender's address

250 OK

Receiver confirms sender address

RCPT TO: <recipient@rx-earth.com>

Sender gives the address of the message recipient

250 OK

Receiver confirms the address

DATA

Sender states that it is about to transmit the message

354 Enter mail, end with CRLF.CRLF

Receiver states that it is ready to accept the message

message data transmission begins
:
:
:
.

Sender starts sending the message which includes the message header, body text, and any attachment(s)

 Period on line by itself indicates the end of the message data

250 OK

Receiver states that it got the entire message data

QUIT

Sender states that it is done

 

Receiver closes the connection

 

The Microsoft SMTP virtual server provides connection based filtering by using the IP address of the connected session, even before any greeting is exchanged.  These include the following.

  1. IP address of the connected session

  2. Domain name based on a reverse DNS lookup of the connected IP

  3. Relay control

Unfortunately this leaves out a very useful filtering technique that can eliminate a substantial amount of spam — the ability to check various DNS-based blacklist servers to see if the connected IP belongs to known spammer machines.  Praetor G2 provides this missing filter

Note:

 

If you were using the previous version 1.5 of Praetor, you will note that many other SMTP protocol level tests appear to have been removed.  In reality, these facilities have been moved to message-level testing resulting from this G2 version's reliance on the Windows 2000/XP SMTP virtual server.

      1. MAIL FROM sender address check
    2. MAIL FROM sender domain check
    3. RCPT TO recipient address check

Naturally, this will require the message to be received in its entirety instead of abruptly terminating the message transfer process by disconnecting the session.
 

 

Order of SMTP protocol level tests

The order of these tests are as follows.

  1. Banned IP blacklist

  2. Reverse DNS check on domain name

  3. Relay check

  4. DNS blacklist filter

 

Next