02-24-2015 05:22 AM
Hi,
What’s good way to get all messages that are rejected based on Size of attachment?
I tried to grep some, but all results are pretty useless.
Solved! Go to Solution.
02-24-2015 06:49 AM
Did you see/try this TechNote:
From the CLI, use grep to find the size of large messages that have processed through the ESA and have been written into the mail logs.
Message size is based on the message headers, the body of the message, and then any attachments associated to the mail message. All three components of the message will total up to comprise the total bytes of that mail message in the mail logs.
myesa.local> grep -i "ready ...... bytes" mail_logs
You should get a listing similar to:
Mon Sep 22 12:31:23 2014 Info: MID 7997803 ready 160670 bytes from <Kong@mycompany.com> Mon Sep 22 12:31:26 2014 Info: MID 7997807 ready 119580 bytes from <JE@mycompany.com> Mon Sep 22 12:31:27 2014 Info: MID 7997809 ready 198130 bytes from <cau@mycompany.com> <<<SNIP FOR BREVITY>>>
Here, we can see the first message returned in the list was sent through with total size of 160670 bytes, or .15 megabytes.
myesa.local> grep -i "ready ....... bytes" mail_logs
You should get a listing similar to:
Mon Sep 22 10:41:58 2014 Info: MID 7988729 ready 10373660 bytes from <Alex.Smith@there.com> Mon Sep 22 11:09:49 2014 Info: MID 7991249 ready 16630923 bytes from <rwitherspoon@domain.com> Mon Sep 22 11:11:21 2014 Info: MID 7991406 ready 12019486 bytes from <cris@mycompany.com> Mon Sep 22 11:15:34 2014 Info: MID 7991666 ready 12116559 bytes from <cris@mycompany.com> <<<SNIP FOR BREVITY>>>
Here, we can see the first message returned in the list was sent through with total size of 10373660 bytes, or 9.9 megabytes.
myesa.local> grep -i "ready ........ bytes" mail_logs
You should get a listing similar to:
Mon Sep 22 07:08:15 2014 Info: MID 7976074 ready 29503682 bytes from <user@webmail.domain.com> Mon Sep 22 08:04:19 2014 Info: MID 7977866 ready 14414288 bytes from <mg@mycompany.com> Mon Sep 22 08:16:09 2014 Info: MID 7978373 ready 34933771 bytes from <dude@lost.com> Mon Sep 22 08:24:32 2014 Info: MID 7978688 ready 10197589 bytes from <here@mycompany.com> Mon Sep 22 08:36:05 2014 Info: MID 7979273 ready 19893615 bytes from <etino@mycompany.com> <<<SNIP FOR BREVITY>>>
Here, we can see the first message returned in the list was sent through with total size of 29503682 bytes, or 28.1 megabytes.
Note: "-i" indicates the the search should be case insensitive.
Note: "." indicates how many characters the search should match. In the above examples, there are 6 periods in the first command, 7 periods in the second command and 8 periods in the third command. For our examples, we are using the matching "." for byte size.
02-24-2015 06:49 AM
Did you see/try this TechNote:
From the CLI, use grep to find the size of large messages that have processed through the ESA and have been written into the mail logs.
Message size is based on the message headers, the body of the message, and then any attachments associated to the mail message. All three components of the message will total up to comprise the total bytes of that mail message in the mail logs.
myesa.local> grep -i "ready ...... bytes" mail_logs
You should get a listing similar to:
Mon Sep 22 12:31:23 2014 Info: MID 7997803 ready 160670 bytes from <Kong@mycompany.com> Mon Sep 22 12:31:26 2014 Info: MID 7997807 ready 119580 bytes from <JE@mycompany.com> Mon Sep 22 12:31:27 2014 Info: MID 7997809 ready 198130 bytes from <cau@mycompany.com> <<<SNIP FOR BREVITY>>>
Here, we can see the first message returned in the list was sent through with total size of 160670 bytes, or .15 megabytes.
myesa.local> grep -i "ready ....... bytes" mail_logs
You should get a listing similar to:
Mon Sep 22 10:41:58 2014 Info: MID 7988729 ready 10373660 bytes from <Alex.Smith@there.com> Mon Sep 22 11:09:49 2014 Info: MID 7991249 ready 16630923 bytes from <rwitherspoon@domain.com> Mon Sep 22 11:11:21 2014 Info: MID 7991406 ready 12019486 bytes from <cris@mycompany.com> Mon Sep 22 11:15:34 2014 Info: MID 7991666 ready 12116559 bytes from <cris@mycompany.com> <<<SNIP FOR BREVITY>>>
Here, we can see the first message returned in the list was sent through with total size of 10373660 bytes, or 9.9 megabytes.
myesa.local> grep -i "ready ........ bytes" mail_logs
You should get a listing similar to:
Mon Sep 22 07:08:15 2014 Info: MID 7976074 ready 29503682 bytes from <user@webmail.domain.com> Mon Sep 22 08:04:19 2014 Info: MID 7977866 ready 14414288 bytes from <mg@mycompany.com> Mon Sep 22 08:16:09 2014 Info: MID 7978373 ready 34933771 bytes from <dude@lost.com> Mon Sep 22 08:24:32 2014 Info: MID 7978688 ready 10197589 bytes from <here@mycompany.com> Mon Sep 22 08:36:05 2014 Info: MID 7979273 ready 19893615 bytes from <etino@mycompany.com> <<<SNIP FOR BREVITY>>>
Here, we can see the first message returned in the list was sent through with total size of 29503682 bytes, or 28.1 megabytes.
Note: "-i" indicates the the search should be case insensitive.
Note: "." indicates how many characters the search should match. In the above examples, there are 6 periods in the first command, 7 periods in the second command and 8 periods in the third command. For our examples, we are using the matching "." for byte size.
02-24-2015 06:59 AM
I am interested in all messages that are rejected, so they are over 25Mb.
Above command is almost good, but I still need better filter. Or is there any command, so I can paginate results and filter in Excel?
If I grep, I only grep last month of data (that is data in mail_logs) but in database I have one year of data. How can I also find that data in database?
02-24-2015 07:01 AM
Sry.
grep is working I just add:
grep -i "ready [2-9][5-9]...... bytes" mail_logs
11-08-2023 05:31 PM
I find that the accepted solution here is incorrect for the exact question. The provided solution only finds accepted messaged of the specified sizes. However, it will NOT find messages that are rejected based on size limitations. For that you need to do:
grep -i "Receiving Failed: Message size exceeds limit" mail_logs
The logging on rejected messages is limited. This will get you the ID of the message. Then you can grep for that and see the ip address and mail server it came from. You won't get any message information like sender or subject or anything. It rejects the connection so it doesn't log anything past that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide