- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How Can I track emails coming in to Sonicwall Email Security?
03/26/2020 
1,013 People found this article helpful
31,451 Views
Description
How Can I track emails coming in to Sonicwall Email Security?
Resolution
How Can I track emails coming in to Sonicwall Email Security?
Tracking emails.
You can trace a particular email and find out if it ever hit the sonicwall device and or it was rejected, deleted, Junked or bounced.
Any email that hits the Email security device irrespective of being rejected, deleted, bounced, junked, gets recorded in a log file called “Mfe”
Please follow the following steps to get to the log:
Login into the device as “admin”
Go to Manage | System Setup | Server | Advanced |download system/Log files: Logs: Mfe (select from the drop down as shown below)
It will display logs with dates on it as the file name.
Select the date which you want to track emails for and do a search on the email.
You can search using the sender’s or recipients email address or subject of the email.
The log entries would show the message location, Message threat, Sender’s IP, date and time sent to, along with other information.
To view it in readable format, open the log file in MS excel.
Message Location category:
ju= Junk box
rj = rejected
dv = delivered
qu = queued
bo = bounced
Message Threat Category:
ddha = Definate directory harvest attack
dspm= Definate Spam
lspm = Likely Spam
dvir = Definate Virus
lvir = Likely Virus
dphi= Definate Phishing
lphi = Likely Phishing
good = good email (no Threat)
Plyt = Policy Threat
Example of 1 email’s Mfe log entry:
5 px i ju dspm 192.168.6.110_ ---- -------------- --------------- ----- ---- -------p---- ------------ 200911160004590086296 testmail@sonicwall.com - testaccount@test.com testaccount@test.com "John Smith" Your credit balance is over its limit 3289 emailsecurity 192.168.1.10 25 collab - - rules:rules:Score=-31.26 518d52eee664842c en_US <000d01ca6655$931ac960$6400a8c0@withoj2> 192.168.6.110
Conclusion:
Version= 5
Inbound/outboud = i
Msg/Location= ju
MsgThreat= dspm
GotfromIP = 192.168.6.110
MlfUniqueId = 200911160004590086296
EnvRcptTo = testmail@sonicwall.com
EnvMailFrom = testaccount@test.com
HdrFromAddr = testaccount@test.com
HdrSubject = your credit balance is over its limit
MsgSizeInBytes= 3289
NqMlfHost = emailsecurity
NextHopServer = 192.168.1.10
NextHopPort = 25
Categories = collab
Reason = rules:rules:Score=-31.26
SecuritySecret = 518d52eee664842c
MsgLanguage = en_US (English- US)
Message-ID = <000d01ca6655$931ac960$6400a8c0@withoj2>
FirstTouchIP = 192.168.6.110
Related Articles
- How to enable SNMP on Email Security?
- How do I collect SonicWall product diagnostic information?
- Cannot connect to LDAP Server on port 389, 3268 and 636.
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO