Alternate Conversion Channel

On a previous post, It was recomended that I use
the "Alternate Conversion Channel" setup as per
http://ims.balius.com/downloads/AlternateConversion.pdf
I just seem to have trouble getting it to work. After applying
the settings, The IMS does not change its
behavior at all. Did I miss something?
No messages are going to the tcp_scan channel.
I am using 5.2 Patch 1.
Thanks
Paul

We did that, and the config dat file seems
to be the correct version. Still back to root problem
of "Alternate Conversion Channel" not working as
documented in Chads.
I attached the output of imsimta test.
C:\iPlanet\Server5\msg-icpmail>imsimta test -rewrite [email protected]
Warning - compiled configuration does not match configuration files
-- Modification time mismatch for configuration file C:/iPlanet/Server5/msg-icp
mail/imta/config/option.dat
forward channel = l
channel description =
channel user filter =
dest channel filter =
source channel filter =
channel flags #0 = BIDIRECTIONAL MULTIPLE IMMNONURGENT NOSERVICEALL
channel flags #1 = NOSMTP DEFAULT
channel flags #2 = COPYSENDPOST COPYWARNPOST POSTHEADONLY HEADERINC NOEX
PROUTE
channel flags #3 = NOLOGGING NOGREY NORESTRICTED RETAINSECURITYMULTIPART
S
channel flags #4 = EIGHTBIT NOHEADERTRIM NOHEADERREAD RULES
channel flags #5 =
channel flags #6 = LOCALUSER REPORTHEADER
channel flags #7 = NOSWITCHCHANNEL NOREMOTEHOST DATEFOUR DAYOFWEEK
channel flags #8 = NODEFRAGMENT EXQUOTA REVERSE NOCONVERT_OCTET_STREAM
channel flags #9 = NOTHURMAN INTERPRETENCODING USEINTERMEDIATE RECEIVEDF
ROM VALIDATELOCALSYSTEM NOTURN
defaulthost = icpcorp.com icpcorp.com
linelength = 1023
channel env addr type = SOURCEROUTE
channel hdr addr type = SOURCEROUTE
channel official host = icpmail.icpcorp.com
channel queue 0 name = LOCAL_POOL
channel queue 1 name = LOCAL_POOL
channel queue 2 name = LOCAL_POOL
channel queue 3 name = LOCAL_POOL
channel after params =
channel user name =
urgentnotices = 1 2 4 7
normalnotices = 1 2 4 7
nonurgentnotices = 1 2 4 7
channel rightslist ids =
local behavior flags = %x7
backward channel = l
header To: address = [email protected]
header From: address = [email protected]
envelope To: address = [email protected] (route (icpmail.icpcorp.com,icpma
il.icpcorp.com)) (host icpcorp.com)
envelope From: address = [email protected]
name =
mbox = dtripo
Extracted address action list:
[email protected]
Extracted 733 address action list:
[email protected]
Address list expansion:
dtripo@ims-ms-daemon
1 expansion total.
Expanded address:
[email protected]
Submitted address list:
ims-ms
dtripo@ims-ms-daemon (orig [email protected], host ims-ms-daemon) *NOTIFY-F
AILURES* NOTIFY-DELAYS
Submitted notifications list:
C:\iPlanet\Server5\msg-icpmail>

Similar Messages

  • Setting up the Conversion Channel

    Hello
    I am trying to set up the conversion channel for virus scannin using McAfee products and I cannot get it to work. The mail log shows that it is going through the conversion channel but the scanpm.exe does not execute. Any help would be appreicated.
    Chris Toledo
    City Colleges of Chicago

    Chris, the conversion channel debugs the same way any other channel debugs.
    you can bot both master_debug and slave_debug on the channel definition line, recompile the config, and restart the dispatcher
    You then get one file per message as the message flows through the system.
    Since there are many ways to implement the conversion channel, and the alternate conversion channel, and some of these depend on the exact version of your messaging server (which you neglected to mention), there's really not a lot I can do, yet, to help you.

  • Delete specific attachment file through Conversion Channel ?

    version : iMS5.2 sp1
    O/S : Solaris 2.6 Generic_105181-29
    I wanted to delete specific attachment file(ex: ALTDESK.ZIP) through Conversion Channel.
    So I set up like below..
    1) In mappings file
    =================
    CONVERSIONS
    IN-CHAN=tcp_intranet;OUT-CHAN=tcp_local;CONVERT Yes
    ==============
    I only want to delete attached file from tcp_intranet to tcp_local.
    2) msg-INSTANCE/imta/config/conversions
    example mail header ::
    --- omit ----
    MIME-version: 1.0
    X-Mailer: iPlanet Messenger Express 5.2 Patch 1 (built Aug 19 2002)
    Content-type: multipart/mixed; boundary=--6b2385053506b85
    Content-language: ko
    X-Accept-Language: ko
    Priority: normal
    This is a multi-part message in MIME format.
    ----6b2385053506b85
    Content-Type: text/plain; charset=EUC-KR
    Content-Disposition: inline
    Content-Transfer-Encoding: quoted-printable
    ----6b2385053506b85
    Content-Type: application/x-zip-compressed
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename=ALTDESK.ZIP
    - conversions file setting
    ==================================================
    in-channel=tcp_intranet; out-channel=tcp_local;
    in-type=application; in-subtype=x-zip-compressed;
    parameter-symbol-0=ALTDESK.ZIP; parameter-copy-0=*;
    dparameter-symbol-0=ALTDESK.ZIP; dparameter-copy-0=*;
    message-header-file=2; original-header-file=1;
    override-header-file=1; override-option-file=1;
    command="/product/leeky/convert.sh"
    ============================================
    3) /product/leeky/convert.sh file
    ========================
    #!/bin/sh
    if [ $? -eq 1 ]; then
    echo "STATUS=178030178" >> $OUTPUT_OPTIONS
    else
    cp $INPUT_FILE $OUTPUT_FILE
    fi
    =========================
    4) The problems I face are
    - All of zip files which are filtered is deleted. As you can see 2) I only want to delete ALTDESK.ZIP file
    But, all of the zip-compressed files are deleted at the moment.
    - This converison channel is work(even if all zip-compressed files are deleted). But sometimes this is not
    working(2 or 3 times out of 10). I don not know why.
    - Above all, I am not sure 2) and 3) settings are good. English is a second language to me. So it was
    not easy to understand conversion channel setting in Admin Guide.
    - How can I see the out put of "$OUTPUT_OPTIONS" ? I do not know where I can see that.
    Is there anybody to help me ?

    The section of the admin guide which can help is:
    http://docs.sun.com/source/816-6009-10/channel2.htm#42283
    Here there is an explanation of how the mime headers of the message part would align with the entries one would put into the conversions file entry. (The document has an error where it talks about APPARENT_NAME and APPARENT_FILENAME. It should really say the words "NAME" and "FILENAME" respectively).
    Based on that document, the MIME headers of your message part :
    Content-Type: application/x-zip-compressed
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename=ALTDESK.ZIP
    will align with a conversions file settiong of:
    in-channel=tcp_intranet; out-channel=tcp_local;
    in-type=application; in-subtype=x-zip-compressed;
    parameter-symbol-0=NAME; parameter-copy-0=*;
    dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
    message-header-file=2; original-header-file=1;
    override-header-file=1; override-option-file=1;
    command="/product/leeky/convert.sh"
    and a /product/leeky/convert.sh script which reads something like:
    #!/bin/sh
    grep "$FILENAME" /product/leek/badfiles.list
    if [ $? -eq 1 ]; then
    echo "STATUS=178030178" >> $OUTPUT_OPTIONS
    else
    grep "$NAME" /product/leek/badfiles.list
    if [ $? -eq 1 ]; then
    echo "STATUS=178030178" >> $OUTPUT_OPTIONS
    else
    cp $INPUT_FILE $OUTPUT_FILE
    fi
    fi
    The lines:
    parameter-symbol-0=NAME; parameter-copy-0=*;
    dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
    tells the conversion channel to make the environment variable $NAME avaliable to your program with a value corresponding to the "name=" clause on the Content-Type line of the MIME headers. The environment variable $FILENAME is made avalable to your program and takes on the value extracted from the filename=" clause on the content-disposition line of the MIME headers.
    The document at :
    http://docs.sun.com/source/816-6092-10/conversion.html
    may help provide other examples.

