A guide to the Pegasus Mail
TCPlogs subdirectory.

This document is last updated 06-Aug-2016.

General purpose of the session log feature:

Sometimes the communication between Pegasus Mail and your ISP (vv) is interrupted and you cannot find the cause of the error. When this happens Pegasus Mail will display an error message and will show you the last lines of the data transmission. Often that gives an indication where the error might be, but even then you have to dig in deeper to find the exact cause.

That is where session log jumps in. It will give you a full detailed list of all data interchange from the moment you activate the setting.
(Note: A preview of the content of the files is listed at the bottom of this page).

General purpose of the directory:

This directory is created when you first activate the Session log, either on request of the Pegasus Mail Technical Support Team or on your own, just when you want to know whats transmitted between Pegasus Mail and your mail server (at your providers site). It stores the exchanged data in structured files (see below).

How to start the session log:

There are at least three ways to start the session log:

  • -Z 32
    From ancient times the session log was started bij adding -Z 32 to the command line. Under the DOS environment that was easy as everybody knew how to start a program using the DOS command line. This still works for Pegasus Mail, although under WIndows you need to alter the shortcut to the Winpmail.exe file. (Don't think many people want to do this nowadays).

    Another way to alter the command line (and more) is to use the pegasus.ini file. How to do that, just click the link.

  • Tools -> Internet Options -> General
    This more modern way just needs activation of the setting "Create internet session logs (advanced diagnostics use only)". Directly after pressing OK all tcp-ip traffic between Pegasus Mail and your ISP will be recorde in files.

An important note about your password!

As stated above ALL data interchange between Pegasus Mail and your ISP is listed in clear text, that means that even your password is readable in clear text as well. So be very careful either to send out those files or to keep them on your harddisc.
Files can be opend using any editor, like Notepad.

It is advised to delete the files when you no longer need them, or at least remove your password from them.

Now, what files can be found in the directory?

Filename in the TCPlog subdirectory Description
TCP-*-.smtp Files of this type hold the data of a single smtp session. SMTP means sending out an email. The place of the * in the flename will actually be formed by the following data YYMMDD-HHMM-N (see below)
TCP-*.pop Files of this type hold the data of a single pop3 session. POP3 means getting your mail from the server. The place of the * in the flename will actually be formed by the following data YYMMDD-HHMM-N (see below)
YYMMDD-HHMM-N This coding will generate an unique filename, which can easely be sorted by start time.
  • YY, this is the yearindication (2016 becomes 16)
  • MM, the month from 01 to 12
  • DD, the day from 01 till (max) 31
  • HH, the hour in 24 hrs format
  • MM, the minute the file was created
  • N, an index number starting at 0 (for when two sessions start at the same time)

Some general information on the content of those files:

Lines start with a timestamp, followed by a semicollon and a space and either "<<" or ">>" or a remark. Everything after the "<<" or ">>" is actual transmitted data.
Lines with "<<" contain INCOMING data, lines with ">>" contain OUTGOING data.
It goes beyond the scope of this page to explain eaach line, you technical support partner or your own knowledge (supported by Google) will tell you what's going on.

Below is a listing of such a POP file, from which - for obvious reasons - the password has been removed.
21:37:27.750: --- Mon Feb 10 21:37:27 2014 ---
21:37:27.750: Connect to 'mail.vandenbogaerde.net', timeout 30 seconds.
21:37:28.750: >> +OK Dovecot DA ready.
21:37:28.750: << USER jaabogae
21:37:28.859: >> +OK
21:37:28.859: << PASS X-removed-X
21:37:28.968: >> +OK Logged in.
21:37:28.968: << STAT
21:37:28.062: >> +OK 0 0
21:37:28.078: << QUIT
21:37:28.171: >> +OK Logging out.
21:37:28.171: --- Connection closed normally at Mon Feb 10 21:37:28 2014. ---

Below is a listing of such a SMTP file, from which - for obvious reasons - the password has been removed:

21:41:43.760: --- 6 Aug 2014, 21:41:43.760 ---
21:41:43.776: Connect to 'smtp.gmail.com', timeout 30 seconds.
21:41:48.354: [*] SSL/TLS session established
21:41:48.385: [*] ECDHE-RSA-AES128-GCM-SHA256, TLSv1.2, Kx=ECDH, Au=RSA, Enc=AESGCM(128), Mac=AEAD
21:41:48.401: [*] Peer's certificate name is '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com'.
21:41:48.416: >> 220 mx.google.com ESMTP ca8sm4592447wjc.0 - gsmtp
21:41:48.447: << EHLO []
21:41:48.494: >> 250-mx.google.com at your service, []
21:41:48.510: >> 250-SIZE 35882577
21:41:48.526: >> 250-8BITMIME
21:41:48.557: >> 250-ENHANCEDSTATUSCODES
21:41:48.572: >> 250-CHUNKING
21:41:48.588: >> 250 SMTPUTF8
21:41:48.619: << AUTH LOGIN
21:41:48.666: >> 334 x-removed-x
21:41:48.682: << x-removed-x
21:41:48.729: >> 334 x-removed-x
21:41:48.744: << x-removed-x
21:41:49.166: >> 235 2.7.0 Accepted
21:41:49.182: << MAIL FROM: SIZE=677
21:41:49.229: >> 250 2.1.0 OK ca8sm4592447wjc.0 - gsmtp
21:41:49.260: << RCPT TO:
21:41:49.307: >> 250 2.1.5 OK ca8sm4592447wjc.0 - gsmtp
21:41:49.322: << DATA
21:41:49.776: >> 354  Go ahead ca8sm4592447wjc.0 - gsmtp
21:41:49.791: << From: jaabogae@gmail.com
21:41:49.807: << To: han@vandenbogaerde.net
21:41:49.822: << Date: Wed, 06 Aug 2014 21:41:43 +0200
21:41:49.838: << MIME-Version: 1.0
21:41:49.854: << Subject: round trip for gmail accoutnt
21:41:49.869: << Reply-to: Han van den Bogaerde 
21:41:49.885: << Message-ID: <53E284F7.15804.A7EBF9@jaabogae.gmail.com>
21:41:49.901: << X-Confirm-Reading-To: Han van den Bogaerde 
21:41:49.916: << X-pmrqc: 1
21:41:49.932: << Priority: normal
21:41:49.947: << X-mailer: Pegasus Mail for Windows (4.70)
21:41:49.963: << Content-type: text/plain; charset=US-ASCII
21:41:49.994: << Content-transfer-encoding: 7BIT
21:41:50.010: << Content-description: Mail message body
21:41:50.026: << 
21:41:50.041: << -- 
21:41:50.057: << Han van den Bogaerde,
21:41:50.135: << 
21:41:50.151: << .
21:41:50.791: >> 250 2.0.0 OK 1407354110 X-removed-x - gsmtp
21:41:50.822: << QUIT
21:41:50.885: >> 221 2.0.0 closing connection ca8sm4592447wjc.0 - gsmtp
21:41:50.916: [!] Warning: SSL connection improperly closed by remote host.
21:41:50.963: --- Connection closed normally at 6 Aug 2014, 21:41:50.963. ---

If you have more information that should be placed on this page, please feel free to contact me by e-mail and I will make that information available.
Back to Han's Linkpage