Email Security - mail_logs Tidbit

In this tidbit I want to cover different identifiers you will see when tailing the mail_logs in the event of troubleshooting. The ESA mail_logs are arguably the most important in terms of troubleshooting handling & processing. The mail_logs record information regarding operations of the email system. These operations can include message delivery/receiving, delivery attempts, open/closed connections, & TLS related events.

Viewing mail_logs from ESA CLI: > tail mail_logs

Viewing mail_logs from ESA GUI: System Administration->Log Subscriptions

Take the URL from the

  • ICID = Incoming Connection ID

  • MID = Message ID

  • RID = Recipient ID

  • DCID = Delivery Connection ID

A couple of things to note for each respective identifier:

  • ICID : a single connection can inject hundreds of messages to dozens of domains

  • MID : every message has a unique message ID that is internal to the ESA

  • RID : unique per message

  • DCID : a single delivery connection ID can be used to deliver multiple unrelated messages to same location

That wraps up this tidbit. Peep more via the <esa> tag. Cheers!


Recent Posts

See All

In this tidbit I want to cover some high level notes on general trustsec items as well as some good-to-knows. A brief overview of what trustsec is: TrustSec provides scalable access controls by uniqu

In this tidbit I will cover some ESA nice-to-know CLI commands & their purposes: > status = view counters/gauges; counters are a total of various events in the system; gauges show current utilization