- April 13, 2020
- Posted by: administrator
- Category: SonicWall
How Can I track emails coming in to Sonicwall Email Security?
You can trace a particular email and find out if it ever hit the sonicwall device and or it was rejected, deleted, Junked or bounced.
Any email that hits the Email security device irrespective of being rejected, deleted, bounced, junked, gets recorded in a log file called “Mfe”
Please follow the following steps to get to the log:
Login into the device as “admin”
Go to Manage | System Setup | Server | Advanced |download system/Log files: Logs: Mfe (select from the drop down as shown below)
It will display logs with dates on it as the file name.
Select the date which you want to track emails for and do a search on the email.
You can search using the sender’s or recipients email address or subject of the email.
The log entries would show the message location, Message threat, Sender’s IP, date and time sent to, along with other information.
To view it in readable format, open the log file in MS excel.
Message Location category:
- ju= Junk box
- rj = rejected
- dv = delivered
- qu = queued
- bo = bounced
Message Threat Category:
- ddha = Definate directory harvest attack
- dspm= Definate Spam
- lspm = Likely Spam
- dvir = Definate Virus
- lvir = Likely Virus
- dphi= Definate Phishing
- lphi = Likely Phishing
- good = good email (no Threat)
- Plyt = Policy Threat
Example of 1 email’s Mfe log entry:
5 px i ju dspm 192.168.6.110_ —- ————– ————— —– —- ——-p—- ———— 200911160004590086296 firstname.lastname@example.org – email@example.com firstname.lastname@example.org “John Smith” Your credit balance is over its limit 3289 emailsecurity 192.168.1.10 25 collab – – rules:rules:Score=-31.26 518d52eee664842c en_US <000d01ca6655$931ac960$6400a8c0@withoj2> 192.168.6.110
- Version= 5
- Inbound/outboud = i
- Msg/Location= ju
- MsgThreat= dspm
- GotfromIP = 192.168.6.110
- MlfUniqueId = 200911160004590086296
- EnvRcptTo = email@example.com
- EnvMailFrom = firstname.lastname@example.org
- HdrFromAddr = email@example.com
- HdrSubject = your credit balance is over its limit
- MsgSizeInBytes= 3289
- NqMlfHost = emailsecurity
- NextHopServer = 192.168.1.10
- NextHopPort = 25
- Categories = collab
- Reason = rules:rules:Score=-31.26
- SecuritySecret = 518d52eee664842c
- MsgLanguage = en_US (English- US)
- Message-ID = <000d01ca6655$931ac960$6400a8c0@withoj2>
- FirstTouchIP = 192.168.6.110