The Email analysis module displays SMTP and POP3 commands that can be helpful in debugging Internet mail problems. The Email analysis module reports on client/server connections by counting the number of mail transfers initiated, the number of successful transfers, and the number of failed transfers. It then delivers this information to Summary Statistics and to the Summary column in the Packets view of any capture window,.

SMTP specifies the exact format of messages a client on one machine uses to transfer mail to a server on another. Communication between a client and a server consists of readable ASCII text.

First, the client establishes a reliable stream connection to the server and then waits for the server to send a 220 READY FOR MAIL message. If the server is overloaded, it may delay sending the 220 message temporarily. Once the 220 message is received by the client, the client sends a HELO command.

The server responds by identifying itself. Once communication has been established, the sender can transmit one or more mail messages, terminate the connection, or request the server to reverse the roles of sender and receiver so messages can flow in the opposite direction. The receiver must acknowledge each message. It can also suspend the entire connection or the current message transfer.

Mail transactions begin with the MAIL command which provides the sender identification as well as a FROM: field that contains the address to which errors should be reported. A recipient prepares its data structures to receive a new mail message and replies to a MAIL command by sending the response 250, which means all is well. The full response consists of the text 250 OK. As with other application protocols, programs read the abbreviated commands and 3-digit numbers at the beginning of lines. The remaining text is intended to help debug mail software.

After a successful MAIL command, the sender issues a series of RCPT commands that identify recipients of the mail message. The receiver must acknowledge each RCPT command by sending 250 OK or by sending the error message 550 No Such User Here.

After all RCPT commands have been acknowledged, the sender issues a DATA command. In essence, a DATA command informs the receiver that the sender is ready to transfer a complete mail message. The receiver responds with message 354 Start Mail Input and specifies the sequence of characters used to terminate the mail message. The termination sequence consists of 5 characters: carriage return, line feed, period, carriage return, and line feed.

Although clients can suspend the delivery completely if an error occurs, most clients do not. Instead, they continue delivery to all valid recipients and then report problems to the sender.

Usually, the client reports errors using email. The error message contains a summary of the error as well as the header of the mail message that caused the problem.

Once the client has finished sending all the mail messages to a particular destination, the client may issue the TURN command to turn the connection around. If it does, the server responds 250 OK and assumes control of the connection. With the roles reversed, the side that was originally the server sends back any waiting mail messages. Whichever side controls the interaction can choose to terminate the session by issuing a QUIT command. The other side responds with command 221, which means it agrees to terminate. Both sides then close the TCP connection.