  • Could I redirect a message passing by the conversion channel

    I Have IMS 5.2 p1, and I am searching about how I can forward a message to a certain mailbox depending on the message attachment. I can only delete the attachment, or hold the message. but cannot redirect the message to another destination recipient ?
    Is there a way to do this ?
    Please if anyone could help, it is very urgent.
    Thanks.

    I Have IMS 5.2 p1, and I am searching about how I can
    forward a message to a certain mailbox depending on
    the message attachment. I can only delete the
    attachment, or hold the message. but cannot redirect
    the message to another destination recipient ? Actually you probably could redirect this by using
    a sieve filter easier than a conversion channel.
    But it is possible if you write the appropriate
    headers replacing the envelope to: be the new
    recipient you could "forward" the message I believe.
    For detail support of this nature, I suggest
    you call support who can better diagnose
    what it is you're trying to do and how best
    to accomplish it.
    >
    Is there a way to do this ?
    Please if anyone could help, it is very urgent.
    Thanks.

  • Mutiple enqueues to the conversion channel

    Hi ,
    I did set up a conversion where an AV product
    scans an message before sending to the next channel ( basically ims-ms,tcp-local or tcp_intranel ) for delivery.
    Recently I noticed that if I send an e-mail to 2 recipients(for instance) , a double copy of the message is enqueued the conversation channel and the AV product scans twice the same message ...
    By adding the multiple keywords to the channel option , I can improve things so that if my 2 recipients are to be dequeued to the same channel it is scanned once ( for instance the 2 recipients are to be delivered local delivery)
    But if it has to be delivered to 2 different channels ( for instance local and extranet) , it is still scanned twice.
    Any option I am missing ? Can I instruct the channel to work only on the envelope of the message ?
    Any help appreciated.
    Thanks

    I see there at least 2 reallly good ideas
    Yep, that's how the conversion channel works.First one knowning that Sun suggests to use the
    conversion channel for AV purpose , scanning based on
    recipients rather than envelope is just a fantastic
    for system usage.Our recommendations do change, as we incorporate new features, and our partners add new features, too.
    Currently, the conversion channel is the recommended route IF the virus scanner is to be run via command-line. There are indeed some tradeoffs involved with the conversion channel, especially the inherent overhead of starting new processes for each message, address expansion before conversion, and such. This puts a limit on maximum throughput.
    >
    If your virus scanner works via smtp, you can use
    the "aliasdetourhost" keyword instead, and send
    such before address expansion. this requires
    5.2hf2.02 or later.Second one, if my AV does why should I bother using
    iMS , I just use my AV/SMTP package ? While we find that most AV packages are very good at AV, most of them (all I have seen), aren't very good at being a well-behaved SMTP server. The skills that are useful for writing an AV package are very different from those required to create a well-behaved SMTP product.
    We find that when most folk expose an AV's smtp port to the general internet, you can get lots of problems, including:
    Dropped messages
    error messages
    much higher load on the AV hardware.
    To help deal with such, we recommend using Sun JES' MTA to "wrap" the AV system. By accepting all mail with our MTA, you first get the ability to reject mail that's not addressed to actual users, the ability to throttle connections, to "fix" many types of badly-formed messages, etc.
    The new "aliasdetourhost" keyword allows you to select an incoming channel's messages to be sent to an AV system and to accept those messages back into the queue, at high performance, without starting up a new process for each message, and only once per message, even if it's addressed to all of your users. . . .
    >
    Likely a bad idea, but I have no idea what you did. . .
    Thanks for the input even without a clear idea.

  • IMS5.2 on W2K Conversion Channel woes

    I have been working with the conversion channel in order to scan email attachments for viruses. It all seems to be working with the exception of one thing: the environment variables become intermittantly corrupted. Here is an example:
    INPUT_FILE = e:/email/iPlanet/Server5/msg-smtp/imta/tmp/-CO-_ZO7008P0Y4MCCG01RK.00
    INPUT_HEADERS = e:/email/iPlanet/Server5/msg-smtp/imta/tmp/-HO-_ZO7008P104MCCG01RK.00���
    As you can see, at the end of the value for the INPUT_HEADERS variable there appear to be extended characters. This type of "corruption" appears randomly (in terms of timing as well as as which environment variables are affected).
    Due to the length of the path to the different files (INPUT_FILE, INPUT_HEADERS, OUTPUT_OPTIONS, etc.) I can only pass 3 variables via the command line. For the rest of the information I must rely on the environment variables.
    How can I get consistant and reliable environment variables?

    This is EXACTLY the reason the title page to our forum strongly suggests that you run
    imsimta version
    and provide that as part of your post.
    corruption to conversion files is indeed present in some hotfix versions.
    I can confirm if you have such a version, if you would post your exact version.
    To get a current/fixed version, you have to open a tech support case.

  • Sending mails via conversion channel according to sender

    Hi
    I need to run a script on some mails sent by specific users.
    I am using the conversion channel, but in that way all mails using that channel are using the script.
    I need that only mails from specific users will use that script.
    What is the best method to do so?
    Thanks
    Shlomi

    Hi
    I followed the document, but had some problems.
    First, When adding the Tag to the mapping file it didn't seem to work, so I put it in the conversion file and then, as it should be, only mails from users that had the tag run via the conversion.
    However, it is working only with internal mail.
    When sending mails to servers outside my network this tag is ignored.
    When sending mail internaly this is the output of the imsimta test -rewrite command:
    +# imsimta test -rewrite [email protected] [email protected]+
    address channel        =
    forward channel        =
    backward channel       =
    unique identifier      =
    header forward address = [email protected], [email protected]
    header reverse address = [email protected], [email protected]
    envelope forw address  =
    envelope rev address   =
    name                   =
    mbox                   =
    Extracted address action list:
    [email protected]
    [email protected]
    Extracted 733 address action list:
    [email protected]
    [email protected]
    Address list expansion:
    -13 expansion total.
    Expanded address:
    [email protected], [email protected]
    Submitted address list:
    ims-ms
    +me@ims-ms-daemon (orig [email protected] [email protected], inter [email protected], initial [email protected] [email protected], host ims-ms-daemon) NOTIFY-FAILURES NOTIFY-DELAYS {color:#ff0000}tag 111{color}+
    Submitted notifications list:
    The tag value is 111, in that case any mail from a user with the value 111 in the mailConversionTag is sent to the conversion channel.
    When sending mail to external address I get this:
    +# imsimta test -rewrite [email protected] me@external_domain.com+
    address channel        =
    forward channel        =
    backward channel       =
    unique identifier      =
    header forward address = [email protected], me@external_domain.com
    header reverse address = [email protected], me@external_domain.com
    envelope forw address  =
    envelope rev address   =
    name                   =
    mbox                   =
    Extracted address action list:
    [email protected]
    me@external_domain.com
    Extracted 733 address action list:
    [email protected]
    me@external_domain.com
    Address list expansion:
    -13 expansion total.
    Expanded address:
    [email protected], me@external_domain.com
    Submitted address list:
    ims-ms
    +me@ims-ms-daemon (orig [email protected] me@external_domain.com, inter [email protected], initial [email protected] me@external_domain.com, host ims-ms-daemon) NOTIFY-FAILURES NOTIFY-DELAYS {color:#ff0000}tag 111{color}+
    tcp_local
    +me@external_domain.com (orig [email protected] me@external_domain.com, initial [email protected] me@external_domain.com, host external_domain.com) NOTIFY-FAILURES NOTIFY-DELAYS+
    Submitted notifications list:
    It looks like after the first phase the tag in not forwarded.
    Do I have to enable something so it will be forwarded?
    Thanks,
    Shlomi

