Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
38-14
Cisco AsyncOS 9.1 for Email User Guide
Chapter 38 Logging
Log Types
Note that the second of the three attachments is Unicode. On terminals that cannot display Unicode,
these attachments are represented in quoted-printable format.
these attachments are represented in quoted-printable format.
Log Entries for Generated or Re-Written Messages
Some functions, such as rewrite/redirect actions (
alt-rcpt-to
filters, anti-spam rcpt rewrite,
bcc()
actions, anti-virus redirections, etc.), create new messages. When looking through the logs, you might
need to check the results and add in further MIDs and possibly DCIDs. Entries such as these are possible:
need to check the results and add in further MIDs and possibly DCIDs. Entries such as these are possible:
or:
An interesting point to note about ‘rewritten’ entries is that they can appear after lines in the log
indicating use of the new MID.
indicating use of the new MID.
Messages Sent to the Spam Quarantine
When you send a message to the quarantine, the mail logs track the movement to and from the quarantine
using the RCID (RPC connection ID) to identify the RPC connection. In the following mail log, a
message is tagged as spam, and sent to the Spam Quarantine:
using the RCID (RPC connection ID) to identify the RPC connection. In the following mail log, a
message is tagged as spam, and sent to the Spam Quarantine:
Tue Jun 1 20:02:16 2004 Info: MID 14 generated based on MID 13 by bcc filter 'nonetest'
Tue Jan 6 15:03:18 2004 Info: MID 2 rewritten to 3 by antispam
Fri May 14 20:44:43 2004 Info: MID 6 rewritten to 7 by alt-rcpt-to-filter filter
'testfilt'
Wed Feb 14 12:11:40 2007 Info: Start MID 2317877 ICID 15726925
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 From: <HLD@chasehf.bfi0.com>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 RID 0 To:
<stevel@healthtrust.org>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 Message-ID
'<W1TH05606E5811BEA0734309D4BAF0.323.14460.pimailer44.DumpShot.2@email.chase.com>'
Wed Feb 14 12:11:40 2007 Info: MID 2317877 Subject 'Envision your dream home - Now make
it a reality'
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ready 15731 bytes from <HLD@chasehf.bfi0.com>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 matched all recipients for per-recipient
policy DEFAULT in the inbound table
Wed Feb 14 12:11:41 2007 Info: MID 2317877 using engine: CASE spam suspect
Wed Feb 14 12:11:41 2007 Info: EUQ: Tagging MID 2317877 for quarantine
Wed Feb 14 12:11:41 2007 Info: MID 2317877 antivirus negative
Wed Feb 14 12:11:41 2007 Info: MID 2317877 queued for delivery