Previous Topic

Next Topic

Book Contents

Book Index

Understanding the SMTP protocol and message headers

To implement Rules properly, you should understand the structure of an emails and how they are transferred via the SMTP protocol.

An email is transferred over the network using the SMTP protocol as a plain text file with a header and body part.

Instead of the term email, we will use the term "message". A "message" is a plain text file which contains an e-mail and all of its attachments and other parts.

Confusion is often caused by the fact that the SMTP sender and recipient can be completely different to the From and To information displayed in an email client.

To understand the difference, look at the IceWarp Server system variables, which are related to messages.






"From:" is taken from the message header, displayed in the recipient client.






"To:" is also taken from the message header.

Both - From and To are taken from the message header and they NEED NOT be the same as the one used in the SMTP protocol during message transmission.





The Sender is the real sender in the SMTP protocol. The "From:" in the message header can be different.





This is the real recipient in the SMTP protocol. The message will be delivered to this recipient regardless of the message's To: header.

An Email client displays the information from the message header, while the delivery of the message is given by the information in the SMTP protocol.


The following is an extract from the SMTP log:

The message delivered from to the - SMTP protocol: [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 Connected [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 220 ESMTP Merak 7.2.4; Wed, 10 Mar 2004 21:41:16 +0100 [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< MAIL [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 250 2.1.0 <>... Sender ok [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< RCPT [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 250 2.1.5 <>... Recipient ok [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< DATA [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 354 Enter mail, end with "." on a line by itself [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 *** <> <> 1 1605 00:00:00 OK [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 250 2.6.0 1605 bytes received in 00:00:00; Message accepted for delivery [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 <<< QUIT [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 >>> 221 2.0.0 closing connection

SYSTEM [000009F8] Wed, 10 Mar 2004 21:41:16 +0100 Disconnected

It shows that the message is from and should be delivered to

The following shows the actual headers of the message

Received: from servcom2.DOMAINE.local ([])

by (Merak 7.2.1) with ESMTP id CRA73883

for <>; Mon, 09 Feb 2004 09:28:40 +0100

Received: from metallography ([]) by servcom2.DOMAINE.local with Microsoft SMTPSVC(5.0.2195.5329);

Mon, 9 Feb 2004 09:30:12 +0100

From: "Sazedur Cerezo"<lgoclgoc@YAHOO.COM>


Subject: lgoc: H*G*H-Lo0k Younger Whl1e L0slnq We19ht

Mime-Version: 1.0

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: 7bit

Return-Path: lgoclgoc@YAHOO.COM

Message-ID: <SERVCOM2QFgkASNplKc000165d3@servcom2.DOMAINE.local>

X-OriginalArrivalTime: 09 Feb 2004 08:30:15.0039 (UTC) FILETIME=[F10A78F0:01C3EEE6]

Date: 9 Feb 2004 09:30:15 +0100

This shows that the headers say that the message is from "Sazedur Cerezo" and is sent to

This is the information that is displayed in the email client:

From & To used in the Content Filter Condition correspond to the From: and To: of the HEADER of the message, while the Sender & Recipient are taken from SMTP protocol.

See Also

Content Filters

Adding a new Filter

Editing a filter

Deleting a filter

Exporting filters

Importing filters

Bypassing filters