  • Fastening Processing of conversion channel

    Hi
    I am using ims52 and i have a conversion channel on my mail server.
    Now corrospinding to this channel there is a conversion queue.
    This queue grows up to a big number and the processing is slow on this channel so the mail reaches to customer in delay.
    Please let me know the parameters that i need to modify to fasten the processing on this queue.
    Regards
    Rajeev Kumar

    There was another query, exactly the same as yours, in the last day or two.
    Ah there is is. And it is indeed yours. Here's the link to it:
    http://swforum.sun.com/jive/thread.jspa?threadID=51178&tstart=15
    and what I asked:
    If the conversion channel is taking a lot of cpu, it's certanly working.
    If you have the original 5.2 bits, and have not applied the p2 patch, there are several, known problems that have been long fixed.
    If you have the p2 bits on, you may want to increase the number of processes, or re-examine what you're doing in the conversion channel. Conversion is not as high-performance as much of the rest of the server, as it requires starting a process for each message.
    You may simply have more work than the conversion channel can handle on your hardware.
    What is it you're doing in conversion?

  • Conversion channel

    Hi jay,
    I am planning to replace the conversion channel virus scanning by the aliasdetourhost technique --- which I will be able to implement after hf 2.07.
    The conversion channel is actually giving me problems on performance.
    So I read ur doc in sunsolve were u have used clamav and amias-new...
    I installed it on a test setup and found it interesting ---
    The aliasdetourhost lets me to segregate the machines as MTA / STORE and virus/spam scanner...
    Just wanted you to suggest me onething ... can i use the sophos in a similar way in tandom with aliasdetourhost thing ...

    Sure. Amavis should be able to support that, or if Sophis has it's own smtp wrapper, you can use that.

  • Conversion channel and hf 2.07

    Hi,
    After I applied hf 2.07....I see definite improvement in the way conversion channel is behaving....though I did not do any conversion tuning as suggested by jay...still post hf2.07, the conversion processes have multiplied ...now I can c three conversion processes instead of one....therefore the dequeue also has improved.
    I wonder why this has happened ... ! I did not touch the conversion maxjobs or threaddepth!!! just applied hotfix.
    Also on my MTA routers ...the conversion processes eventually reduce to one process from 3......even if the conversion queue is having considerable mails in queue....if I restart MTA comp....again three conversion processes start, which dequeue the conversion queued messages fast.....but again when the queue falls to zero ....one conversion process remains....but the processes don't increase as the messages in queueu increases ??
    SO I have to restart MTA services for fast conversion dequeue ...!!
    Why don't the conversion processes increase in number according to incoming mail traffic ???? Why do multiple conversion processes start only on restarting the MTA (imsimta refresh)????
    Also one more thought on conversion tuning....as suggested by jay...threaddepth on conversion ? If i see the refrence guide it states that threaddepth does not apply to conversion and some other channel.....!!!!!
    Thanks
    MSGADMIN

    Hi jay,
    I did not add anything on conversion yet.
    Just applied the hotfix 2.07.
    The performance has definetly improved after hotfix....in a sense...now conversion daemons have multiplied.....and thus the message dequeue in the conversion channel has improved a lot.
    But, now that I am observing this new phenomenon, I observerd the conversion processes reduce to one in number...eventually.
    When mail traffic goes high...the conversion process does not multiply consistently.....sometimes even 100 mails would not convince the jobcontroller to start multiple conversion processes....and sometimes even 20 mails would do.
    A restart would always start 3 conversion processes....
    With my settings ....default on conversion ....
    default on tcp_local except maxjobs 20
    I am having 3 conversion processes ...
    I have not done any tuning yet on conversion....

  • 2 conversions channels

    Hi.
    I am using Messaging Server 5.2 p2 in Solaris 8, and I have a conversion channel for antivirus, now I want to add a disclaimer, I saw I can do this with conversion channel, can I use 2 conversions channels?
    How can I do this?
    Thanks a lot.

    using the conversion channel to add a disclaimer only works on text documents. In any case, it's a pretty useless device.
    There's really no need for two conversion channel passes, just add the script stuff to your anti-virus script.

  • Local domain, IIS Hosting and SMTP issues.

    I have a local domain on Windows server 2012 with dns, dhcp, iis and smtp. (Yes, I am aware of the dangers of these combinations) it is for learning purposes only and not my main pc. 
    My local domain is willow.run and I am hosting a website, the domain for that is machinerylubricant.com I have IIS 8 installed (6.0 also for smtp) 
    My original issue was getting IIS to send an email to localhost through a php script for a contact form hosted on the website. I finally got to where it appears to be sending the contact form info to my drop folder but I ahve no idea how to get that .EML
    file to actually forward to gmail account or even outlook on my computer/server. 
    In the email file (.eml in drop folder) it says "To: *******@gmail.com" as it is supposed to but that email is not making it to the specified gmail account. Also no error messages in the ph logs or the log files for smtp. How would I go about setting
    up a email program to work on the lan with the acual www domain name I own? 
    I am learning everything at once basically, windows server, coding, protocols etc. Please bare with me.

    Rather than answer your specific question, how about I give you the best way to achieve what you're looking for?
    For inbound messages, you want to use the "aliasdetourhost" keyword. Check the documentation for how this is set up.
    For outbound messages, you want to use the "alternate conversion channel"
    When used together, this will achieve what you're looking for, without the looping that you have generated....
    The alternate conversion channel was written up here:
    http://ims.balius.com/resources/downloads/files/AlternateConversion.pdf

  • Using an Antispam and antivirus with ims as a relay

    Hi Jay,
    I've setup an IMS 5.2 sp1 on my DMZ to relay mail to my inside IMS 5.2 sp1 and I'd like to send all incoming and outgoing email for scan with a virus scanner on a different box, I did the following:
    1- setup and IMS as a relay
    2- I activate direct ldap on the relay so I able to ldapsearch for users from the relay (on DMZ)
    3- I followed the document http://ims.balius.com/downloads/AlternateConversion.pdf
    should I add the keyword daemon fqdn.mailhost to get the mail relayed or not, because I'm not able to receive email with the setup I have.
    Thanks

    I can't claim to be a qualified architect, BUT
    consider the path of each possible piece of mail, and how it's going to route.
    Mail arriving at relay from outside. Comes in tcp_local. Goes out tcp_intranet. Gets smarthosted to virus scanner. Now, if scanner sends it back, you have a loop. Bad. Ok, use alternate conversion channel. Mail comes in. Routes to scanner and back. Gets relayed to store. Good. Assume this for next piece of mail.
    Mail coming from internal user. goes to store first. Gets routed to mailstore, and never leaves the box. No virus scan. Bad.
    Ok, different scenario.
    Mail from relay. goes to store box. Store box configured with alternate conversion channel. Mail sent to virus scanner, returned to store, and delivred to user. Good.
    Mail from user. comes into store box. Using alternate conversion channel, sent to virus scanner and returned to store, to be delivered to store, or sent out to relay for external delivery. Also good.
    Simple, and straightforward. No mess.

