How to Monitor an SMTP Server

When a user in an organization sends an email, a lot happens behind the scenes. When the user clicks send, the message is handed off to a service running the simple mail transport protocol (SMTP). It is the job of the SMTP service to contact the recipient mail server and transfer the message to the mail server. If the SMTP service stops responding, mail cannot be sent.

There are several reasons a mail server could lose its ability to send mail. Here are just a few:

1. The mail server could lose its connection to the Internet.

2. The mail server could run out of resources (like disk space) which might cause the operating system to crash or hang.

3. A mail administrator could make a configuration error that might cause the service to become confused about how to send mail.

4. A mail server could be added to a blacklist preventing it from sending mail to any recipient server using that blacklist as resource to eliminate spam.

Since outgoing mail is a function that is critical for almost every organization, it is very import to have in place some method to monitor the service. Some website monitoring services also provide support for monitoring SMTP. Here’s how it works:

First, the website monitoring service will attempt to establish a socket connection with the SMTP server using the transmission control protocol (TCP). This involves sending a SYN packet to the SMTP server and waiting for an ACK packet in response. If no ACK is received, the monitoring service knows that the SMTP service is not responding to requests.

Next, assuming the ACK was received and a socket connection has been successfully set up, the monitoring service will try to communicate using protocol commands. Here is one way that could work (you can test this out for yourself using the well-known terminal program Telnet):

1. If the connection was established, the mail server will respond with its banner, usually something like “Connected to mail.somedomain.net.” If no banner is received, something is probably wrong.

2. Next, the monitoring service will introduce itself just as if it were a mail user by sending the “HELO” command followed by an origin domain for the email. So the complete command might look like “HELO my.domain.net.”

3. If all is going well, the SMTP server will respond with something like “250 Hello my.domain.net, pleased to meet you.”

At that point it is established that the SMTP server is responding to connection requests and is ready to receive more commands. If the monitoring service notices a failure at any of these points it can log the failure, the time, and any content that was received which may help diagnose the problem. The service will then send out alerts by email, SMS text or even using a real phone call.

For most monitoring applications, this is enough to get a basic sanity check on the functioning of the mail server. Some website monitoring services go further by allowing you to design a script to thoroughly test the mail sending process. This more advanced process involves interacting with a POP3 or IMAP4 mail server as well and will be covered in a future article.