Whenever I have to resort to parsing SMTP protocol logs I am reminded of how inefficient MS made the logging.  There are no conversation/queue/message IDs logged for each line.  So if there are five connections happening at once there is no obvious distinction between each connection.  You have the commands and responses of all them intertwined with one another, forcing you to narrow down the exact time a message is sent/received and then look through each line deducing which ones are for the message you are interested in.  Ugh.

The UNIX guys here like to give me grief about it because their Postfix logs contain the conversation/message ID on each line.  So they just do a quick grep for it and get each line that applies only to the message in question.  Figures.