  • Aliasdetourhost

    We have been trying to configure our system
    to use an external virus scanner without
    success.
    We tried "Alternate Conversion Channel" and
    we were pretty sure we did it according to the
    doc, but the system never changes its behaviour.
    We downloaded 5.2 Patch2, and applied it this
    morning, and used the aliasdetourhost as per
    sun solv document id #77689,
    but it still does not change its behaviour.
    We added the conversion channel in the imta.cnf
    just like this:
    ! tcp_scan
    tcp_scan smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL daemon relay.icpcorp.com dequeue_removeroute
    tcp_scan
    Then we changed the tcp_local file as shown below:
    ! tcp_local
    tcp_local smtp mx single_sys remotehost inner switchchannel identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth
    missingrecipientpolicy 0 mailfromdnsverify aliasdetourhost tcp_scan
    tcp-daemon
    We did the imsimta cnbuild and restart
    Email still gets delivered normally. I think we are
    missing something.
    Paul

    we have tested local, and email coming in from external.
    still cant seem to get anything
    to switch to the tcp_scan channel.
    I am sure that you must hate when people post the whole
    config file, but I am hoping that something might POP
    out at you.
    If its any clue, I tried to add the daemon <ext host> to the
    tcp_local channel, I would have expected a loop, but
    it still did not send anything to the external smtp server.
    ! VERSION=1.2
    ! Modified by IMS administration server on: Wed Sep 17 12:56:22 EDT 2003
    ! IMTA configuration file
    ! part I : rewrite rules
    ! DNS canonicalization rules. Uncomment this line to enable DNS
    ! address canonicalization.
    ! Please refer to the iMS documentation for details
    !<IMTA_TABLE:dns_canonical.rules
    ! Domain Rewrite Rules.
    ! Uncomment this line to use domain rewrite rules
    ! from the configuration file instead of the domain database.
    ! Please refer to the iMS documentation for details.
    !<IMTA_TABLE:domains.rules
    ! Rules to select local users
    ! Uncomment the next line for Direct LDAP mode
    ! $* $E$F$U%[email protected]$V$H
    icpmail.icpcorp.com $U%[email protected]
    icpcorp.com $U%[email protected]
    ! ims-ms
    .ims-ms-daemon $U%$H.ims-ms-daemon@ims-ms-daemon
    ! pipe
    .pipe-daemon $U%$H.pipe-daemon@pipe-daemon
    ! tcp_local
    ! Rules for top level internet domains
    <IMTA_TABLE:internet.rules
    . $U%$H@tcp-daemon
    ! tcp_intranet
    ! Do mapping lookup for internal IP addresses
    [] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
    .icpcorp.com $U%$H.icpcorp.com@tcp_intranet-daemon
    * $U%$&0.icpcorp.com
    ! reprocess
    reprocess $U%reprocess.icpmail.icpcorp.com@reprocess-daemon
    reprocess.icpmail.icpcorp.com $U%reprocess.icpmail.icpcorp.com@reprocess-daemon
    ! process
    process $U%process.icpmail.icpcorp.com@process-daemon
    process.icpmail.icpcorp.com $U%process.icpmail.icpcorp.com@process-daemon
    ! defragment
    defragment $U%defragment.icpmail.icpcorp.com@defragment-daemon
    defragment.icpmail.icpcorp.com $U%defragment.icpmail.icpcorp.com@defragment-daemon
    ! conversion
    conversion $U%conversion.icpmail.icpcorp.com@conversion-daemon
    conversion.icpmail.icpcorp.com $U%conversion.icpmail.icpcorp.com@conversion-daemon
    ! bitbucket
    bitbucket $U%bitbucket.icpmail.icpcorp.com@bitbucket-daemon
    bitbucket.icpmail.icpcorp.com $U%bitbucket.icpmail.icpcorp.com@bitbucket-daemon
    ! deleted
    deleted-daemon $U%$H@deleted-daemon
    .deleted-daemon $U%$H@deleted-daemon
    ! inactive
    inactive-daemon $U%$H@inactive-daemon
    .inactive-daemon $U%$H@inactive-daemon
    ! hold
    hold-daemon $U%$H@hold-daemon
    .hold-daemon $U%$H@hold-daemon
    ! part II : channel blocks
    defaults notices 1 2 4 7 copywarnpost copysendpost postheadonly noswitchchannel immnonurgent maxjobs 7 defaulthost icpcorp.com icpcorp.com
    ! tcp_scan
    tcp_scan smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL daemon relay.icpcorp.com dequeue_removeroute switchchannel MASTER_DEBUG SLAVE_DEBUG
    tcp_scan
    ! delivery channel to local /var/mail store
    l subdirs 20 viaaliasrequired maxjobs 7 pool LOCAL_POOL
    icpmail.icpcorp.com
    ! ims-ms
    ! for Direct LDAP mode remove "filter ssrd:$A" from the keywords below
    ims-ms defragment subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 1 pool IMS_POOL fileinto $U+$S@$D filter ssrd:$A
    ims-ms-daemon
    ! pipe
    pipe single defragment subdirs 20
    pipe-daemon
    ! tcp_local
    tcp_local aliasdetourhost tcp_scan smtp mx single_sys remotehost inner identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 mailfromdnsverify
    tcp-daemon
    ! tcp_intranet
    tcp_intranet aliasdetourhost tcp_scan smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchannel tcp_auth
    tcp_intranet-daemon
    ! tcp_submit
    tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver
    tcp_submit-daemon
    ! tcp_auth
    tcp_auth smtp mx single_sys mustsaslserver
    tcp_auth-daemon
    ! tcp_tas
    tcp_tas smtp mx single_sys allowswitchchannel mustsaslserver maytlsserver deliveryflags 2
    tcp_tas-daemon
    ! reprocess
    reprocess
    reprocess-daemon
    ! process
    process
    process-daemon
    ! defragment
    defragment maxjobs 1
    defragment-daemon
    ! conversion
    conversion
    conversion-daemon
    ! bitbucket
    bitbucket
    bitbucket-daemon
    ! deleted
    deleted
    deleted-daemon
    ! inactive
    inactive
    inactive-daemon
    ! hold
    hold slave
    hold-daemon
    ! autoreply
    autoreply defragment subdirs 20
    autoreply-daemon

