[unisog] email problem primer

Karyn Williams karyn at calarts.edu
Wed Feb 8 16:54:42 GMT 2006


I don't have such a document. However could you not just explain the
difference between a transient error (4XX) and a fatal error (5XX) code ?
That way they can look for the error code in the message and know whether
or not the message is still in the queue for delivery. 


At 03:41 PM 2/7/06 -0800, you wrote:
>People have supplied several links to somewhat useful information.  As you 
>might expect, most of it is related to spam or how to view headers, which 
>doesn't help me much.  I will have to explain server name/IP and time from 
>the Received lines, and probably also the recipient name.  Some of that I 
>can crib from the links.
>
>But more of what I am likely to need is shown by a recent example, suitably 
>munged.  The sender was here, but neither sender nor PC support could 
>understand the message they got back saying delivery was delayed.  I can 
>get the same error message from the mail logs, and I can even find the log 
>entry that shows the message was finally delivered to the recipient mail 
>server.  I don't want to....
>
>= = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>Date: Fri, 3 Feb 2006 21:02:35 -0800
>From: Mail Delivery Subsystem <MAILER-DAEMON>
>To: <me at mydomain>
>Subject: Warning: could not send message for past 4 hours
>Auto-Submitted: auto-generated (warning-timeout)
>
>     **********************************************
>     **      THIS IS A WARNING MESSAGE ONLY      **
>     **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
>     **********************************************
>
>The original message was received at Fri, 3 Feb 2006 16:41:11 -0800
>from 037102.mydomain [123.45.67.89]
>
>    ----- The following addresses had transient non-fatal errors -----
><you at yourdomain>
>
>    ----- Transcript of session follows -----
>... while talking to mx01-dom.earthlink.net.:
> >>> QUIT
><<< 421 #4.4.5 Too many connections to this host.
><you at yourdomain>... Deferred: Connection reset by mx01-dom.earthlink.net.
>Warning: message still undelivered after 4 hours
>Will keep trying until message is 2 days old
>
>Reporting-MTA: dns; mymailserver.mydomain
>Arrival-Date: Fri, 3 Feb 2006 16:41:11 -0800
>
>Final-Recipient: RFC822; you at yourdomain
>Action: delayed
>Status: 4.5.0
>Diagnostic-Code: SMTP;
>Last-Attempt-Date: Fri, 3 Feb 2006 21:02:35 -0800
>Will-Retry-Until: Sun, 5 Feb 2006 16:41:11 -0800
>
>Received: from me.mydomain (037102.mydomain [123.45.67.89])
>         by mymailserver.mydomain (AIX5.2/8.11.6p2/8.11.0) with ESMTP id 
>k140fBx105010;
>         Fri, 3 Feb 2006 16:41:11 -0800
>Date: Fri, 03 Feb 2006 16:41:10 -0800
>To: you at yourdomain
>From: me <me at mydomain>
>Subject: school
>
>Original message was here.....
>
>me
>= = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>
>I don't want to try to explain all possible error messages that might 
>appear in the body of a warning email, but I don't know what to include (or 
>how to reasonably describe in a short paragraph) what classes of errors 
>might appear.
>
>hermit921
>
>
>At 01:19 PM 2/7/2006, hermit921 wrote:
>>I have been asked to write a simple document for analyzing email
>>problems.  This will be given to PC support staff who know almost
>>nothing about email.  I know it will need to include:
>>1. how to determine who sent the message
>>2. how to determine who should have received the message
>>3. read a returned error message and figure out what it means
>>4. look at the headers and figure out what mail servers were involved and
when
>>
>>It will not include looking at mail logs.  It will not be mail client 
>>specific.
>>
>>Does anyone have such a document already?
>
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>
-- 

Karyn Williams
Network Services Manager
California Institute of the Arts
karyn at calarts.edu
http://www.calarts.edu/network


More information about the unisog mailing list