How do I analyze mail delivery to a domain on the ESA?

Available Languages

Updated:October 14, 2014
Document ID:118505

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to analyze mail delivery to a domain on the SMTP level on the Email Security Appliance (ESA).

How do I analyze mail delivery to a domain on the ESA?

If you want to analyze SMTP traffic towards a domain, whether it be an external or an internal domain, you can set up a Domain Debug Log as explained below. The Domain Debug Log will provide data on SMTP level.

  1. Go to GUI > System Administration > Log Subscriptions and select the Domain Debug Log.
  2. Log Name: any name (there will be a directory created by this name so make it one word ex: example debug).
  3. Domain for which Debug Information will be Recorded: domain you are trying to send emails to ex: example.com.
  4. Number of SMTP sessions to Record for this Domain: You must specify the total number of SMTP sessions to record in the log file. As sessions are recorded, this number decreases. You can stop domain debug before all sessions have been recorded by deleting or editing the log subscription. (example 500 if you don't know when the message will be delivered to the domain in question; or 5 if your testing it right away).
  5. Maximum File Size: You can leave this as default 10 MB since capturing is limited to a short time to recreating the issue. Similarly for "Maximum Number of Files (leave it at 10).

Enable Domain Debug Log in the CLI

  1. Enter the command logconfig > new.
  2. Select "Domain Debug Logs."
  3. Enter a name for this log (i.e., debugging_example).
  4. The same questions noted in the "Note" above will be asked and you can answer them accordingly.

Below is an example of what a Domain Debug Log looks like. The "Injection Debug Log" and"Domain Debug Log" are similar to the mail_logs. You can use the "grep" and "tail" commands on them.

Domain Debug Log Example

Sat Dec 21 02:37:22 2003 Info: 102503993 Sent: 'MAIL FROM:example1@example.com '
Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK'
Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'RCPT TO:example2@example.com '
Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK'
Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'DATA'
Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '354 START MAIL INPUT, END WITH
"." ON A LINE BY ITSELF'
Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '250 OK'
TAC Authored

Contributed by Cisco Engineers

  • Fraidoon Sarwary and Enrico Werner
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products