  • Sophos mailmonitor --Contd

    These are the logs
    External Users/Domains: [email protected], [email protected]
    Internal Users/Domains: [email protected], [email protected], [email protected]
    These are hosted on iplanet...
    Alternate Conversion channel approach is used as per Chad's PDF
    ----AVBOX------------------MTA---------------EXTMAILSVR
    ............................................|
    ............................................|
    ........................................Store/Dir Server
    ==============================================
    Mail from USER hasan -> preetam & nasarullah
    ==============================================
    ON MTA
    ========
    21-Sep-2005 10:02:51.24 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1233 SMTP
    21-Sep-2005 10:02:59.50 tcp_local tcp_scan E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:02:59.50 tcp_local tcp_scan E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:02:59.50 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:02:59.50 > From: "hasan" <[email protected]>
    21-Sep-2005 10:02:59.50 > Subject: Attachment
    21-Sep-2005 10:02:59.50 > To: "nasarullah" <[email protected]>
    21-Sep-2005 10:02:59.50 > Cc: <[email protected]>
    21-Sep-2005 10:02:59.50 > Message-id: <[email protected]>
    21-Sep-2005 10:02:59.50 > MIME-version: 1.0
    21-Sep-2005 10:02:59.50 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:02:59.50 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:02:59.50 > Content-type: multipart/mixed;     boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:02:59.50 > X-Priority: 3
    21-Sep-2005 10:02:59.50 > X-MSMail-priority: Normal
    21-Sep-2005 10:02:59.54 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1233 SMTP
    21-Sep-2005 10:02:59.80 tcp_scan - O TCP|MTArouter_IP|37666|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:02:59.82 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13816 SMTP
    21-Sep-2005 10:02:59.97 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13816 SMTP
    21-Sep-2005 10:03:03.23 tcp_scan D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37666|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:03:03.23 tcp_scan D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37666|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:03:03.23 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    21-Sep-2005 10:03:03.23 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:03:03.23 > From: hasan <[email protected]>
    21-Sep-2005 10:03:03.23 > Subject: Attachment
    21-Sep-2005 10:03:03.23 > To: nasarullah <[email protected]>
    21-Sep-2005 10:03:03.23 > Cc: [email protected]
    21-Sep-2005 10:03:03.23 > Message-id: <[email protected]>
    21-Sep-2005 10:03:03.23 > MIME-version: 1.0
    21-Sep-2005 10:03:03.23 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:03:03.23 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:03:03.23 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:03:03.23 > X-Priority: 3
    21-Sep-2005 10:03:03.23 > X-MSMail-priority: Normal
    21-Sep-2005 10:03:03.24 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13818 SMTP
    21-Sep-2005 10:03:03.25 tcp_scan - C TCP|MTArouter_IP|37666|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:03:05.84 tcp_noscan tcp_intranet E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:03:05.84 tcp_noscan tcp_intranet E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:03:05.84 > Received:      from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]);     Tue, 20 Sep 2005 02:02:42 +0000
    21-Sep-2005 10:03:05.84 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    21-Sep-2005 10:03:05.84 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:03:05.84 > From: hasan <[email protected]>
    21-Sep-2005 10:03:05.84 > Subject: Attachment
    21-Sep-2005 10:03:05.84 > To: nasarullah <[email protected]>
    21-Sep-2005 10:03:05.84 > Cc: [email protected]
    21-Sep-2005 10:03:05.84 > Message-id: <[email protected]>
    21-Sep-2005 10:03:05.84 > MIME-version: 1.0
    21-Sep-2005 10:03:05.84 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:03:05.84 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:03:05.84 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:03:05.84 > X-Priority: 3
    21-Sep-2005 10:03:05.84 > X-MSMail-priority: Normal
    21-Sep-2005 10:03:05.88 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13818 SMTP
    21-Sep-2005 10:03:06.07 tcp_intranet - O TCP|MTA_IP|37670|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:03:07.02 tcp_intranet D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37670|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:03:07.02 tcp_intranet D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37670|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:03:07.02 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Wed, 21 Sep 2005 10:03:05 +0800 (SGT)
    21-Sep-2005 10:03:07.02 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:42 +0000
    21-Sep-2005 10:03:07.02 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    21-Sep-2005 10:03:07.02 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:03:07.02 > From: hasan <[email protected]>
    21-Sep-2005 10:03:07.02 > Subject: Attachment
    21-Sep-2005 10:03:07.02 > To: nasarullah <[email protected]>
    21-Sep-2005 10:03:07.02 > Cc: [email protected]
    21-Sep-2005 10:03:07.02 > Message-id: <[email protected]>
    21-Sep-2005 10:03:07.02 > MIME-version: 1.0
    21-Sep-2005 10:03:07.02 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:03:07.02 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:03:07.02 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:03:07.02 > X-Priority: 3
    21-Sep-2005 10:03:07.02 > X-MSMail-priority: Normal
    21-Sep-2005 10:03:07.03 tcp_intranet - C TCP|MTA_IP|37670|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    On Store
    =========
    20-Sep-2005 10:00:50.29 tcp_local + O TCP|STORE_IP|25|MTA_IP|37670 SMTP
    20-Sep-2005 10:00:51.23 tcp_local ims-ms E 493 [email protected] rfc822;[email protected] nasarullah%alpha.com@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:00:51.23 tcp_local ims-ms E 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:00:51.23 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Wed, 21 Sep 2005 10:03:05 +0800 (SGT)
    20-Sep-2005 10:00:51.23 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:42 +0000
    20-Sep-2005 10:00:51.23 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    20-Sep-2005 10:00:51.23 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    20-Sep-2005 10:00:51.23 > From: hasan <[email protected]>
    20-Sep-2005 10:00:51.23 > Subject: Attachment
    20-Sep-2005 10:00:51.23 > To: nasarullah <[email protected]>
    20-Sep-2005 10:00:51.23 > Cc: [email protected]
    20-Sep-2005 10:00:51.23 > Message-id: <[email protected]>
    20-Sep-2005 10:00:51.23 > MIME-version: 1.0
    20-Sep-2005 10:00:51.23 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    20-Sep-2005 10:00:51.23 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    20-Sep-2005 10:00:51.23 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    20-Sep-2005 10:00:51.23 > X-Priority: 3
    20-Sep-2005 10:00:51.23 > X-MSMail-priority: Normal
    20-Sep-2005 10:00:51.24 tcp_local + C TCP|STORE_IP|25|MTA_IP|37670 SMTP
    20-Sep-2005 10:00:51.42 ims-ms D 493 [email protected] rfc822;[email protected] nasarullah%alpha.com@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:00:51.42 ims-ms D 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:00:51.42 > Return-path: <[email protected]>
    20-Sep-2005 10:00:51.42 > Received: from pxmta (pxmta [MTA_IP]) by mailserver.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Tue, 20 Sep 2005 10:00:50 +0800 (SGT)
    20-Sep-2005 10:00:51.42 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Wed, 21 Sep 2005 10:03:05 +0800 (SGT)
    20-Sep-2005 10:00:51.42 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:42 +0000
    20-Sep-2005 10:00:51.42 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    20-Sep-2005 10:00:51.42 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    20-Sep-2005 10:00:51.42 > From: hasan <[email protected]>
    20-Sep-2005 10:00:51.42 > Subject: Attachment
    20-Sep-2005 10:00:51.42 > To: nasarullah <[email protected]>
    20-Sep-2005 10:00:51.42 > Cc: [email protected]
    20-Sep-2005 10:00:51.42 > Message-id: <[email protected]>
    20-Sep-2005 10:00:51.42 > MIME-version: 1.0
    20-Sep-2005 10:00:51.42 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    20-Sep-2005 10:00:51.42 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    20-Sep-2005 10:00:51.42 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    20-Sep-2005 10:00:51.42 > X-Priority: 3
    20-Sep-2005 10:00:51.42 > X-MSMail-priority: Normal
    ========================================================
    Mail from USER [email protected] -> [email protected]
    ========================================================
    ON MTA
    ========
    21-Sep-2005 10:03:08.68 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1237 SMTP
    21-Sep-2005 10:03:08.91 tcp_auth tcp_scan EA 2 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/017/ZZ0IN50010E9P8VL.00 <[email protected]> *[email protected] rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:03:08.92 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1237 SMTP
    21-Sep-2005 10:03:08.92 tcp_scan - O TCP|MTArouter_IP|37673|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:03:08.94 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13819 SMTP
    21-Sep-2005 10:03:09.07 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13819 SMTP
    21-Sep-2005 10:03:09.21 tcp_scan D 2 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/017/ZZ0IN50010E9P8VL.00 <[email protected]> *[email protected] [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37673|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:03:09.21 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    21-Sep-2005 10:03:09.23 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13820 SMTP
    21-Sep-2005 10:03:09.23 tcp_scan - C TCP|MTArouter_IP|37673|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:03:09.33 tcp_noscan tcp_intranet E 3 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/008/ZZ0IN50010J9P9VL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:03:09.33 > Received:      from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]);     Tue, 20 Sep 2005 02:02:51 +0000
    21-Sep-2005 10:03:09.33 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    21-Sep-2005 10:03:09.34 tcp_intranet - O TCP|MTA_IP|37675|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:03:09.37 tcp_intranet D 3 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/008/ZZ0IN50010J9P9VL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37675|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:03:09.37 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:09 +0800 (SGT)
    21-Sep-2005 10:03:09.37 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:51 +0000
    21-Sep-2005 10:03:09.37 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    21-Sep-2005 10:03:09.37 tcp_intranet - C TCP|MTA_IP|37675|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:03:09.47 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13820 SMTP
    On Store
    ===========
    20-Sep-2005 10:00:53.56 tcp_local + O TCP|STORE_IP|25|MTA_IP|37675 SMTP
    20-Sep-2005 10:00:53.58 tcp_local ims-ms E 3 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/013/ZZ0IN30070CEXHHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:00:53.58 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:09 +0800 (SGT)
    20-Sep-2005 10:00:53.58 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:51 +0000
    20-Sep-2005 10:00:53.58 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    20-Sep-2005 10:00:53.58 tcp_local + C TCP|STORE_IP|25|MTA_IP|37675 SMTP
    20-Sep-2005 10:00:53.60 ims-ms D 3 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/013/ZZ0IN30070CEXHHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:00:53.60 > Return-path: <[email protected]>
    20-Sep-2005 10:00:53.60 > Received: from pxmta (pxmta [MTA_IP]) by mailserver.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected]; Tue, 20 Sep 2005 10:00:53 +0800 (SGT)
    20-Sep-2005 10:00:53.60 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:09 +0800 (SGT)
    20-Sep-2005 10:00:53.60 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:51 +0000
    20-Sep-2005 10:00:53.60 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    ========================================================
    Mail from USER [email protected] --> [email protected]
    ========================================================
    On MTA
    =======
    21-Sep-2005 10:11:33.97 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1312 SMTP
    21-Sep-2005 10:11:36.36 tcp_local tcp_scan E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/019/ZZ0IN50010OA3CVL.01 <[email protected]> mailsrv RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:11:36.36 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:36.36 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1312 SMTP
    21-Sep-2005 10:11:36.51 tcp_scan - O TCP|MTArouter_IP|37702|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:11:36.54 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13919 SMTP
    21-Sep-2005 10:11:36.81 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13919 SMTP
    21-Sep-2005 10:11:39.41 tcp_scan D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/019/ZZ0IN50010OA3CVL.01 <[email protected]> mailsrv [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37702|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:11:39.41 > Received: from RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    21-Sep-2005 10:11:39.41 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:39.42 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13920 SMTP
    21-Sep-2005 10:11:39.44 tcp_scan - C TCP|MTArouter_IP|37702|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:11:41.96 tcp_noscan tcp_intranet E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/015/ZZ0IN50010UA3HVL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:11:41.96 > Received:      from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]);     Tue, 20 Sep 2005 02:11:19 +0000
    21-Sep-2005 10:11:41.96 > Received: from RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    21-Sep-2005 10:11:41.96 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:41.99 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13920 SMTP
    21-Sep-2005 10:11:42.13 tcp_intranet - O TCP|MTA_IP|37709|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:11:42.59 tcp_intranet D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/015/ZZ0IN50010UA3HVL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37709|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:11:42.59 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:41 +0800 (SGT)
    21-Sep-2005 10:11:42.59 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:11:19 +0000
    21-Sep-2005 10:11:42.59 > Received: from RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    21-Sep-2005 10:11:42.59 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:42.59 tcp_intranet - C TCP|MTA_IP|37709|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    On Store
    ==========
    20-Sep-2005 10:09:26.34 tcp_local + O TCP|STORE_IP|25|MTA_IP|37709 SMTP
    20-Sep-2005 10:09:26.79 tcp_local ims-ms E 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/003/ZZ0IN30070GFBQHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:09:26.79 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:41 +0800 (SGT)
    20-Sep-2005 10:09:26.79 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:11:19 +0000
    20-Sep-2005 10:09:26.79 > Received: from RGANDHI.test.com (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    20-Sep-2005 10:09:26.79 > Received: from rgandhi ([10.25.105.77]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    20-Sep-2005 10:09:26.80 tcp_local + C TCP|STORE_IP|25|MTA_IP|37709 SMTP
    20-Sep-2005 10:09:27.17 ims-ms D 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/003/ZZ0IN30070GFBQHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:09:27.17 > Return-path: <[email protected]>
    20-Sep-2005 10:09:27.17 > Received: from pxmta (pxmta [MTA_IP]) by mailserver.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected]; Tue, 20 Sep 2005 10:09:26 +0800 (SGT)
    20-Sep-2005 10:09:27.17 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:41 +0800 (SGT)
    20-Sep-2005 10:09:27.17 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:11:19 +0000
    20-Sep-2005 10:09:27.17 > Received: from RGANDHI.test.com (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    20-Sep-2005 10:09:27.17 > Received: from rgandhi ([10.25.105.77]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    ========================================================
    Mail from USER [email protected] --> [email protected]
    ========================================================
    On MTA
    =======
    21-Sep-2005 10:12:48.69 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1326 SMTP
    21-Sep-2005 10:12:48.74 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1326 SMTP
    21-Sep-2005 10:12:53.89 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1327 SMTP
    21-Sep-2005 10:12:53.95 tcp_auth tcp_scan EA 3 [email protected] rfc822;[email protected] [email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/013/ZZ0IN50010ZA5HVL.01 <[email protected]> *[email protected] rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:12:53.95 tcp_scan - O TCP|MTArouter_IP|37718|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:12:53.96 tcp_auth tcp_scan EA 3 [email protected] rfc822;[email protected] [email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/015/ZZ0IN500110A5HVL.00 <[email protected]> *[email protected] rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:12:53.96 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1327 SMTP
    21-Sep-2005 10:12:53.97 tcp_scan - O TCP|MTArouter_IP|37719|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:12:53.97 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13930 SMTP
    21-Sep-2005 10:12:54.01 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13931 SMTP
    21-Sep-2005 10:12:54.16 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13930 SMTP
    21-Sep-2005 10:12:54.64 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13931 SMTP
    21-Sep-2005 10:12:54.64 tcp_scan D 3 [email protected] rfc822;[email protected] maile

