-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How can I track emails coming in to SonicWall Email Security?
08/22/2022 
1,016 People found this article helpful
485,707 Views
Description
How Can I track emails coming in to Sonicwall Email Security?
Resolution
Tracking emails.
You can trace a particular email and find out if it ever hit the sonicwall device and or it was rejected, deleted, Junked or bounced. Any email that hits the Email security device irrespective of being rejected, deleted, bounced, junked, gets recorded in a log file called “Mfe”
Please follow the following steps to get to the log:
- Login into the device as “admin”
- Go to Manage | System Setup | Server | Advanced |download system/Log files: Logs: Mfe (select from the drop down as shown below) It will display logs with dates on it as the file name.
- Select the date which you want to track emails for and do a search on the email.
- You can search using the sender’s or recipients email address or subject of the email.
- The log entries would show the message location, Message threat, Sender’s IP, date and time sent to, along with other information.
- To view it in readable format, open the log file in MS excel.
Message Location category:
ju= Junk box
rj = rejected
dv = delivered
qu = queued
bo = bounced
Message Threat Category:
ddha = Definate directory harvest attack
dspm= Definate Spam
lspm = Likely Spam
dvir = Definate Virus
lvir = Likely Virus
dphi= Definate Phishing
lphi = Likely Phishing
good = good email (no Threat)
Plyt = Policy Threat
Example of 1 email’s Mfe log entry:
5 px i ju dspm 192.168.6.110_ ---- -------------- --------------- ----- ---- -------p---- ------------ 202211160004590086296 testmail@sonicwall.com - testaccount@test.com testaccount@test.com "John Smith" Your credit balance is over its limit 3289 emailsecurity 192.168.1.10 25 collab - - rules:rules:Score=-31.26 518d52eee664842c en_US <000d01ca6655$931ac960$6400a8c0@withoj2> 192.168.6.110
Conclusion:
Version= 5
Inbound/outboud = i
Msg/Location= ju
MsgThreat= dspm
GotfromIP = 192.168.6.110
MlfUniqueId = 202211160004590086296
EnvRcptTo = testmail@sonicwall.com
EnvMailFrom = testaccount@test.com
HdrFromAddr = testaccount@test.com
HdrSubject = your credit balance is over its limit
MsgSizeInBytes= 3289
NqMlfHost = emailsecurity
NextHopServer = 192.168.1.10
NextHopPort = 25
Categories = collab
Reason = rules:rules:Score=-31.26
SecuritySecret = 518d52eee664842c
MsgLanguage = en_US (English- US)
Message-ID = <000d01ca6655$931ac960$6400a8c0@withoj2>
FirstTouchIP = 192.168.6.110
Related Articles
- Email Security: Convert a .cer format SSL Certificate to .pem for TLS
- How to set up your MX record after you activated Email Security Hosted Solution
- Email Security: How to troubleshoot NDR's.
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO