Understanding the SMTP Protocol and Message Headers
To implement Rules properly, you should understand the structure of an emails and how they are transferred via the SMTP protocol.
An email is transferred over the network using the SMTP protocol as a plain text file with a header and body part.
Instead of the term email, we will use the term "message". A "message" is a plain text file which contains an email and all of its attachments and other parts.
Confusion is often caused by the fact that the SMTP sender and recipient can be completely different to the From and To information displayed in an email client.
To understand the difference, look at the IceWarp Server system variables, which are related to messages.
Note: An Email client displays the information from the message header, while the delivery of the message is given by the information in the SMTP protocol.
Example:
The following is an extract from the SMTP log:
The message delivered from xxx@icewarpdemo.com to the admin@icewarpdemo.com - SMTP protocol:
Note: 127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 Connected
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 220 mail.icewarpdemo.com ESMTP Merak 7.2.4; Wed, 10 Mar 2004 21:41:16 +0100
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< MAIL From:xxx@icewarpdemo.com
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 250 2.1.0 <xxx@icewarpdemo.com>... Sender ok
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< RCPT To:admin@icewarpdemo.com
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 250 2.1.5 <admin@icewarpdemo.com>... Recipient ok
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< DATA
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 354 Enter mail, end with "." on a line by itself
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 *** <xxx@icewarpdemo.com> <admin@icewarpdemo.com> 1 1605 00:00:00 OK
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 250 2.6.0 1605 bytes received in 00:00:00; Message accepted for delivery
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< QUIT
127.0.0.1 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 221 2.0.0 mail.icewarpdemo.com closing connection
SYSTEM [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 Disconnected
It shows that the message is from xxx@icewarpdemo.com and should be delivered to admin@icewarpdemo.com.The following shows the actual headers of the message
Note: Received: from servcom2.DOMAINE.local ([213.223.244.1])
by mail.icewarp.com (Merak 7.2.1) with ESMTP id CRA73883
for <loc@icewarp.com>; Mon, 09 Feb 2004 09:28:40 +0100
Received: from metallography ([219.95.18.216]) by servcom2.DOMAINE.local with Microsoft SMTPSVC(5.0.2195.5329);
Mon, 9 Feb 2004 09:30:12 +0100
From: "Sazedur Cerezo"<locloc@YAHOO.COM>
To: loc@icewarp.com
Subject: loc: H*G*H-Lo0k Younger Whl1e L0slnq We19ht
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Return-Path: locloc@YAHOO.COM
Message-ID: <SERVCOM2QFgkASNplKc000165d3@servcom2.DOMAINE.local>
X-OriginalArrivalTime: 09 Feb 2004 08:30:15.0039 (UTC) FILETIME=[F10A78F0:01C3EEE6]
Date: 9 Feb 2004 09:30:15 +0100
This shows that the headers say that the message is from "Sazedur Cerezo" and is sent to loc@icewarp.com.
This is the information that is displayed in the email client:
Figure. Email client.
From & To used in the Content Filter Condition correspond to the From: and To: of the HEADER of the message, while the Sender & Recipient are taken from SMTP protocol.