    These are the logs
    External Users/Domains: [email protected], [email protected]
    Internal Users/Domains: [email protected], [email protected], [email protected]
    These are hosted on iplanet...
    Alternate Conversion channel approach is used as per Chad's PDF
    ----AVBOX------------------MTA---------------EXTMAILSVR
    ............................................|
    ............................................|
    ........................................Store/Dir Server
    ==============================================
    Mail from USER hasan -> preetam & nasarullah
    ==============================================
    ON MTA
    ========
    21-Sep-2005 10:02:51.24 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1233 SMTP
    21-Sep-2005 10:02:59.50 tcp_local tcp_scan E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:02:59.50 tcp_local tcp_scan E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:02:59.50 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:02:59.50 > From: "hasan" <[email protected]>
    21-Sep-2005 10:02:59.50 > Subject: Attachment
    21-Sep-2005 10:02:59.50 > To: "nasarullah" <[email protected]>
    21-Sep-2005 10:02:59.50 > Cc: <[email protected]>
    21-Sep-2005 10:02:59.50 > Message-id: <[email protected]>
    21-Sep-2005 10:02:59.50 > MIME-version: 1.0
    21-Sep-2005 10:02:59.50 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:02:59.50 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:02:59.50 > Content-type: multipart/mixed;     boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:02:59.50 > X-Priority: 3
    21-Sep-2005 10:02:59.50 > X-MSMail-priority: Normal
    21-Sep-2005 10:02:59.54 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1233 SMTP
    21-Sep-2005 10:02:59.80 tcp_scan - O TCP|MTArouter_IP|37666|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:02:59.82 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13816 SMTP
    21-Sep-2005 10:02:59.97 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13816 SMTP
    21-Sep-2005 10:03:03.23 tcp_scan D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37666|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:03:03.23 tcp_scan D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/004/ZZ0IN5001059OZVL.00 <[email protected]> mailsrv [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37666|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:03:03.23 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    21-Sep-2005 10:03:03.23 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:03:03.23 > From: hasan <[email protected]>
    21-Sep-2005 10:03:03.23 > Subject: Attachment
    21-Sep-2005 10:03:03.23 > To: nasarullah <[email protected]>
    21-Sep-2005 10:03:03.23 > Cc: [email protected]
    21-Sep-2005 10:03:03.23 > Message-id: <[email protected]>
    21-Sep-2005 10:03:03.23 > MIME-version: 1.0
    21-Sep-2005 10:03:03.23 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:03:03.23 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:03:03.23 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:03:03.23 > X-Priority: 3
    21-Sep-2005 10:03:03.23 > X-MSMail-priority: Normal
    21-Sep-2005 10:03:03.24 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13818 SMTP
    21-Sep-2005 10:03:03.25 tcp_scan - C TCP|MTArouter_IP|37666|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:03:05.84 tcp_noscan tcp_intranet E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:03:05.84 tcp_noscan tcp_intranet E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:03:05.84 > Received:      from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]);     Tue, 20 Sep 2005 02:02:42 +0000
    21-Sep-2005 10:03:05.84 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    21-Sep-2005 10:03:05.84 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:03:05.84 > From: hasan <[email protected]>
    21-Sep-2005 10:03:05.84 > Subject: Attachment
    21-Sep-2005 10:03:05.84 > To: nasarullah <[email protected]>
    21-Sep-2005 10:03:05.84 > Cc: [email protected]
    21-Sep-2005 10:03:05.84 > Message-id: <[email protected]>
    21-Sep-2005 10:03:05.84 > MIME-version: 1.0
    21-Sep-2005 10:03:05.84 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:03:05.84 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:03:05.84 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:03:05.84 > X-Priority: 3
    21-Sep-2005 10:03:05.84 > X-MSMail-priority: Normal
    21-Sep-2005 10:03:05.88 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13818 SMTP
    21-Sep-2005 10:03:06.07 tcp_intranet - O TCP|MTA_IP|37670|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:03:07.02 tcp_intranet D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37670|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:03:07.02 tcp_intranet D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/004/ZZ0IN50010B9P5VL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37670|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:03:07.02 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Wed, 21 Sep 2005 10:03:05 +0800 (SGT)
    21-Sep-2005 10:03:07.02 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:42 +0000
    21-Sep-2005 10:03:07.02 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    21-Sep-2005 10:03:07.02 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    21-Sep-2005 10:03:07.02 > From: hasan <[email protected]>
    21-Sep-2005 10:03:07.02 > Subject: Attachment
    21-Sep-2005 10:03:07.02 > To: nasarullah <[email protected]>
    21-Sep-2005 10:03:07.02 > Cc: [email protected]
    21-Sep-2005 10:03:07.02 > Message-id: <[email protected]>
    21-Sep-2005 10:03:07.02 > MIME-version: 1.0
    21-Sep-2005 10:03:07.02 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    21-Sep-2005 10:03:07.02 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    21-Sep-2005 10:03:07.02 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    21-Sep-2005 10:03:07.02 > X-Priority: 3
    21-Sep-2005 10:03:07.02 > X-MSMail-priority: Normal
    21-Sep-2005 10:03:07.03 tcp_intranet - C TCP|MTA_IP|37670|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    On Store
    =========
    20-Sep-2005 10:00:50.29 tcp_local + O TCP|STORE_IP|25|MTA_IP|37670 SMTP
    20-Sep-2005 10:00:51.23 tcp_local ims-ms E 493 [email protected] rfc822;[email protected] nasarullah%alpha.com@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:00:51.23 tcp_local ims-ms E 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:00:51.23 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Wed, 21 Sep 2005 10:03:05 +0800 (SGT)
    20-Sep-2005 10:00:51.23 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:42 +0000
    20-Sep-2005 10:00:51.23 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    20-Sep-2005 10:00:51.23 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    20-Sep-2005 10:00:51.23 > From: hasan <[email protected]>
    20-Sep-2005 10:00:51.23 > Subject: Attachment
    20-Sep-2005 10:00:51.23 > To: nasarullah <[email protected]>
    20-Sep-2005 10:00:51.23 > Cc: [email protected]
    20-Sep-2005 10:00:51.23 > Message-id: <[email protected]>
    20-Sep-2005 10:00:51.23 > MIME-version: 1.0
    20-Sep-2005 10:00:51.23 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    20-Sep-2005 10:00:51.23 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    20-Sep-2005 10:00:51.23 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    20-Sep-2005 10:00:51.23 > X-Priority: 3
    20-Sep-2005 10:00:51.23 > X-MSMail-priority: Normal
    20-Sep-2005 10:00:51.24 tcp_local + C TCP|STORE_IP|25|MTA_IP|37670 SMTP
    20-Sep-2005 10:00:51.42 ims-ms D 493 [email protected] rfc822;[email protected] nasarullah%alpha.com@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:00:51.42 ims-ms D 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/000/ZZ0IN300709EXEHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:00:51.42 > Return-path: <[email protected]>
    20-Sep-2005 10:00:51.42 > Received: from pxmta (pxmta [MTA_IP]) by mailserver.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Tue, 20 Sep 2005 10:00:50 +0800 (SGT)
    20-Sep-2005 10:00:51.42 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]>; Wed, 21 Sep 2005 10:03:05 +0800 (SGT)
    20-Sep-2005 10:00:51.42 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:42 +0000
    20-Sep-2005 10:00:51.42 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with SMTP id <[email protected]>; Wed, 21 Sep 2005 10:02:59 +0800 (SGT)
    20-Sep-2005 10:00:51.42 > Date: Tue, 20 Sep 2005 10:02:51 +0800
    20-Sep-2005 10:00:51.42 > From: hasan <[email protected]>
    20-Sep-2005 10:00:51.42 > Subject: Attachment
    20-Sep-2005 10:00:51.42 > To: nasarullah <[email protected]>
    20-Sep-2005 10:00:51.42 > Cc: [email protected]
    20-Sep-2005 10:00:51.42 > Message-id: <[email protected]>
    20-Sep-2005 10:00:51.42 > MIME-version: 1.0
    20-Sep-2005 10:00:51.42 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    20-Sep-2005 10:00:51.42 > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    20-Sep-2005 10:00:51.42 > Content-type: multipart/mixed; boundary="----=_NextPart_000_0021_01C5BDCA.76179E70"
    20-Sep-2005 10:00:51.42 > X-Priority: 3
    20-Sep-2005 10:00:51.42 > X-MSMail-priority: Normal
    ========================================================
    Mail from USER [email protected] -> [email protected]
    ========================================================
    ON MTA
    ========
    21-Sep-2005 10:03:08.68 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1237 SMTP
    21-Sep-2005 10:03:08.91 tcp_auth tcp_scan EA 2 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/017/ZZ0IN50010E9P8VL.00 <[email protected]> *[email protected] rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:03:08.92 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1237 SMTP
    21-Sep-2005 10:03:08.92 tcp_scan - O TCP|MTArouter_IP|37673|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:03:08.94 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13819 SMTP
    21-Sep-2005 10:03:09.07 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13819 SMTP
