How can I track emails coming in to SonicWall Email Security?

Description

How Can I track emails coming in to Sonicwall Email Security?

Resolution

Tracking emails.

You can trace a particular email and find out if it ever hit the sonicwall device and or it was rejected, deleted, Junked or bounced. Any email that hits the Email security device irrespective of being rejected, deleted, bounced, junked, gets recorded in a log file called “Mfe”

Please follow the following steps to get to the log: 

  • Login into the device as “admin”
  • Go to Manage | System Setup | Server | Advanced |download system/Log files: Logs: Mfe (select from the drop down as shown below) It will display logs with dates on it as the file name.
  • Select the date which you want to track emails for and do a search on the email.
  • You can search using the sender’s or recipients email address or subject of the email.
    Image
  • The log entries would show the message location, Message threat, Sender’s IP, date and time sent to, along with other information.
  • To view it in readable format, open the log file in MS excel.


Message Location category:

ju= Junk box

rj = rejected

dv = delivered

qu = queued

bo = bounced


Message Threat Category:

ddha = Definate directory harvest attack

dspm= Definate Spam

lspm = Likely Spam

dvir = Definate Virus

lvir = Likely Virus

dphi= Definate Phishing

lphi = Likely Phishing

good = good email (no Threat)

Plyt = Policy Threat



Example of 1 email’s Mfe log entry:


5     px    i     ju   dspm   192.168.6.110_    ----  --------------    ---------------   -----    ----  -------p----      ------------      202211160004590086296      testmail@sonicwall.com  -  testaccount@test.com    testaccount@test.com    "John Smith"      Your credit balance is over its limit     3289  emailsecurity     192.168.1.10      25    collab      -     -     rules:rules:Score=-31.26      518d52eee664842c  en_US      <000d01ca6655$931ac960$6400a8c0@withoj2>  192.168.6.110    


Conclusion:

Version= 5

Inbound/outboud = i

Msg/Location= ju

MsgThreat= dspm

GotfromIP = 192.168.6.110

MlfUniqueId = 202211160004590086296

EnvRcptTo = testmail@sonicwall.com

EnvMailFrom = testaccount@test.com

HdrFromAddr = testaccount@test.com

HdrSubject = your credit balance is over its limit

MsgSizeInBytes= 3289

NqMlfHost = emailsecurity

NextHopServer = 192.168.1.10

NextHopPort = 25

Categories = collab

Reason = rules:rules:Score=-31.26

SecuritySecret = 518d52eee664842c

MsgLanguage = en_US (English- US)

Message-ID = <000d01ca6655$931ac960$6400a8c0@withoj2>

FirstTouchIP = 192.168.6.110




Related Articles

  • Invalid SFP Connected warning on SonicWall firewall when using supported 10G SFP+ Module
    Read More
  • How to exclude the domain from DHA scanning?
    Read More
  • Email Security: How to download the Outlook Junk Tool?
    Read More

Categories

Email Security
Email Security Appliance
Email Security
Email Security Software
Email Security
Hosted Email Security
not finding your answers?
Ask the Community