    21-Sep-2005 10:03:09.21 tcp_scan D 2 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/017/ZZ0IN50010E9P8VL.00 <[email protected]> *[email protected] [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37673|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:03:09.21 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    21-Sep-2005 10:03:09.23 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13820 SMTP
    21-Sep-2005 10:03:09.23 tcp_scan - C TCP|MTArouter_IP|37673|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:03:09.33 tcp_noscan tcp_intranet E 3 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/008/ZZ0IN50010J9P9VL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:03:09.33 > Received:      from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]);     Tue, 20 Sep 2005 02:02:51 +0000
    21-Sep-2005 10:03:09.33 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    21-Sep-2005 10:03:09.34 tcp_intranet - O TCP|MTA_IP|37675|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:03:09.37 tcp_intranet D 3 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/008/ZZ0IN50010J9P9VL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37675|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:03:09.37 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:09 +0800 (SGT)
    21-Sep-2005 10:03:09.37 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:51 +0000
    21-Sep-2005 10:03:09.37 > Received: from rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    21-Sep-2005 10:03:09.37 tcp_intranet - C TCP|MTA_IP|37675|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:03:09.47 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13820 SMTP
    On Store
    ===========
    20-Sep-2005 10:00:53.56 tcp_local + O TCP|STORE_IP|25|MTA_IP|37675 SMTP
    20-Sep-2005 10:00:53.58 tcp_local ims-ms E 3 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/013/ZZ0IN30070CEXHHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:00:53.58 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:09 +0800 (SGT)
    20-Sep-2005 10:00:53.58 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:51 +0000
    20-Sep-2005 10:00:53.58 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    20-Sep-2005 10:00:53.58 tcp_local + C TCP|STORE_IP|25|MTA_IP|37675 SMTP
    20-Sep-2005 10:00:53.60 ims-ms D 3 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/013/ZZ0IN30070CEXHHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:00:53.60 > Return-path: <[email protected]>
    20-Sep-2005 10:00:53.60 > Received: from pxmta (pxmta [MTA_IP]) by mailserver.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected]; Tue, 20 Sep 2005 10:00:53 +0800 (SGT)
    20-Sep-2005 10:00:53.60 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:09 +0800 (SGT)
    20-Sep-2005 10:00:53.60 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:02:51 +0000
    20-Sep-2005 10:00:53.60 > Received: from rgandhi (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTPA id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:03:08 +0800 (SGT)
    ========================================================
    Mail from USER [email protected] --> [email protected]
    ========================================================
    On MTA
    =======
    21-Sep-2005 10:11:33.97 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1312 SMTP
    21-Sep-2005 10:11:36.36 tcp_local tcp_scan E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/019/ZZ0IN50010OA3CVL.01 <[email protected]> mailsrv RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:11:36.36 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:36.36 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1312 SMTP
    21-Sep-2005 10:11:36.51 tcp_scan - O TCP|MTArouter_IP|37702|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:11:36.54 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13919 SMTP
    21-Sep-2005 10:11:36.81 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13919 SMTP
    21-Sep-2005 10:11:39.41 tcp_scan D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/019/ZZ0IN50010OA3CVL.01 <[email protected]> mailsrv [AVscanner_IP] dns;[AVscanner_IP] (TCP|MTArouter_IP|37702|AVscanner_IP|10024) (pxmta -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 [email protected] and options OK.
    21-Sep-2005 10:11:39.41 > Received: from RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    21-Sep-2005 10:11:39.41 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:39.42 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13920 SMTP
    21-Sep-2005 10:11:39.44 tcp_scan - C TCP|MTArouter_IP|37702|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:11:41.96 tcp_noscan tcp_intranet E 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/015/ZZ0IN50010UA3HVL.00 <[email protected]> mailsrv logserver (logserver [AVscanner_IP])
    21-Sep-2005 10:11:41.96 > Received:      from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]);     Tue, 20 Sep 2005 02:11:19 +0000
    21-Sep-2005 10:11:41.96 > Received: from RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    21-Sep-2005 10:11:41.96 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:41.99 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13920 SMTP
    21-Sep-2005 10:11:42.13 tcp_intranet - O TCP|MTA_IP|37709|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    21-Sep-2005 10:11:42.59 tcp_intranet D 492 [email protected] rfc822;[email protected] @mailserver.mail.com:[email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_intranet/015/ZZ0IN50010UA3HVL.00 <[email protected]> mailsrv mailserver.mail.com dns;mailserver.mail.com (TCP|MTA_IP|37709|STORE_IP|25) (mailserver -- Server ESMTP [iPlanet Messaging Server 5.2 HotFix 2.07 [built Jun 24 2005]]) smtp;250 2.1.5 @mailserver.mail.com:[email protected] and options OK.
    21-Sep-2005 10:11:42.59 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:41 +0800 (SGT)
    21-Sep-2005 10:11:42.59 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:11:19 +0000
    21-Sep-2005 10:11:42.59 > Received: from RGANDHI.test.com (Clt_extMailserver [Clt_extMailserver_DNS_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    21-Sep-2005 10:11:42.59 > Received: from rgandhi ([Clt_extMailserver_DNS_IP]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    21-Sep-2005 10:11:42.59 tcp_intranet - C TCP|MTA_IP|37709|STORE_IP|25 SMTP/mailserver.mail.com/mailserver.mail.com
    On Store
    ==========
    20-Sep-2005 10:09:26.34 tcp_local + O TCP|STORE_IP|25|MTA_IP|37709 SMTP
    20-Sep-2005 10:09:26.79 tcp_local ims-ms E 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/003/ZZ0IN30070GFBQHR.00 <[email protected]> mailsrv pxmta (pxmta [MTA_IP])
    20-Sep-2005 10:09:26.79 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:41 +0800 (SGT)
    20-Sep-2005 10:09:26.79 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:11:19 +0000
    20-Sep-2005 10:09:26.79 > Received: from RGANDHI.test.com (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    20-Sep-2005 10:09:26.79 > Received: from rgandhi ([10.25.105.77]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    20-Sep-2005 10:09:26.80 tcp_local + C TCP|STORE_IP|25|MTA_IP|37709 SMTP
    20-Sep-2005 10:09:27.17 ims-ms D 493 [email protected] rfc822;[email protected] preetam%beta.sg@ims-ms-daemon /iplanet/iMS52/msg-mailserver/imta/queue/ims-ms/003/ZZ0IN30070GFBQHR.00 <[email protected]> mailsrv
    20-Sep-2005 10:09:27.17 > Return-path: <[email protected]>
    20-Sep-2005 10:09:27.17 > Received: from pxmta (pxmta [MTA_IP]) by mailserver.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected]; Tue, 20 Sep 2005 10:09:26 +0800 (SGT)
    20-Sep-2005 10:09:27.17 > Received: from logserver (logserver [AVscanner_IP]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:41 +0800 (SGT)
    20-Sep-2005 10:09:27.17 > Received: from pxmta (pxmta-out [])     by logserver-lan ([AVscanner_IP]); Tue, 20 Sep 2005 02:11:19 +0000
    20-Sep-2005 10:09:27.17 > Received: from RGANDHI.test.com (rgandhi.sgp.tsi [10.25.105.77]) by pxmta.mail.com (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <[email protected]> for [email protected] (ORCPT [email protected]); Wed, 21 Sep 2005 10:11:36 +0800 (SGT)
    20-Sep-2005 10:09:27.17 > Received: from rgandhi ([10.25.105.77]) by test.com with MailEnable ESMTP; Tue, 20 Sep 2005 10:11:32 +0800
    ========================================================
    Mail from USER [email protected] --> [email protected]
    ========================================================
    On MTA
    =======
    21-Sep-2005 10:12:48.69 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1326 SMTP
    21-Sep-2005 10:12:48.74 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1326 SMTP
    21-Sep-2005 10:12:53.89 tcp_local + O TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1327 SMTP
    21-Sep-2005 10:12:53.95 tcp_auth tcp_scan EA 3 [email protected] rfc822;[email protected] [email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/013/ZZ0IN50010ZA5HVL.01 <[email protected]> *[email protected] rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:12:53.95 tcp_scan - O TCP|MTArouter_IP|37718|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:12:53.96 tcp_auth tcp_scan EA 3 [email protected] rfc822;[email protected] [email protected] /iplanet/iMS52/msg-pxmta/imta/queue/tcp_scan/015/ZZ0IN500110A5HVL.00 <[email protected]> *[email protected] rgandhi (Clt_extMailserver [Clt_extMailserver_DNS_IP])
    21-Sep-2005 10:12:53.96 tcp_local + C TCP|MTArouter_IP|25|Clt_extMailserver_DNS_IP|1327 SMTP
    21-Sep-2005 10:12:53.97 tcp_scan - O TCP|MTArouter_IP|37719|AVscanner_IP|10024 SMTP/[AVscanner_IP]/[AVscanner_IP]
    21-Sep-2005 10:12:53.97 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13930 SMTP
    21-Sep-2005 10:12:54.01 tcp_local + O TCP|MTArouter_IP|25|AVscanner_IP|13931 SMTP
    21-Sep-2005 10:12:54.16 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13930 SMTP
    21-Sep-2005 10:12:54.64 tcp_local + C TCP|MTArouter_IP|25|AVscanner_IP|13931 SMTP
    21-Sep-2005 10:12:54.64 tcp_scan D 3 [email protected] rfc822;[email protected] maile

Maybe you are looking for